PS-690 coll share (#467)

* PS-691 databox - fix js on date range filter * PS-693 add clear method to workflow doctrine state cache
alchemy-fr · Oct 23, 2024 · 8526487 · 8526487
1 parent 2e1cfa0
commit 8526487
Show file tree

Hide file tree

Showing 78 changed files with 2,972 additions and 1,530 deletions.
diff --git a/databox/api/src/Api/Model/Output/ShareAlternateUrlOutput.php b/databox/api/src/Api/Model/Output/ShareAlternateUrlOutput.php
@@ -11,8 +11,7 @@ public function __construct(
         private string $name,
         private string $url,
         private ?string $type,
-    )
-    {
+    ) {
     }
 
     #[Groups([Share::GROUP_READ])]

diff --git a/databox/api/src/Api/OutputTransformer/CollectionOutputTransformer.php b/databox/api/src/Api/OutputTransformer/CollectionOutputTransformer.php
@@ -21,7 +21,7 @@ class CollectionOutputTransformer implements OutputTransformerInterface
     use GroupsHelperTrait;
     use UserOutputTransformerTrait;
     use SecurityAwareTrait;
-    final public const COLLECTION_CACHE_NS = 'coll_visibility';
+    final public const string COLLECTION_CACHE_NS = 'coll_visibility';
 
     public function __construct(
         private readonly CollectionSearch $collectionSearch,
@@ -71,9 +71,8 @@ public function transform($data, string $outputClass, array &$context = []): obj
             }
 
             $key = sprintf(AbstractObjectNormalizer::DEPTH_KEY_PATTERN, $output::class, 'children');
-            $maxDepth = $this->hasGroup(Collection::GROUP_2LEVEL_CHILDREN, $context) ? 2 : 1;
             $depth = $context[$key] ?? 0;
-            if ($depth < $maxDepth) {
+            if ($depth < 1) {
                 if (false !== $data->getHasChildren()) {
                     $collections = $this->collectionSearch->search($context['userId'], $context['groupIds'], [
                         'parent' => $data->getId(),

diff --git a/databox/api/src/Api/Provider/ShareReadProvider.php b/databox/api/src/Api/Provider/ShareReadProvider.php
@@ -55,10 +55,10 @@ public function provideShare(Share $item): Share
                 $item->alternateUrls[] = new ShareAlternateUrlOutput(
                     $definition->getName(),
                     $this->urlGenerator->generate('share_public_rendition', [
-                    'id' => $item->getId(),
-                    'rendition' => $definition->getId(),
-                    'token' => $item->getToken(),
-                ], UrlGeneratorInterface::ABS_URL),
+                        'id' => $item->getId(),
+                        'rendition' => $definition->getId(),
+                        'token' => $item->getToken(),
+                    ], UrlGeneratorInterface::ABS_URL),
                     $rendition->getFile()->getType(),
                 );
             }

diff --git a/databox/api/src/Api/Provider/ShareRenditionProvider.php b/databox/api/src/Api/Provider/ShareRenditionProvider.php
@@ -52,7 +52,6 @@ public function provide(Operation $operation, array $uriVariables = [], array $c
             'createdAt' => 'DESC',
         ]);
 
-
         if (null !== $file = $rendition?->getFile()) {
             return new RedirectResponse($this->fileUrlResolver->resolveUrl($file));
         }

diff --git a/databox/api/src/Attribute/Type/DateTimeAttributeType.php b/databox/api/src/Attribute/Type/DateTimeAttributeType.php
@@ -43,16 +43,20 @@ public function getGroupValueLabel($value): ?string
 
     public function createFilterQuery(string $field, $value): AbstractQuery
     {
-        $startFloor = (new \DateTimeImmutable())
-            ->setTimestamp((int) $value[0]);
+        $criteria = [];
+        if (null !== $value[0]) {
+            $criteria['gte'] = (new \DateTimeImmutable())
+                ->setTimestamp((int) $value[0])
+                    ->getTimestamp() * 1000;
+        }
 
