[CORE][ActorLocalRoles] Improve Roles
This commit is contained in:
parent
5f243f68be
commit
6b1c6f603e
GPG Key ID:
18D2D35001FBFAB0
|
|
@ -23,12 +23,12 @@ declare(strict_types = 1);
|
||||||
|
|
||||||
namespace Component\Group\Controller;
|
namespace Component\Group\Controller;
|
||||||
|
|
||||||
|
use App\Core\ActorLocalRoles;
|
||||||
use App\Core\Cache;
|
use App\Core\Cache;
|
||||||
use App\Core\DB\DB;
|
use App\Core\DB\DB;
|
||||||
use App\Core\Form;
|
use App\Core\Form;
|
||||||
use function App\Core\I18n\_m;
|
use function App\Core\I18n\_m;
|
||||||
use App\Core\Log;
|
use App\Core\Log;
|
||||||
use App\Core\UserRoles;
|
|
||||||
use App\Entity as E;
|
use App\Entity as E;
|
||||||
use App\Util\Common;
|
use App\Util\Common;
|
||||||
use App\Util\Exception\ClientException;
|
use App\Util\Exception\ClientException;
|
||||||
|
|
@ -151,7 +151,7 @@ class Group extends FeedController
|
||||||
'nickname' => $nickname,
|
'nickname' => $nickname,
|
||||||
'type' => E\Actor::GROUP,
|
'type' => E\Actor::GROUP,
|
||||||
'is_local' => true,
|
'is_local' => true,
|
||||||
'roles' => UserRoles::BOT,
|
'roles' => ActorLocalRoles::VISITOR, // Can send direct messages to other actors
|
||||||
]));
|
]));
|
||||||
DB::persist(LocalGroup::create([
|
DB::persist(LocalGroup::create([
|
||||||
'group_id' => $group->getId(),
|
'group_id' => $group->getId(),
|
||||||
|
|
|
||||||
|
|
@ -51,5 +51,5 @@ security:
|
||||||
# Easy way to control access for large sections of your site
|
# Easy way to control access for large sections of your site
|
||||||
# Note: Only the *first* access control that matches will be used
|
# Note: Only the *first* access control that matches will be used
|
||||||
access_control:
|
access_control:
|
||||||
- { path: ^/admin, roles: ROLE_ADMIN }
|
- { path: ^/admin, roles: ROLE_OPERATOR }
|
||||||
- { path: ^/settings, roles: ROLE_USER }
|
- { path: ^/settings, roles: ROLE_VISITOR }
|
||||||
|
|
|
||||||
|
|
@ -33,13 +33,13 @@ declare(strict_types = 1);
|
||||||
namespace Plugin\ActivityPub\Util\Model;
|
namespace Plugin\ActivityPub\Util\Model;
|
||||||
|
|
||||||
use ActivityPhp\Type\AbstractObject;
|
use ActivityPhp\Type\AbstractObject;
|
||||||
|
use App\Core\ActorLocalRoles;
|
||||||
use App\Core\DB\DB;
|
use App\Core\DB\DB;
|
||||||
use App\Core\Event;
|
use App\Core\Event;
|
||||||
use App\Core\GSFile;
|
use App\Core\GSFile;
|
||||||
use App\Core\HTTPClient;
|
use App\Core\HTTPClient;
|
||||||
use App\Core\Log;
|
use App\Core\Log;
|
||||||
use App\Core\Router\Router;
|
use App\Core\Router\Router;
|
||||||
use App\Core\UserRoles;
|
|
||||||
use App\Entity\Actor as GSActor;
|
use App\Entity\Actor as GSActor;
|
||||||
use App\Util\Exception\ServerException;
|
use App\Util\Exception\ServerException;
|
||||||
use App\Util\Formatting;
|
use App\Util\Formatting;
|
||||||
|
|
@ -93,7 +93,8 @@ class Actor extends Model
|
||||||
'bio' => $person->get('summary'),
|
'bio' => $person->get('summary'),
|
||||||
'is_local' => false, // duh!
|
'is_local' => false, // duh!
