Browse Source

[CORE][ActorLocalRoles] Improve Roles

experimental
parent
commit
6b1c6f603e
Signed by: diogo <mail@diogo.site> GPG Key ID: 18D2D35001FBFAB0
9 changed files with 29 additions and 18 deletions
  1. +2
    -2
      components/Group/Controller/Group.php
  2. +2
    -2
      config/packages/security.yaml
  3. +3
    -2
      plugins/ActivityPub/Util/Model/Actor.php
  4. +1
    -1
      src/Controller/AdminPanel.php
  5. +3
    -2
      src/Controller/Security.php
  6. +13
    -5
      src/Core/ActorLocalRoles.php
  7. +1
    -0
      src/Core/VisibilityScope.php
  8. +2
    -2
      src/DataFixtures/CoreFixtures.php
  9. +2
    -2
      src/Entity/LocalUser.php

+ 2
- 2
components/Group/Controller/Group.php View File

@@ -23,12 +23,12 @@ declare(strict_types = 1);

namespace Component\Group\Controller;

use App\Core\ActorLocalRoles;
use App\Core\Cache;
use App\Core\DB\DB;
use App\Core\Form;
use function App\Core\I18n\_m;
use App\Core\Log;
use App\Core\UserRoles;
use App\Entity as E;
use App\Util\Common;
use App\Util\Exception\ClientException;
@@ -151,7 +151,7 @@ class Group extends FeedController
'nickname' => $nickname,
'type' => E\Actor::GROUP,
'is_local' => true,
'roles' => UserRoles::BOT,
'roles' => ActorLocalRoles::VISITOR, // Can send direct messages to other actors
]));
DB::persist(LocalGroup::create([
'group_id' => $group->getId(),


+ 2
- 2
config/packages/security.yaml View File

@@ -51,5 +51,5 @@ security:
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/settings, roles: ROLE_USER }
- { path: ^/admin, roles: ROLE_OPERATOR }
- { path: ^/settings, roles: ROLE_VISITOR }

+ 3
- 2
plugins/ActivityPub/Util/Model/Actor.php View File

@@ -33,13 +33,13 @@ declare(strict_types = 1);
namespace Plugin\ActivityPub\Util\Model;

use ActivityPhp\Type\AbstractObject;
use App\Core\ActorLocalRoles;
use App\Core\DB\DB;
use App\Core\Event;
use App\Core\GSFile;
use App\Core\HTTPClient;
use App\Core\Log;
use App\Core\Router\Router;
use App\Core\UserRoles;
use App\Entity\Actor as GSActor;
use App\Util\Exception\ServerException;
use App\Util\Formatting;
@@ -93,7 +93,8 @@ class Actor extends Model
'bio' => $person->get('summary'),
'is_local' => false, // duh!
'type' => self::$_as2_actor_type_to_gs_actor_type[$person->get('type')],
'roles' => UserRoles::USER,
// TODO: Operator may prefer users to start with Visitor and then have them being manually promoted
'roles' => ActorLocalRoles::PARTICIPANT | ActorLocalRoles::VISITOR, // Can view and participate
'modified' => new DateTime(),
];



+ 1
- 1
src/Controller/AdminPanel.php View File

@@ -54,7 +54,7 @@ class AdminPanel extends Controller
*/
public function site(Request $request)
{
$this->denyAccessUnlessGranted('ROLE_ADMIN');
$this->denyAccessUnlessGranted('ROLE_OPERATOR');
$defaults = Common::getConfigDefaults();
$options = [];
foreach ($defaults as $key => $inner) {