-        $endCeil = (new \DateTimeImmutable())
-            ->setTimestamp((int) $value[1]);
+        if (null !== $value[1]) {
+            $criteria['lte'] = (new \DateTimeImmutable())
+                ->setTimestamp((int) $value[1])
+                    ->getTimestamp() * 1000;
+        }
 
-        return new Range($field, [
-            'gte' => $startFloor->getTimestamp() * 1000,
-            'lte' => $endCeil->getTimestamp() * 1000,
-        ]);
+        return new Range($field, $criteria);
     }
 
     public function getFacetType(): string

diff --git a/databox/api/src/Controller/Admin/AssetCrudController.php b/databox/api/src/Controller/Admin/AssetCrudController.php
@@ -68,7 +68,7 @@ public function triggerIngest(AdminContext $context): Response
                 WorkflowState::INITIATOR_ID => $user->getId(),
             ]);
 
-        return $this->redirect($context->getReferrer());
+        return $this->returnToReferer($context);
     }
 
     public function configureCrud(Crud $crud): Crud

diff --git a/databox/api/src/Controller/Admin/AssetDataTemplateCrudController.php b/databox/api/src/Controller/Admin/AssetDataTemplateCrudController.php
@@ -12,7 +12,6 @@
 use EasyCorp\Bundle\EasyAdminBundle\Config\Filters;
 use EasyCorp\Bundle\EasyAdminBundle\Field\AssociationField;
 use EasyCorp\Bundle\EasyAdminBundle\Field\BooleanField;
-use EasyCorp\Bundle\EasyAdminBundle\Field\CollectionField;
 use EasyCorp\Bundle\EasyAdminBundle\Field\DateTimeField;
 use EasyCorp\Bundle\EasyAdminBundle\Field\TextField;
 use EasyCorp\Bundle\EasyAdminBundle\Filter\DateTimeFilter;

diff --git a/databox/api/src/Controller/Admin/JobStateCrudController.php b/databox/api/src/Controller/Admin/JobStateCrudController.php
@@ -21,6 +21,7 @@
 use EasyCorp\Bundle\EasyAdminBundle\Field\TextField;
 use EasyCorp\Bundle\EasyAdminBundle\Filter\ChoiceFilter;
 use EasyCorp\Bundle\EasyAdminBundle\Filter\DateTimeFilter;
+use EasyCorp\Bundle\EasyAdminBundle\Router\AdminUrlGenerator;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 
 class JobStateCrudController extends AbstractAdminCrudController
@@ -63,7 +64,7 @@ public function retryJob(AdminContext $context): RedirectResponse
         $jobState = $context->getEntity()->getInstance();
         $this->workflowOrchestrator->retryFailedJobs($jobState->getWorkflow()->getId(), $jobState->getJobState()->getJobId());
 
-        return new RedirectResponse($context->getReferrer());
+        return $this->returnToReferer($context);
     }
 
     public function cancelJob(AdminContext $context): RedirectResponse
@@ -72,7 +73,7 @@ public function cancelJob(AdminContext $context): RedirectResponse
         $jobState = $context->getEntity()->getInstance();
         $this->workflowOrchestrator->cancelWorkflow($jobState->getWorkflow()->getId());
 
-        return new RedirectResponse($context->getReferrer());
+        return $this->returnToReferer($context);
     }
 
     public function rerunJob(AdminContext $context): RedirectResponse
@@ -81,7 +82,7 @@ public function rerunJob(AdminContext $context): RedirectResponse
         $jobState = $context->getEntity()->getInstance();
         $this->workflowOrchestrator->rerunJobs($jobState->getWorkflow()->getId(), $jobState->getJobState()->getJobId());
 