|
||||||
'type' => self::$_as2_actor_type_to_gs_actor_type[$person->get('type')],
|
'type' => self::$_as2_actor_type_to_gs_actor_type[$person->get('type')],
|
||||||
'roles' => UserRoles::USER,
|
// TODO: Operator may prefer users to start with Visitor and then have them being manually promoted
|
||||||
|
'roles' => ActorLocalRoles::PARTICIPANT | ActorLocalRoles::VISITOR, // Can view and participate
|
||||||
'modified' => new DateTime(),
|
'modified' => new DateTime(),
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -54,7 +54,7 @@ class AdminPanel extends Controller
|
||||||
*/
|
*/
|
||||||
public function site(Request $request)
|
public function site(Request $request)
|
||||||
{
|
{
|
||||||
$this->denyAccessUnlessGranted('ROLE_ADMIN');
|
$this->denyAccessUnlessGranted('ROLE_OPERATOR');
|
||||||
$defaults = Common::getConfigDefaults();
|
$defaults = Common::getConfigDefaults();
|
||||||
$options = [];
|
$options = [];
|
||||||
foreach ($defaults as $key => $inner) {
|
foreach ($defaults as $key => $inner) {
|
||||||
|
|
|
||||||
|
|
@ -4,13 +4,13 @@ declare(strict_types = 1);
|
||||||
|
|
||||||
namespace App\Controller;
|
namespace App\Controller;
|
||||||
|
|
||||||
|
use App\Core\ActorLocalRoles;
|
||||||
use App\Core\Controller;
|
use App\Core\Controller;
|
||||||
use App\Core\DB\DB;
|
use App\Core\DB\DB;
|
||||||
use App\Core\Event;
|
use App\Core\Event;
|
||||||
use App\Core\Form;
|
use App\Core\Form;
|
||||||
use function App\Core\I18n\_m;
|
use function App\Core\I18n\_m;
|
||||||
use App\Core\Log;
|
use App\Core\Log;
|
||||||
use App\Core\UserRoles;
|
|
||||||
use App\Entity\Actor;
|
use App\Entity\Actor;
|
||||||
use App\Entity\Feed;
|
use App\Entity\Feed;
|
||||||
use App\Entity\LocalUser;
|
use App\Entity\LocalUser;
|
||||||
|
|
@ -152,7 +152,8 @@ class Security extends Controller
|
||||||
'nickname' => $nickname,
|
'nickname' => $nickname,
|
||||||
'is_local' => true,
|
'is_local' => true,
|
||||||
'type' => Actor::PERSON,
|
'type' => Actor::PERSON,
|
||||||
'roles' => UserRoles::USER,
|
// TODO: Operator may prefer users to start with Visitor and then have them being manually promoted
|
||||||
|
'roles' => ActorLocalRoles::PARTICIPANT | ActorLocalRoles::VISITOR, // Can view and participate
|
||||||
]);
|
]);
|
||||||
$user = LocalUser::create([
|
$user = LocalUser::create([
|
||||||
'nickname' => $nickname,
|
'nickname' => $nickname,
|
||||||
|
|
|
||||||
|
|
@ -34,12 +34,20 @@ namespace App\Core;
|
||||||
|
|
||||||
use App\Util\Bitmap;
|
use App\Util\Bitmap;
|
||||||
|
|
||||||
class UserRoles extends Bitmap
|
// The domain of this Bitmap are Actors
|
||||||
|
// TODO: role permissions configuration and sandbox system, probably an AffiliationPlugin
|
||||||
|
class ActorLocalRoles extends Bitmap
|
||||||
{
|
{
|
||||||
public const ADMIN = 1;
|
// No permissions at all
|
||||||
public const MODERATOR = 2;
|
public const NONE = 0;
|
||||||
public const USER = 4;
|
// Can view and direct messages
|
||||||
public const BOT = 8;
|
public const VISITOR = 1;
|
||||||
|
// Can Participate
|
||||||
|
public const PARTICIPANT = 2;
|
||||||
|
// Privileged Access
|
||||||
|
public const MODERATOR = 4;
|
||||||
|
// System Administrator
|
||||||
|
public const OPERATOR = 8;
|
||||||
|
|
||||||
public const PREFIX = 'ROLE_';
|
public const PREFIX = 'ROLE_';
|
||||||
}
|
}
|
||||||
|
|