+ 3
- 2
src/Controller/Security.php View File

@@ -4,13 +4,13 @@ declare(strict_types = 1);

namespace App\Controller;

use App\Core\ActorLocalRoles;
use App\Core\Controller;
use App\Core\DB\DB;
use App\Core\Event;
use App\Core\Form;
use function App\Core\I18n\_m;
use App\Core\Log;
use App\Core\UserRoles;
use App\Entity\Actor;
use App\Entity\Feed;
use App\Entity\LocalUser;
@@ -152,7 +152,8 @@ class Security extends Controller
'nickname' => $nickname,
'is_local' => true,
'type' => Actor::PERSON,
'roles' => UserRoles::USER,
// TODO: Operator may prefer users to start with Visitor and then have them being manually promoted
'roles' => ActorLocalRoles::PARTICIPANT | ActorLocalRoles::VISITOR, // Can view and participate
]);
$user = LocalUser::create([
'nickname' => $nickname,


src/Core/UserRoles.php → src/Core/ActorLocalRoles.php View File

@@ -34,12 +34,20 @@ namespace App\Core;

use App\Util\Bitmap;

class UserRoles extends Bitmap
// The domain of this Bitmap are Actors
// TODO: role permissions configuration and sandbox system, probably an AffiliationPlugin
class ActorLocalRoles extends Bitmap
{
public const ADMIN = 1;
public const MODERATOR = 2;
public const USER = 4;
public const BOT = 8;
// No permissions at all
public const NONE = 0;
// Can view and direct messages
public const VISITOR = 1;
// Can Participate
public const PARTICIPANT = 2;
// Privileged Access
public const MODERATOR = 4;
// System Administrator
public const OPERATOR = 8;

public const PREFIX = 'ROLE_';
}

+ 1
- 0
src/Core/VisibilityScope.php View File

@@ -21,6 +21,7 @@ declare(strict_types = 1);

namespace App\Core;

// The domain of this enum are Objects
enum VisibilityScope: int // having an int is just convenient
{
case EVERYWHERE = 1; // Can be shown everywhere (default)


+ 2
- 2
src/DataFixtures/CoreFixtures.php View File

@@ -4,7 +4,7 @@ declare(strict_types = 1);

namespace App\DataFixtures;

use App\Core\UserRoles;
use App\Core\ActorLocalRoles;
use App\Core\VisibilityScope;
use App\Entity\Actor;
use App\Entity\LocalUser;
@@ -25,7 +25,7 @@ class CoreFixtures extends Fixture
foreach ([
'taken_user' => [LocalUser::class, 'setId', ['password' => LocalUser::hashPassword('foobar'), 'outgoing_email' => 'email@provider'], []],
'some_user' => [LocalUser::class, 'setId', [], []],
'admin' => [LocalUser::class, 'setId', [], ['roles' => UserRoles::ADMIN | UserRoles::USER]],
'admin' => [LocalUser::class, 'setId', [], ['roles' => ActorLocalRoles::OPERATOR | ActorLocalRoles::MODERATOR | ActorLocalRoles::PARTICIPANT | ActorLocalRoles::VISITOR]],
'local_user_test_user' => [LocalUser::class, 'setId', ['password' => LocalUser::hashPassword('foobar')], []],
'form_personal_info_test_user' => [LocalUser::class, 'setId', [], []],
'form_account_test_user' => [LocalUser::class, 'setId', ['password' => LocalUser::hashPassword('some password')], []],


+ 2
- 2
src/Entity/LocalUser.php View File

@@ -26,7 +26,7 @@ namespace App\Entity;
use App\Core\Cache;
use App\Core\DB\DB;
use App\Core\Entity;
use App\Core\UserRoles;
use App\Core\ActorLocalRoles;
use App\Util\Common;
use App\Util\Exception\NicknameEmptyException;
use App\Util\Exception\NicknameException;
@@ -379,7 +379,7 @@ class LocalUser extends Entity implements UserInterface, PasswordAuthenticatedUs
*/
public function getRoles()
{
return UserRoles::toArray($this->getActor()->getRoles());
return ActorLocalRoles::toArray($this->getActor()->getRoles());
}

public static function cacheKeys(mixed $identifier): array


Loading…
Cancel
Save