Require group edit role to change user groups

nucleos · Jul 5, 2024 · fdc8427 · fdc8427
1 parent d5eaf87
commit fdc8427
Show file tree

Hide file tree

Showing 6 changed files with 96 additions and 30 deletions.
diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml
@@ -13,7 +13,6 @@ jobs:
     uses: "nucleos/actions/.github/workflows/continuous-integration.yml@main"
     with:
       PHP_EXTENSIONS: "mbstring, json, mongodb"
-      SYMFONY_KERNEL: "Nucleos\\UserAdminBundle\\Tests\\App\\AppKernel"
       SYMFONY_VERSIONS: "6.4,7.0"
     secrets:
       CODECOV_TOKEN: "${{ secrets.CODECOV_TOKEN }}"
diff --git a/phpunit.xml.dist b/phpunit.xml.dist
@@ -3,6 +3,8 @@
   <coverage/>
   <php>
     <env name="SYMFONY_DEPRECATIONS_HELPER" value="max[self]=0"/>
+    <env name="APP_DEBUG" value="false"/>
+    <env name="APP_ENV" value="test"/>
     <env name="KERNEL_CLASS" value="Nucleos\UserAdminBundle\Tests\App\AppKernel"/>
   </php>
   <testsuites>

diff --git a/src/Admin/Model/UserAdmin.php b/src/Admin/Model/UserAdmin.php
@@ -14,6 +14,7 @@
 namespace Nucleos\UserAdminBundle\Admin\Model;
 
 use DomainException;
+use Nucleos\UserAdminBundle\Form\Type\GroupType;
 use Nucleos\UserAdminBundle\Form\Type\RolesMatrixType;
 use Nucleos\UserBundle\Model\LocaleAwareUser;
 use Nucleos\UserBundle\Model\UserInterface;
@@ -24,7 +25,6 @@
 use Sonata\AdminBundle\Datagrid\ListMapper;
 use Sonata\AdminBundle\FieldDescription\FieldDescriptionInterface;
 use Sonata\AdminBundle\Form\FormMapper;
-use Sonata\AdminBundle\Form\Type\ModelType;
 use Sonata\AdminBundle\Show\ShowMapper;
 use Symfony\Component\Form\Extension\Core\Type\LocaleType;
 use Symfony\Component\Form\Extension\Core\Type\TextType;
@@ -152,13 +152,9 @@ protected function configureFormFields(FormMapper $form): void
             ->end()
 
             ->tab('security', ['label' => 'form.group_security'])
-                ->ifTrue($this->isGranted('ROLE_SUPER_ADMIN'))
-                    ->with('groups', ['class' => 'col-md-8', 'label' => 'form.group_groups'])->end()
-                ->ifEnd()
+                ->with('groups', ['class' => 'col-md-8', 'label' => 'form.group_groups'])->end()
                 ->with('status', ['class' => 'col-md-4', 'label' => 'form.group_status'])->end()
-                ->ifTrue($this->isGranted('ROLE_SUPER_ADMIN'))
-                    ->with('roles', ['class' => 'col-md-12', 'label' => 'form.group_roles'])->end()
-                ->ifEnd()
+                ->with('roles', ['class' => 'col-md-12', 'label' => 'form.group_roles'])->end()
             ->end()
         ;
 
@@ -187,23 +183,21 @@ protected function configureFormFields(FormMapper $form): void
                 ->with('status')
                     ->add('enabled', null, ['required' => false])
                 ->end()
-                ->ifTrue($this->isGranted('ROLE_SUPER_ADMIN'))
-                    ->with('groups')
-                        ->add('groups', ModelType::class, [
-                            'required' => false,
-                            'expanded' => true,
-                            'multiple' => true,
-                        ])
-                    ->end()
-                    ->with('roles')
-                        ->add('roles', RolesMatrixType::class, [
-                            'label'    => 'form.label_roles',
-                            'expanded' => true,
-                            'multiple' => true,
-                            'required' => false,
-                        ])
-                    ->end()
-                ->ifEnd()
+                ->with('groups')
+                    ->add('groups', GroupType::class, [
+                        'required' => false,
+                        'expanded' => true,
+                        'multiple' => true,
+                    ])
+                ->end()
+                ->with('roles')
+                    ->add('roles', RolesMatrixType::class, [
+                        'label'    => 'form.label_roles',
+                        'expanded' => true,
+                        'multiple' => true,
+                        'required' => false,
+                    ])
+                ->end()
             ->end()
         ;
     }