-        return new RedirectResponse($context->getReferrer());
+        return $this->returnToReferer($context);
     }
 
     public function configureCrud(Crud $crud): Crud

diff --git a/databox/api/src/Controller/Admin/WorkflowStateCrudController.php b/databox/api/src/Controller/Admin/WorkflowStateCrudController.php
@@ -40,7 +40,7 @@ public function cancelWorkflow(AdminContext $context): RedirectResponse
         $workflowState = $context->getEntity()->getInstance();
         $this->workflowOrchestrator->cancelWorkflow($workflowState->getId());
 
-        return new RedirectResponse($context->getReferrer());
+        return $this->returnToReferer($context);
     }
 
     public function configureActions(Actions $actions): Actions

diff --git a/databox/api/src/Elasticsearch/Facet/CollectionFacet.php b/databox/api/src/Elasticsearch/Facet/CollectionFacet.php
@@ -104,6 +104,10 @@ private function normalizeCollectionPath(string $path): ?string
             $pColl = $pColl->getParent();
         }
 
+        if (empty($levels)) {
+            return null;
+        }
+
         return implode(' / ', array_reverse($levels));
     }
 }
diff --git a/databox/api/src/Elasticsearch/Listener/CollectionPostTransformListener.php b/databox/api/src/Elasticsearch/Listener/CollectionPostTransformListener.php
@@ -26,7 +26,7 @@ public function hydrateDocument(PostTransformEvent $event): void
 
         $document = $event->getDocument();
 
-        $bestPrivacy = $collection->getBestPrivacyInParentHierarchy();
+        $bestPrivacy = $collection->getPrivacy();
 
         $users = $this->permissionManager->getAllowedUsers($collection, PermissionInterface::VIEW);
         $groups = $this->permissionManager->getAllowedGroups($collection, PermissionInterface::VIEW);
@@ -35,21 +35,35 @@ public function hydrateDocument(PostTransformEvent $event): void
         $nlUsers = $users;
         $nlGroups = $groups;
 
-        if (!in_array(null, $users, true)) {
-            $parent = $collection->getParent();
-            while (null !== $parent) {
-                $users = array_merge($users, $this->permissionManager->getAllowedUsers($parent, PermissionInterface::VIEW));
-                if (in_array(null, $users, true)) {
-                    break;
-                }
+        $parent = $collection->getParent();
+        while (null !== $parent) {
+            $bestPrivacy = max($bestPrivacy, $parent->getPrivacy());
+            if ($bestPrivacy >= WorkspaceItemPrivacyInterface::PUBLIC_FOR_USERS) {
+                $nlUsers = [];
+                $nlGroups = [];
+                break;
+            }
+
+            $parentUsers = $this->permissionManager->getAllowedUsers($parent, PermissionInterface::VIEW);
+            $users = array_merge($users, $parentUsers);
+            $nlUsers = array_diff($nlUsers, $parentUsers);
 
-                $groups = array_merge($groups, $this->permissionManager->getAllowedGroups($parent, PermissionInterface::VIEW));
-                $parent = $parent->getParent();
+            if (in_array(null, $users, true)) {
+                $nlUsers = [];
+                $nlGroups = [];
+                $bestPrivacy = max($bestPrivacy, WorkspaceItemPrivacyInterface::PUBLIC_FOR_USERS);
+                break;
             }
+
+            $parentGroups = $this->permissionManager->getAllowedGroups($parent, PermissionInterface::VIEW);
+            $groups = array_merge($groups, $parentGroups);
+            $nlGroups = array_diff($nlGroups, $parentGroups);
+
+            $parent = $parent->getParent();
         }
 
         if (in_array(null, $users, true)) {
-            $users = ['*'];
+            $users = [];
             $groups = [];
             $bestPrivacy = max($bestPrivacy, WorkspaceItemPrivacyInterface::PUBLIC_FOR_USERS);
         }

