search

JoomGalleryfriends / JG4-dev

Development repository for JoomGallery v4.x
GNU General Public License v3.0
10 stars 6 forks source link

Access service #104

Closed Elfangor93 closed 1 year ago

Elfangor93 commented 1 year ago

What is this service for

The Access service will be used to extend the default ACL logic of Joomla core in order to allow checks against inown and own access rules. Inown and own access rules are used in JoomGallery to manage ACL exceptions. For example, a user may perform a certain task within an asset of which he is the creator (owner), even if this task is generally forbidden for him.

How to use this service

You can load the service anywhere in Joomla by doing

$component = Factory::getApplication()->bootComponent('com_joomgallery');  // boot JoomGallery component
$component->createAccess();   // instantiate the service
$acl = $component->getAccess();   // load the service into your scope
$acl->setUser(<userID>); // perform checks against a specified user. If no user is set the current user will be used.
$res = $acl->checkACL(<action>, <asset>, <ID>); // check if the user is permitted to perform <action> on <asset> with the ID <ID>

The following actions are available: add, admin, delete, edit, editstate, manage

The following assets are available: image, category, tag, config

How to test the service

Make sure "Debug System" is "Yes" in Joomla Global configuration. Open the file /administrator/com_joomgallery/src/View/Faulties/HtmlView.php and insert the following code on line 62 after throw new \Exception(implode("\n", $errors)); }

Different test instructions see comments below...

Elfangor93 commented 1 year ago

Test Methodology

\: User ID (integer) - Choose a user for which to perform the ACL checks \: The action you want to perform the ACL check (string) \: The asset for which you want to perform the ACL check (optional, string, default: "") \: The id of the asset (optional, integer, default: 0)

$this->component->createAccess();
$acl = $this->component->getAccess();
$acl->setUser(<USERID>); // optional
$res = $acl->checkACL(<ACTION>,<ASSET>, <ID>);
dump($res);

Test Instructions

  1. Apply the the code from above as described in the first comment.

  2. Prepare component and settings

    • Create a user (additional to the Super user)
    • Create a category (additional to default category)
    • Create at least one asset each (image, category, tag, config-set)
    • Apply permission options accordingly
      • Global component permission options
      • Category permission options
      • Asset permission options

  3. Perform the test by reloading the maintenance view and check if the output is correct. false: permission denied true: permission accepted

szepty-ziemi commented 1 year ago

Not directly related with feature test, but while uploading file to create test date I get an error: obraz

Installed zip from acl-apply branch. @Elfangor93 please advise.

Elfangor93 commented 1 year ago

@szepty-ziemi You are right here are some major error which I have no clue where they come from. I created a new PR (#113) containing the same code changes as this one, but without messed up code ;-)