Skip to content

Fix roles/groups select being empty for non-super users #14888

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
mynetx wants to merge 1 commit into from
+107 −4
Closed

Fix roles/groups select being empty for non-super users #14888

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions src/Fieldtypes/UserGroups.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ class UserGroups extends Relationship

protected function authorizeItemData($id): bool
{
return User::current()->can('edit user groups');
return User::current()->can('assign user groups');
}

protected function toItemArray($id, $site = null)
Expand All @@ -35,7 +35,7 @@ protected function toItemArray($id, $site = null)

public function getIndexItems($request)
{
if (! User::current()->can('edit user groups')) {
if (! User::current()->can('assign user groups')) {
return collect();
}

Expand Down
4 changes: 2 additions & 2 deletions src/Fieldtypes/UserRoles.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ class UserRoles extends Relationship

protected function authorizeItemData($id): bool
{
return User::current()->can('edit roles');
return User::current()->can('assign roles');
}

protected function toItemArray($id, $site = null)
Expand Down Expand Up @@ -47,7 +47,7 @@ public function preProcessIndex($data)

public function getIndexItems($request)
{
if (! User::current()->can('edit roles')) {
if (! User::current()->can('assign roles')) {
return collect();
}

Expand Down
53 changes: 53 additions & 0 deletions tests/Fieldtypes/UserGroupsTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
<?php

namespace Tests\Fieldtypes;

use Illuminate\Http\Request;
use PHPUnit\Framework\Attributes\Test;
use Statamic\Facades\User;
use Statamic\Fields\Field;
use Statamic\Fieldtypes\UserGroups;
use Tests\FakesRoles;
use Tests\FakesUserGroups;
use Tests\PreventSavingStacheItemsToDisk;
use Tests\TestCase;

class UserGroupsTest extends TestCase
{
use FakesRoles;
use FakesUserGroups;
use PreventSavingStacheItemsToDisk;

#[Test]
public function it_returns_empty_index_items_without_assign_user_groups_permission()
{
$this->actingAs($this->cpUserWithPermissions(['access cp']));

$items = $this->fieldtype()->getIndexItems(new Request);

$this->assertTrue($items->isEmpty());
}

#[Test]
public function it_returns_groups_in_index_items_with_assign_user_groups_permission()
{
$this->setTestUserGroups(['editors' => []]);
$this->actingAs($this->cpUserWithPermissions(['access cp', 'assign user groups']));

$items = $this->fieldtype()->getIndexItems(new Request);

$this->assertContains('editors', $items->pluck('id'));
}

private function fieldtype()
{
return (new UserGroups)->setField(new Field('test', ['type' => 'user_groups']));
}

private function cpUserWithPermissions(array $permissions)
{
$this->setTestRoles(['test' => $permissions]);

return tap(User::make()->id(uniqid())->assignRole('test'))->save();
}
}
50 changes: 50 additions & 0 deletions tests/Fieldtypes/UserRolesTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
<?php

namespace Tests\Fieldtypes;

use Illuminate\Http\Request;
use PHPUnit\Framework\Attributes\Test;
use Statamic\Facades\User;
use Statamic\Fields\Field;
use Statamic\Fieldtypes\UserRoles;
use Tests\FakesRoles;
use Tests\PreventSavingStacheItemsToDisk;
use Tests\TestCase;

class UserRolesTest extends TestCase
{
use FakesRoles;
use PreventSavingStacheItemsToDisk;

#[Test]
public function it_returns_empty_index_items_without_assign_roles_permission()
{
$this->actingAs($this->cpUserWithPermissions(['access cp']));

$items = $this->fieldtype()->getIndexItems(new Request);

$this->assertTrue($items->isEmpty());
}

#[Test]
public function it_returns_roles_in_index_items_with_assign_roles_permission()
{
$this->actingAs($this->cpUserWithPermissions(['access cp', 'assign roles']));

$items = $this->fieldtype()->getIndexItems(new Request);

$this->assertContains('editor', $items->pluck('id'));
}

private function fieldtype()
{
return (new UserRoles)->setField(new Field('test', ['type' => 'user_roles']));
}

private function cpUserWithPermissions(array $permissions)
{
$this->setTestRoles(['test' => $permissions, 'editor' => []]);

return tap(User::make()->id(uniqid())->assignRole('test'))->save();
}
}
Loading