From abd4fe1d242daa8dd780926eb655114a7e4e332a Mon Sep 17 00:00:00 2001
From: manuxi <manu@bytefresser.de>
Date: Sat, 27 Mar 2021 01:53:20 +0100
Subject: [PATCH] Permission check in LocationAdmin

---
 README.md                         |  14 ++--
 src/Admin/LocationAdmin.php       | 128 +++++++++++++++++-------------
 src/Resources/config/services.xml |   1 +
 3 files changed, 83 insertions(+), 60 deletions(-)

diff --git a/README.md b/README.md
index 9f68379..4ef3ca7 100644
--- a/README.md
+++ b/README.md
@@ -1,9 +1,5 @@
 # SuluEventBundle!
-This bundle was made based on [Sulu workshop](https://github.com/sulu/sulu-workshop). 
-I made it to quickly install the possibility to manage events in my projects.
-This bundle is still in development. Use at own risk 🤞🏻
-
-<div align="center">
+<div>
     <a href="https://www.travis-ci.com/manuxi/SuluEventBundle" target="_blank">
         <img src="https://www.travis-ci.com/manuxi/SuluEventBundle.svg?branch=main" alt="Travis status">
     </a>
@@ -13,9 +9,15 @@ This bundle is still in development. Use at own risk 🤞🏻
     <a href="https://github.com/manuxi/SuluEventBundle/tags" target="_blank">
         <img src="https://img.shields.io/github/v/tag/manuxi/SuluEventBundle" alt="GitHub license">
     </a>
-    
+
 </div>
 