diff --git a/databox/api/src/Entity/Core/Collection.php b/databox/api/src/Entity/Core/Collection.php
@@ -46,7 +46,10 @@
     operations: [
         new Get(
             normalizationContext: [
-                'groups' => [self::GROUP_READ],
+                'groups' => [
+                    self::GROUP_READ,
+                    self::GROUP_ABSOLUTE_TITLE,
+                ],
             ],
             security: 'is_granted("'.AbstractVoter::LIST.'", object)'
         ),
@@ -82,7 +85,6 @@
         'groups' => [
             self::GROUP_LIST,
             self::GROUP_CHILDREN,
-            self::GROUP_2LEVEL_CHILDREN,
         ],
     ],
     input: CollectionInput::class,
@@ -103,11 +105,10 @@ class Collection extends AbstractUuidEntity implements SoftDeleteableInterface,
     use LocaleTrait;
     use WorkspacePrivacyTrait;
 
-    final public const GROUP_READ = 'coll:read';
-    final public const GROUP_LIST = 'coll:index';
-    final public const GROUP_CHILDREN = 'coll:ic';
-    final public const GROUP_2LEVEL_CHILDREN = 'coll:2lc';
-    final public const GROUP_ABSOLUTE_TITLE = 'coll:absTitle';
+    final public const string GROUP_READ = 'coll:read';
+    final public const string GROUP_LIST = 'coll:index';
+    final public const string GROUP_CHILDREN = 'coll:ic';
+    final public const string GROUP_ABSOLUTE_TITLE = 'coll:absTitle';
 
     #[ORM\Column(type: Types::STRING, length: 255, nullable: true)]
     private ?string $title = null;
@@ -241,7 +242,7 @@ private function computePrivacyRoots(): array
     {
         $roots = [];
         for ($i = WorkspaceItemPrivacyInterface::PRIVATE_IN_WORKSPACE; $i <= WorkspaceItemPrivacyInterface::PUBLIC; ++$i) {
-            $roots[$i] = $this->privacy === $i;
+            $roots[$i] = $this->privacy >= $i;
         }
 
         if (null !== $this->parent) {

diff --git a/databox/api/src/Security/Voter/AbstractVoter.php b/databox/api/src/Security/Voter/AbstractVoter.php
@@ -22,6 +22,8 @@ abstract class AbstractVoter extends Voter
     final public const EDIT = 'EDIT';
     final public const DELETE = 'DELETE';
     final public const EDIT_PERMISSIONS = 'EDIT_PERMISSIONS';
+    final public const OPERATOR = 'OPERATOR';
+    final public const OWNER = 'OWNER';
 
     protected EntityManagerInterface $em;
     protected Security $security;

diff --git a/databox/api/src/Security/Voter/AssetVoter.php b/databox/api/src/Security/Voter/AssetVoter.php
@@ -57,17 +57,17 @@ protected function voteOnAttribute(string $attribute, $subject, TokenInterface $
                 return $isOwner()
                     || $this->security->isGranted(self::SCOPE_PREFIX.'EDIT')
                     || $this->hasAcl(PermissionInterface::OPERATOR, $subject, $token)
-                    || $this->containerHasAcl($subject, PermissionInterface::OPERATOR, $token);
+                    || $this->voteOnContainer($subject, AbstractVoter::OPERATOR);
             case self::EDIT_ATTRIBUTES:
                 return $isOwner()
                     || $this->security->isGranted(self::SCOPE_PREFIX.'EDIT')
                     || $this->hasAcl(PermissionInterface::EDIT, $subject, $token)
-                    || $this->containerHasAcl($subject, PermissionInterface::EDIT, $token);
+                    || $this->voteOnContainer($subject, AbstractVoter::EDIT);
             case self::SHARE:
                 return $isOwner()
                     || $this->security->isGranted(self::SCOPE_PREFIX.'EDIT')
                     || $this->hasAcl(PermissionInterface::SHARE, $subject, $token)
-                    || $this->containerHasAcl($subject, PermissionInterface::EDIT, $token);
+                    || $this->voteOnContainer($subject, AbstractVoter::EDIT);
             case self::DELETE:
                 return $isOwner()
                     || $this->security->isGranted(self::SCOPE_PREFIX.'DELETE')
@@ -80,19 +80,15 @@ protected function voteOnAttribute(string $attribute, $subject, TokenInterface $
                 return $isOwner()
                     || $this->security->isGranted(self::SCOPE_PREFIX.'OWNER')
                     || $this->hasAcl(PermissionInterface::OWNER, $subject, $token)
-                    || $this->containerHasAcl($subject, PermissionInterface::OWNER, $token);
+                    || $this->voteOnContainer($subject, AbstractVoter::OWNER);
         }
 
