function it_removes_condition(Permission $permission)
{
$permission->equals($permission)->willReturn(true);
$this->addPermission($permission);
$this->hasPermission($permission)->shouldReturn(true);
$this->removePermission($permission)->shouldReturn($this);
$this->hasPermission($permission)->shouldReturn(false);
}
function it_does_not_match_if_step_role_is_not_granted(Transition $transition, Item $item, Context $context, User $user, Permission $permission, ErrorCollection $errorCollection)
{
$item->isWorkflowStarted()->willReturn(true);
$item->getCurrentStepName()->willReturn('step');
$permission->__toString()->willReturn('workflow/permission');
$user->hasPermission($permission)->willReturn(false);
$errorCollection->addError(Argument::cetera())->shouldBeCalled();
$this->match($transition, $item, $context, $errorCollection)->shouldReturn(false);
}
function it_have_a_permission(Permission $permission)
{
$permission->equals($permission)->willReturn(false);
$this->getPermission()->shouldReturn(null);
$this->hasPermission($permission)->shouldReturn(false);
$permission->equals($permission)->willReturn(true);
$this->setPermission($permission)->shouldReturn($this);
$this->hasPermission($permission)->shouldReturn(true);
$this->getPermission()->shouldReturn($permission);
}
/**
* Consider if permission is assigned to transition.
*
* @param Permission $permission Permission being check.
*
* @return bool
*/
public function hasPermission(Permission $permission)
{
if ($this->permission) {
return $this->permission->equals($permission);
}
return false;
}
/**
* {@inheritdoc}
*/
public function match(Transition $transition, Item $item, Context $context, ErrorCollection $errorCollection)
{
$permission = Permission::forWorkflowName($transition->getWorkflow()->getName(), 'contao-admin');
if ($this->user->hasPermission($permission)) {
return true;
}
return parent::match($transition, $item, $context, $errorCollection);
}
/**
* Get all permissions of a specific workflow.
*
* @param \DataContainer $dataContainer The data container driver.
*
* @return array
*/
public function getWorkflowPermissions($dataContainer)
{
if (!$dataContainer->activeRecord || !$dataContainer->activeRecord->pid) {
return array();
}
$workflow = WorkflowModel::findBy('id', $dataContainer->activeRecord->pid);
$options = array();
if ($workflow) {
$permissions = deserialize($workflow->permissions, true);
foreach ($permissions as $config) {
$permission = WorkflowPermission::forWorkflowName($workflow->name, $config['name']);
$options[(string) $permission] = $config['label'] ?: $config['name'];
}
}
return $options;
}
/**
* Add a permission.
*
* @param string $permissionId The permission id.
* @param string $group Permission group.
*
* @return $this
*/
public function addPermission($permissionId, $group)
{
$this->permissions[$group][] = Permission::forWorkflowName($this->workflowModel->name, $permissionId);
return $this;
}
/**
* Create transitions from database.
*
* @param Workflow $workflow The current workflow.
*
* @throws DefinitionException If a target step is defined which does not exiss.
*
* @return void
*/
private function createTransitions(Workflow $workflow)
{
$collection = TransitionModel::findByWorkflow($workflow->getConfigValue('id'));
if (!$collection) {
return;
}
while ($collection->next()) {
/** @var TransitionModel $model */
$model = $collection->current();
$transition = new Transition($model->name, $model->label, array_merge($collection->row(), array(Definition::SOURCE => Definition::SOURCE_DATABASE)));
if (!isset($this->steps[$model->stepTo])) {
throw new DefinitionException(sprintf('Transition "%s" refers to step "%s" which does not exists.', $transition->getName(), $model->stepTo));
}
$transition->setStepTo($this->steps[$model->stepTo]);
if ($model->limitPermission) {
$transition->setPermission(Permission::fromString($model->permission));
}
$workflow->addTransition($transition);
$event = new CreateTransitionEvent($transition);
$this->getServiceContainer()->getEventDispatcher()->dispatch($event::NAME, $event);
$this->transitions[$model->id] = $transition;
}
}
/**
* Add permission to the role.
*
* @param Role[] $roles Already created roles.
* @param string $roleName The role name.
* @param Permission $permission The permission name.
* @param \User $contaoUser The Contao user.
* @param User $user The security user.
*
* @return Role
*/
private function addPermissionToRole(&$roles, $roleName, Permission $permission, $contaoUser, User $user)
{
$workflow = $permission->getWorkflowName();
if (!isset($roles[$workflow])) {
$role = new Role($roleName, $permission->getWorkflowName(), $this->translateLabel($roleName), array('user' => $contaoUser));
$roles[$workflow] = $role;
$user->assign($role);
}
$roles[$workflow]->addPermission($permission);
return $roles[$workflow];
}
function it_does_not_equals_if_not_the_same_workflow(Permission $permission)
{
$permission->__toString()->willReturn('workflow2:perm');
$this->equals($permission)->shouldReturn(false);
}