+This bundle was made based on [Sulu workshop](https://github.com/sulu/sulu-workshop). 
+I made it to quickly install the possibility to manage events in my projects.
+This bundle is still in development. Use at own risk 🤞🏻
+
+
+
 ## 👩🏻‍🏭 Installation
 Install the package with:
 ```console
diff --git a/src/Admin/LocationAdmin.php b/src/Admin/LocationAdmin.php
index 0fb6861..16cbecf 100644
--- a/src/Admin/LocationAdmin.php
+++ b/src/Admin/LocationAdmin.php
@@ -4,6 +4,7 @@
 
 namespace Manuxi\SuluEventBundle\Admin;
 
+use Manuxi\SuluEventBundle\Entity\Event;
 use Manuxi\SuluEventBundle\Entity\Location;
 use Sulu\Bundle\AdminBundle\Admin\Admin;
 use Sulu\Bundle\AdminBundle\Admin\Navigation\NavigationItem;
@@ -12,6 +13,8 @@
 use Sulu\Bundle\AdminBundle\Admin\View\ViewBuilderFactoryInterface;
 use Sulu\Bundle\AdminBundle\Admin\View\ViewCollection;
 use Sulu\Bundle\AdminBundle\Exception\NavigationItemNotFoundException;
+use Sulu\Component\Security\Authorization\PermissionTypes;
+use Sulu\Component\Security\Authorization\SecurityCheckerInterface;
 
 class LocationAdmin extends Admin
 {
@@ -25,9 +28,14 @@ class LocationAdmin extends Admin
 
     private $viewBuilderFactory;
 
-    public function __construct(ViewBuilderFactoryInterface $viewBuilderFactory)
-    {
+    private $securityChecker;
+
+    public function __construct(
+        ViewBuilderFactoryInterface $viewBuilderFactory,
+        SecurityCheckerInterface $securityChecker
+    ) {
         $this->viewBuilderFactory = $viewBuilderFactory;
+        $this->securityChecker = $securityChecker;
     }
 
     /**
@@ -35,61 +43,73 @@ public function __construct(ViewBuilderFactoryInterface $viewBuilderFactory)
      */
     public function configureNavigationItems(NavigationItemCollection $navigationItemCollection): void
     {
-        $module    = $navigationItemCollection->get('app.events');
-        $locations = new NavigationItem('app.locations');
-        $locations->setPosition(10);
-        $locations->setView(static::LOCATION_LIST_VIEW);
-
-        $module->addChild($locations);
+        if ($this->securityChecker->hasPermission(Event::SECURITY_CONTEXT, PermissionTypes::EDIT)) {
+            $module = $navigationItemCollection->get('app.events');
+            $locations = new NavigationItem('app.locations');
+            $locations->setPosition(10);
+            $locations->setView(static::LOCATION_LIST_VIEW);
+
+            $module->addChild($locations);
+        }
     }
 
     public function configureViews(ViewCollection $viewCollection): void
     {
-        $listToolbarActions = [
-            new ToolbarAction('sulu_admin.add'),
-            new ToolbarAction('sulu_admin.delete'),
-        ];
-
-        $listView = $this->viewBuilderFactory->createListViewBuilder(self::LOCATION_LIST_VIEW, '/locations')
-            ->setResourceKey(Location::RESOURCE_KEY)
-            ->setListKey(self::LOCATION_LIST_KEY)
-            ->setTitle('app.locations')
-            ->addListAdapters(['table'])
-            ->setAddView(static::LOCATION_ADD_FORM_VIEW)
-            ->setEditView(static::LOCATION_EDIT_FORM_VIEW)
-            ->addToolbarActions($listToolbarActions);
-        $viewCollection->add($listView);
-
-        $addFormView = $this->viewBuilderFactory->createResourceTabViewBuilder(self::LOCATION_ADD_FORM_VIEW, '/locations/add')
-            ->setResourceKey('locations')
-            ->setBackView(static::LOCATION_LIST_VIEW);
-        $viewCollection->add($addFormView);
-
-        $addDetailsFormView = $this->viewBuilderFactory->createFormViewBuilder(self::LOCATION_ADD_FORM_VIEW . '.details', '/details')
-            ->setResourceKey('locations')
-            ->setFormKey('location_details')
-            ->setTabTitle('sulu_admin.details')
-            ->setEditView(static::LOCATION_EDIT_FORM_VIEW)
-            ->addToolbarActions([new ToolbarAction('sulu_admin.save')])
-            ->setParent(static::LOCATION_ADD_FORM_VIEW);
-        $viewCollection->add($addDetailsFormView);
-
-        $editFormView = $this->viewBuilderFactory->createResourceTabViewBuilder(static::LOCATION_EDIT_FORM_VIEW, '/locations/:id')
-            ->setResourceKey('locations')
-            ->setBackView(static::LOCATION_LIST_VIEW)
-            ->setTitleProperty('title');
-        $viewCollection->add($editFormView);
-
-        $formToolbarActions = [
-            new ToolbarAction('sulu_admin.save'),
-            new ToolbarAction('sulu_admin.delete'),
-        ];
-        $editDetailsFormView = $this->viewBuilderFactory->createFormViewBuilder(static::LOCATION_EDIT_FORM_VIEW . '.details', '/details')
-            ->setResourceKey('locations')
-            ->setFormKey('location_details')
-            ->setTabTitle('sulu_admin.details')
-            ->addToolbarActions($formToolbarActions)
-            ->setParent(static::LOCATION_EDIT_FORM_VIEW);
-        $viewCollection->add($editDetailsFormView);
+        $formToolbarActions = [];
+        $listToolbarActions = [];
+
+        if ($this->securityChecker->hasPermission(Event::SECURITY_CONTEXT, PermissionTypes::ADD)) {
+            $listToolbarActions[] = new ToolbarAction('sulu_admin.add');
+        }
+
+        if ($this->securityChecker->hasPermission(Event::SECURITY_CONTEXT, PermissionTypes::EDIT)) {
+            $formToolbarActions[] = new ToolbarAction('sulu_admin.save');
+        }
+
+        if ($this->securityChecker->hasPermission(Event::SECURITY_CONTEXT, PermissionTypes::DELETE)) {
+            $formToolbarActions[] = new ToolbarAction('sulu_admin.delete');
+            $listToolbarActions[] = new ToolbarAction('sulu_admin.delete');
+        }
+
+        if ($this->securityChecker->hasPermission(Event::SECURITY_CONTEXT, PermissionTypes::EDIT)) {
+
+            $listView = $this->viewBuilderFactory->createListViewBuilder(self::LOCATION_LIST_VIEW, '/locations')
+                ->setResourceKey(Location::RESOURCE_KEY)
+                ->setListKey(self::LOCATION_LIST_KEY)
+                ->setTitle('app.locations')
+                ->addListAdapters(['table'])
+                ->setAddView(static::LOCATION_ADD_FORM_VIEW)
+                ->setEditView(static::LOCATION_EDIT_FORM_VIEW)
+                ->addToolbarActions($listToolbarActions);
+            $viewCollection->add($listView);
+
+            $addFormView = $this->viewBuilderFactory->createResourceTabViewBuilder(self::LOCATION_ADD_FORM_VIEW, '/locations/add')
+                ->setResourceKey('locations')
+                ->setBackView(static::LOCATION_LIST_VIEW);
+            $viewCollection->add($addFormView);
+
+            $addDetailsFormView = $this->viewBuilderFactory->createFormViewBuilder(self::LOCATION_ADD_FORM_VIEW . '.details', '/details')
+                ->setResourceKey('locations')
+                ->setFormKey('location_details')
+                ->setTabTitle('sulu_admin.details')
+                ->setEditView(static::LOCATION_EDIT_FORM_VIEW)
+                ->addToolbarActions([new ToolbarAction('sulu_admin.save')])
+                ->setParent(static::LOCATION_ADD_FORM_VIEW);
+            $viewCollection->add($addDetailsFormView);
+
+            $editFormView = $this->viewBuilderFactory->createResourceTabViewBuilder(static::LOCATION_EDIT_FORM_VIEW, '/locations/:id')
+                ->setResourceKey('locations')
+                ->setBackView(static::LOCATION_LIST_VIEW)
+                ->setTitleProperty('title');
+            $viewCollection->add($editFormView);
+
+            $editDetailsFormView = $this->viewBuilderFactory->createFormViewBuilder(static::LOCATION_EDIT_FORM_VIEW . '.details', '/details')
+                ->setResourceKey('locations')
+                ->setFormKey('location_details')
+                ->setTabTitle('sulu_admin.details')
+                ->addToolbarActions($formToolbarActions)
+                ->setParent(static::LOCATION_EDIT_FORM_VIEW);
+            $viewCollection->add($editDetailsFormView);
+        }
     }
 }
diff --git a/src/Resources/config/services.xml b/src/Resources/config/services.xml
index c357006..2ce4246 100644
--- a/src/Resources/config/services.xml
+++ b/src/Resources/config/services.xml
@@ -15,6 +15,7 @@
 
         <service id="sulu_event.admin.location" class="Manuxi\SuluEventBundle\Admin\LocationAdmin">
             <argument type="service" id="sulu_admin.view_builder_factory"/>
+            <argument type="service" id="sulu_security.security_checker"/>
 
             <tag name="sulu.admin"/>
             <tag name="sulu.context" context="admin"/>