@ -21,6 +21,7 @@ declare(strict_types = 1);
|
||||||
|
|
||||||
namespace App\Core;
|
namespace App\Core;
|
||||||
|
|
||||||
|
// The domain of this enum are Objects
|
||||||
enum VisibilityScope: int // having an int is just convenient
|
enum VisibilityScope: int // having an int is just convenient
|
||||||
{
|
{
|
||||||
case EVERYWHERE = 1; // Can be shown everywhere (default)
|
case EVERYWHERE = 1; // Can be shown everywhere (default)
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@ declare(strict_types = 1);
|
||||||
|
|
||||||
namespace App\DataFixtures;
|
namespace App\DataFixtures;
|
||||||
|
|
||||||
use App\Core\UserRoles;
|
use App\Core\ActorLocalRoles;
|
||||||
use App\Core\VisibilityScope;
|
use App\Core\VisibilityScope;
|
||||||
use App\Entity\Actor;
|
use App\Entity\Actor;
|
||||||
use App\Entity\LocalUser;
|
use App\Entity\LocalUser;
|
||||||
|
|
@ -25,7 +25,7 @@ class CoreFixtures extends Fixture
|
||||||
foreach ([
|
foreach ([
|
||||||
'taken_user' => [LocalUser::class, 'setId', ['password' => LocalUser::hashPassword('foobar'), 'outgoing_email' => 'email@provider'], []],
|
'taken_user' => [LocalUser::class, 'setId', ['password' => LocalUser::hashPassword('foobar'), 'outgoing_email' => 'email@provider'], []],
|
||||||
'some_user' => [LocalUser::class, 'setId', [], []],
|
'some_user' => [LocalUser::class, 'setId', [], []],
|
||||||
'admin' => [LocalUser::class, 'setId', [], ['roles' => UserRoles::ADMIN | UserRoles::USER]],
|
'admin' => [LocalUser::class, 'setId', [], ['roles' => ActorLocalRoles::OPERATOR | ActorLocalRoles::MODERATOR | ActorLocalRoles::PARTICIPANT | ActorLocalRoles::VISITOR]],
|
||||||
'local_user_test_user' => [LocalUser::class, 'setId', ['password' => LocalUser::hashPassword('foobar')], []],
|
'local_user_test_user' => [LocalUser::class, 'setId', ['password' => LocalUser::hashPassword('foobar')], []],
|
||||||
'form_personal_info_test_user' => [LocalUser::class, 'setId', [], []],
|
'form_personal_info_test_user' => [LocalUser::class, 'setId', [], []],
|
||||||
'form_account_test_user' => [LocalUser::class, 'setId', ['password' => LocalUser::hashPassword('some password')], []],
|
'form_account_test_user' => [LocalUser::class, 'setId', ['password' => LocalUser::hashPassword('some password')], []],
|
||||||
|
|
|
||||||
|
|
@ -26,7 +26,7 @@ namespace App\Entity;
|
||||||
use App\Core\Cache;
|
use App\Core\Cache;
|
||||||
use App\Core\DB\DB;
|
use App\Core\DB\DB;
|
||||||
use App\Core\Entity;
|
use App\Core\Entity;
|
||||||
use App\Core\UserRoles;
|
use App\Core\ActorLocalRoles;
|
||||||
use App\Util\Common;
|
use App\Util\Common;
|
||||||
use App\Util\Exception\NicknameEmptyException;
|
use App\Util\Exception\NicknameEmptyException;
|
||||||
use App\Util\Exception\NicknameException;
|
use App\Util\Exception\NicknameException;
|
||||||
|
|
@ -379,7 +379,7 @@ class LocalUser extends Entity implements UserInterface, PasswordAuthenticatedUs
|
||||||
*/
|
*/
|
||||||
public function getRoles()
|
public function getRoles()
|
||||||
{
|
{
|
||||||
return UserRoles::toArray($this->getActor()->getRoles());
|
return ActorLocalRoles::toArray($this->getActor()->getRoles());
|
||||||
}
|
}
|
||||||
|
|
||||||
public static function cacheKeys(mixed $identifier): array
|
public static function cacheKeys(mixed $identifier): array
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue