diff --git a/lib/Alchemy/Phrasea/PhraseanetService/Controller/PSExposeController.php b/lib/Alchemy/Phrasea/PhraseanetService/Controller/PSExposeController.php index 6af7b9b0f3..25eadaa031 100644 --- a/lib/Alchemy/Phrasea/PhraseanetService/Controller/PSExposeController.php +++ b/lib/Alchemy/Phrasea/PhraseanetService/Controller/PSExposeController.php @@ -68,6 +68,87 @@ class PSExposeController extends Controller ]); } + /** + * Get list of user or group if param "groups" defined + * + * @param PhraseaApplication $app + * @param Request $request + * @return \Symfony\Component\HttpFoundation\JsonResponse + * + */ + public function listUsersAction(PhraseaApplication $app, Request $request) + { + $exposeConfiguration = $app['conf']->get(['phraseanet-service', 'expose-service', 'exposes'], []); + $exposeConfiguration = $exposeConfiguration[$request->get('exposeName')]; + + $userOrGroup = 'users'; + if ($request->get('groups')) { + $userOrGroup = 'groups'; + } + + $exposeClient = new Client(['base_uri' => $exposeConfiguration['expose_base_uri'], 'http_errors' => false]); + + $accessToken = $this->getAndSaveToken($exposeConfiguration); + + $response = $exposeClient->get('/permissions/' . $userOrGroup, [ + 'headers' => [ + 'Authorization' => 'Bearer '. $accessToken + ] + ]); + + $list = []; + if ($response->getStatusCode() == 200) { + $list = json_decode($response->getBody()->getContents(),true); + } + + return $app->json([ + 'list' => $list + ]); + } + + /** + * Add or update access control entry (ACE) for a publication + * + * @param PhraseaApplication $app + * @param Request $request + * @return \Symfony\Component\HttpFoundation\JsonResponse + */ + public function updatePublicationPermissionAction(PhraseaApplication $app, Request $request) + { + $exposeConfiguration = $app['conf']->get(['phraseanet-service', 'expose-service', 'exposes'], []); + $exposeConfiguration = $exposeConfiguration[$request->get('exposeName')]; + $exposeClient = new Client(['base_uri' => $exposeConfiguration['expose_base_uri'], 'http_errors' => false]); + + $accessToken = $this->getAndSaveToken($exposeConfiguration); + + try { + $response = $exposeClient->put('/permissions/ace', [ + 'headers' => [ + 'Authorization' => 'Bearer '. $accessToken, + 'Content-Type' => 'application/json' + ], + 'json' => $request->get('jsonData') + ]); + } catch(\Exception $e) { + return $this->app->json([ + 'success' => false, + 'message' => $e->getMessage() + ]); + } + + if ($response->getStatusCode() !== 200) { + return $this->app->json([ + 'success' => false, + 'message' => 'Status code: '. $response->getStatusCode() + ]); + } + + return $this->app->json([ + 'success' => true, + 'message' => 'Permission successfully updated!' + ]); + } + /** * Get list of publication * Use param "format=json" to retrieve a json diff --git a/lib/Alchemy/Phrasea/PhraseanetService/Provider/PSExposeServiceProvider.php b/lib/Alchemy/Phrasea/PhraseanetService/Provider/PSExposeServiceProvider.php index c377c2ad6d..dcfd9128b8 100644 --- a/lib/Alchemy/Phrasea/PhraseanetService/Provider/PSExposeServiceProvider.php +++ b/lib/Alchemy/Phrasea/PhraseanetService/Provider/PSExposeServiceProvider.php @@ -70,6 +70,14 @@ class PSExposeServiceProvider implements ControllerProviderInterface, ServicePro ->method('POST') ->bind('ps_expose_publication_add_assets'); + $controllers->match('/list/users', 'controller.ps.expose:listUsersAction') + ->method('GET') + ->bind('ps_expose_list_users'); + + $controllers->match('/publication/permission/update', 'controller.ps.expose:updatePublicationPermissionAction') + ->method('POST') + ->bind('ps_expose_publication_permission_update'); + return $controllers; } diff --git a/templates/web/prod/WorkZone/ExposeEdit.html.twig b/templates/web/prod/WorkZone/ExposeEdit.html.twig index a897781447..20dd855b16 100644 --- a/templates/web/prod/WorkZone/ExposeEdit.html.twig +++ b/templates/web/prod/WorkZone/ExposeEdit.html.twig @@ -113,6 +113,72 @@ +