         return false;
     }
 
-    private function containerHasAcl(Asset $asset, int $permission, TokenInterface $token): bool
+    private function voteOnContainer(Asset $asset, string|int $attribute): bool
     {
-        if (null !== $collection = $asset->getReferenceCollection()) {
-            return $this->hasAcl($permission, $collection, $token);
-        }
-
-        return $this->hasAcl($permission, $asset->getWorkspace(), $token);
+        return $this->security->isGranted($attribute, $asset->getReferenceCollection() ?? $asset->getWorkspace());
     }
 
     private function collectionGrantsAccess(Asset $subject): bool

diff --git a/databox/api/src/Security/Voter/CollectionVoter.php b/databox/api/src/Security/Voter/CollectionVoter.php
@@ -66,6 +66,12 @@ private function doVote(string $attribute, Collection $subject, TokenInterface $
             self::EDIT_PERMISSIONS => $isOwner()
                 || $this->hasAcl(PermissionInterface::OWNER, $subject, $token)
                 || (null !== $subject->getParent() && $this->security->isGranted($attribute, $subject->getParent())),
+            self::OPERATOR => $isOwner()
+                || $this->hasAcl(PermissionInterface::OPERATOR, $subject, $token)
+                || (null !== $subject->getParent() && $this->security->isGranted($attribute, $subject->getParent())),
+            self::OWNER => $isOwner()
+                || $this->hasAcl(PermissionInterface::OWNER, $subject, $token)
+                || (null !== $subject->getParent() && $this->security->isGranted($attribute, $subject->getParent())),
             default => false,
         };
     }

diff --git a/databox/api/src/Security/Voter/WorkspaceVoter.php b/databox/api/src/Security/Voter/WorkspaceVoter.php
@@ -64,6 +64,12 @@ private function doVote(string $attribute, Workspace $subject, TokenInterface $t
             self::EDIT_PERMISSIONS => $isOwner()
                 || $this->hasAcl(PermissionInterface::OWNER, $subject, $token)
                 || $this->isAdmin(),
+            self::OPERATOR => $isOwner()
+                || $this->hasAcl(PermissionInterface::OPERATOR, $subject, $token),
+            self::OWNER => $isOwner()
+                || $this->hasAcl(PermissionInterface::OWNER, $subject, $token)
+                || $this->isAdmin(),
+
             default => false,
         };
     }

diff --git a/databox/api/tests/DataboxTestTrait.php b/databox/api/tests/DataboxTestTrait.php
@@ -106,6 +106,9 @@ protected function createCollection(array $options = []): Collection
         if ($options['public'] ?? false) {
             $collection->setPrivacy(WorkspaceItemPrivacyInterface::PUBLIC);
         }
+        if ($options['parent'] ?? false) {
+            $collection->setParent($options['parent']);
+        }
 
         $em->persist($collection);
         if (!($options['no_flush'] ?? false)) {
-Original file line number
+Diff line change
@@ Expand Up @@
                 'createdAt' => 'DESC',
             ]);
             if (null !== $file = $rendition?->getFile()) {
                 return new RedirectResponse($this->fileUrlResolver->resolveUrl($file));
             }
@@ Expand Down @@