Merge pull request #58 from heyday/fixes/56-permissions

fix: allow extensions to manage menu permissions correctly (56)
WPP-Public · Jul 10, 2023 · 7a20281 · 7a20281
2 parents 29f8134 + 800a0e0
commit 7a20281
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 20 deletions.
diff --git a/src/MenuItem.php b/src/MenuItem.php
@@ -26,13 +26,9 @@ class MenuItem extends DataObject implements PermissionProvider
      * @var array
      */
     private static $db = [
-        // If you want to customise the MenuTitle use this field - leaving blank will use MenuTitle of associated Page
         'MenuTitle' => 'Varchar(255)',
-        // This field is used for external links (picking a page from the dropdown will overwrite this link)
         'Link' => 'Text',
-        // Sort order
         'Sort' => 'Int',
-        // Can be used as a check for adding target="_blank"
         'IsNewWindow' => 'Boolean'
     ];
 
@@ -84,7 +80,13 @@ public function providePermissions()
      */
     public function canCreate($member = null, $context = [])
     {
-        return Permission::check('MANAGE_MENU_ITEMS');
+        $extended = $this->extendedCan(__FUNCTION__, $member);
+
+        if ($extended !== null) {
+            return $extended;
+        }
+
+        return Permission::checkMember($member, 'MANAGE_MENU_ITEMS');
     }
 
     /**
@@ -93,6 +95,12 @@ public function canCreate($member = null, $context = [])
      */
     public function canDelete($member = null)
     {
+        $extended = $this->extendedCan(__FUNCTION__, $member);
+
+        if ($extended !== null) {
+            return $extended;
+        }
+
         return Permission::check('MANAGE_MENU_ITEMS');
     }
 
@@ -102,6 +110,12 @@ public function canDelete($member = null)
      */
     public function canEdit($member = null)
     {
+        $extended = $this->extendedCan(__FUNCTION__, $member);
+
+        if ($extended !== null) {
+            return $extended;
+        }
+
         return Permission::check('MANAGE_MENU_ITEMS');
     }
 
@@ -111,6 +125,12 @@ public function canEdit($member = null)
      */
     public function canView($member = null)
     {
+        $extended = $this->extendedCan(__FUNCTION__, $member);
+
+        if ($extended !== null) {
+            return $extended;
+        }
+
         return Permission::check('MANAGE_MENU_ITEMS');
     }
 

diff --git a/src/MenuSet.php b/src/MenuSet.php
@@ -91,11 +91,12 @@ public function validate()
      */
     public function canCreate($member = null, $context = [])
     {
-        if (Permission::check('MANAGE_MENU_SETS')) {
-            return true;
+        $extended = $this->extendedCan(__FUNCTION__, $member);
+        if ($extended !== null) {
+            return $extended;
         }
 
-        return parent::canCreate($member, $context);
+        return Permission::check('MANAGE_MENU_SETS');
     }
 
     /**
@@ -104,19 +105,17 @@ public function canCreate($member = null, $context = [])
      */
     public function canDelete($member = null)
     {
-        $canDelete = parent::canDelete($member);
-
         // Backwards compatibility for duplicate default sets
         $existing = MenuManagerTemplateProvider::MenuSet($this->Name);
         $isDuplicate = $existing && $existing->ID !== $this->ID;
 
         if ($this->isDefaultSet() && !$isDuplicate) {
-            // Default menu's cannot be deleted
-            $canDelete = false;
+            return false;
         }
 
-        if ($canDelete !== null) {
-            return $canDelete;
+        $extended = $this->extendedCan(__FUNCTION__, $member);
+        if ($extended !== null) {
+            return $extended;
         }
 
         return Permission::check('MANAGE_MENU_SETS');
@@ -128,11 +127,12 @@ public function canDelete($member = null)
      */
     public function canEdit($member = null)
     {
-        if (Permission::check('MANAGE_MENU_SETS') || Permission::check('MANAGE_MENU_ITEMS')) {
-            return true;
+        $extended = $this->extendedCan(__FUNCTION__, $member);
+        if ($extended !== null) {
+            return $extended;
         }
 
-        return parent::canEdit($member);
+        return (Permission::check('MANAGE_MENU_SETS') || Permission::check('MANAGE_MENU_ITEMS'));
     }
 
     /**
@@ -141,11 +141,13 @@ public function canEdit($member = null)
      */
     public function canView($member = null)
     {
-        if (Permission::check('MANAGE_MENU_SETS') || Permission::check('MANAGE_MENU_ITEMS')) {
-            return true;
+        $extended = $this->extendedCan(__FUNCTION__, $member);
+        if ($extended !== null) {
+            return $extended;
         }
 
-        return parent::canView($member);
+
+        return (Permission::check('MANAGE_MENU_SETS') || Permission::check('MANAGE_MENU_ITEMS'));
     }