Permission

+ +
+
+
+ +
+ +
+
+ +
+ + + + + + + + +
+ + + +
+ +
+
+ +
+ +
+
+ +
+ + + + + + + +
+ + +
+
+

Advanced setting

@@ -155,8 +221,18 @@ var publicationForm = publicationEdit.find("#publication-data-form"); var publicationParent = publicationEdit.find("#publication_parent"); var profileField = publicationEdit.find("#profile-field"); + var userList = publicationEdit.find("#user-list"); + var groupList = publicationEdit.find("#group-list"); var advancedSetting = publicationEdit.find("#advancedSetting"); + var userView = publicationEdit.find('input[name=user-view]'); + var userEdit = publicationEdit.find('input[name=user-edit]'); + var userDelete = publicationEdit.find('input[name=user-delete]'); + + var groupView = publicationEdit.find('input[name=group-view]'); + var groupEdit = publicationEdit.find('input[name=group-edit]'); + var groupDelete = publicationEdit.find('input[name=group-delete]'); + var publicationFieldClass = publicationEdit.find(".publication-field"); $.datepicker.regional['default'] = { @@ -207,7 +283,7 @@ url: `/prod/expose/list-profile?exposeName={{ exposeName }}`, success: function (data) { profileField.empty().html(''); - for (i = 0; i < data.profiles.length; i++) { + for (let i = 0; i < data.profiles.length; i++) { let selected = ''; if ({{ nbProfile }} && data.profiles[i].id === '{{ publication.profile.id }}') { selected = 'selected="selected"'; @@ -223,6 +299,36 @@ } }); + $.ajax({ + type: "GET", + url: `/prod/expose/list/users?exposeName={{ exposeName }}`, + success: function (data) { + userList.empty().html(''); + for (i = 0; i < data.list.length; i++) { + userList.append('' + ); + } + } + }); + + $.ajax({ + type: "GET", + url: `/prod/expose/list/users?groups=1&exposeName={{ exposeName }}`, + success: function (data) { + groupList.empty().html(''); + for (i = 0; i < data.list.length; i++) { + groupList.append('' + ); + } + } + }); + }); /**convert Object data to Json**/ @@ -374,6 +480,102 @@ }); + publicationEdit.find('#permission-user').on('submit', function (e) { + e.preventDefault(); + let mask = 0; + + if (userView.is(':checked')) { + mask = mask | 1; + } + + if (userEdit.is(':checked')) { + mask = mask | 4; + } + + if (userDelete.is(':checked')) { + mask = mask | 8; + } + + if (userList.val() !== '') { + publicationEdit.find("#user-permission-error").addClass("hidden"); + publicationEdit.find("#user-permission-success").addClass("hidden"); + + $.ajax({ + type: "POST", + url: "/prod/expose/publication/permission/update", + dataType: 'json', + data: { + exposeName: "{{ exposeName }}", + jsonData: { + userType: "user", + userId: userList.val(), + objectType: "publication", + objectId: "{{ publication.id }}", + mask: mask + } + }, + success: function (data) { + if (data.success) { + publicationEdit.find("#user-permission-error").addClass("hidden"); + publicationEdit.find("#user-permission-success").removeClass("hidden").html(data.message); + } else { + publicationEdit.find("#user-permission-success").addClass("hidden"); + publicationEdit.find("#user-permission-error").removeClass("hidden").html(data.message); + } + } + }); + } + + }); + + publicationEdit.find('#permission-group').on('submit', function (e) { + e.preventDefault(); + let mask = 0; + + if (groupView.is(':checked')) { + mask = mask | 1; + } + + if (groupEdit.is(':checked')) { + mask = mask | 4; + } + + if (groupDelete.is(':checked')) { + mask = mask | 8; + } + + if (groupList.val() !== '') { + publicationEdit.find("#group-permission-error").addClass("hidden"); + publicationEdit.find("#group-permission-success").addClass("hidden"); + + $.ajax({ + type: "POST", + url: "/prod/expose/publication/permission/update", + dataType: 'json', + data: { + exposeName: "{{ exposeName }}", + jsonData: { + userType: "group", + userId: groupList.val(), + objectType: "publication", + objectId: "{{ publication.id }}", + mask: mask + } + }, + success: function (data) { + if (data.success) { + publicationEdit.find("#group-permission-error").addClass("hidden"); + publicationEdit.find("#group-permission-success").removeClass("hidden").html(data.message); + } else { + publicationEdit.find("#group-permission-success").addClass("hidden"); + publicationEdit.find("#group-permission-error").removeClass("hidden").html(data.message); + } + } + }); + } + + }); +