diff --git a/src/Form/Type/GroupType.php b/src/Form/Type/GroupType.php
@@ -0,0 +1,67 @@
+<?php
+
+/*
+ * This file is part of the NucleosUserAdminBundle package.
+ *
+ * (c) Christian Gripp <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Nucleos\UserAdminBundle\Form\Type;
+
+use Nucleos\UserBundle\Model\GroupInterface;
+use Nucleos\UserBundle\Model\GroupManager;
+use Sonata\AdminBundle\Admin\AdminInterface;
+use Symfony\Bridge\Doctrine\Form\Type\EntityType;
+use Symfony\Component\Form\AbstractType;
+use Symfony\Component\OptionsResolver\OptionsResolver;
+
+final class GroupType extends AbstractType
+{
+    /**
+     * @var GroupManager<GroupInterface>
+     */
+    private readonly GroupManager $groupManager;
+
+    /**
+     * @var AdminInterface<GroupInterface>
+     */
+    private readonly AdminInterface $groupAdmin;
+
+    /**
+     * @param GroupManager<GroupInterface>   $groupManager
+     * @param AdminInterface<GroupInterface> $groupAdmin
+     */
+    public function __construct(
+        GroupManager $groupManager,
+        AdminInterface $groupAdmin,
+    ) {
+        $this->groupManager = $groupManager;
+        $this->groupAdmin   = $groupAdmin;
+    }
+
+    public function configureOptions(OptionsResolver $resolver): void
+    {
+        $resolver
+            ->setDefaults([
+                'status'   => null,
+                'class'    => $this->groupManager->getClass(),
+                'multiple' => true,
+                'expanded' => true,
+                'disabled' => !$this->isMaster(),
+            ])
+        ;
+    }
+
+    public function getParent(): string
+    {
+        return EntityType::class;
+    }
+
+    private function isMaster(): bool
+    {
+        return $this->groupAdmin->isGranted('EDIT');
+    }
+}
diff --git a/src/Resources/config/admin.php b/src/Resources/config/admin.php
@@ -12,6 +12,7 @@
 namespace Symfony\Component\DependencyInjection\Loader\Configurator;
 
 use Nucleos\UserAdminBundle\Controller\UserCRUDController;
+use Nucleos\UserAdminBundle\Form\Type\GroupType;
 use Nucleos\UserAdminBundle\Form\Type\RolesMatrixType;
 use Nucleos\UserAdminBundle\Form\Type\SecurityRolesType;
 use Nucleos\UserAdminBundle\Security\EditableRolesBuilder;
@@ -66,6 +67,14 @@
                 '%security.role_hierarchy.roles%',
             ])
 
+        ->set(GroupType::class)
+            ->public()
+            ->tag('form.type')
+            ->args([
+                service('nucleos_user.group_manager'),
+                service('nucleos_user_admin.admin.group'),
+            ])
+
         ->set(RolesMatrixType::class)
             ->public()
             ->tag('form.type')

diff --git a/tests/App/AppKernel.php b/tests/App/AppKernel.php
@@ -39,11 +39,6 @@ final class AppKernel extends Kernel
 {
     use MicroKernelTrait;
 
-    public function __construct()
-    {
-        parent::__construct('test', false);
-    }
-
     public function registerBundles(): iterable
     {
         yield new FrameworkBundle();