From 08ad62b6ddf9aa1f99842e6972de4b4a78be2d22 Mon Sep 17 00:00:00 2001
From: Dorian Merz <merz@ub.uni-leipzig.de>
Date: Thu, 17 Dec 2020 16:36:43 +0100
Subject: [PATCH] refs #18605 [fid] use VuFind's permission system for
GetIt-Box
* defines some basic functional permissions
* uses permission manager to give/deny access to
** acquisitions
** ebook links
* handle fid.Acqusitions permission via Permission Controller Plugin of VuFind
---
fid/config/vufind/permissions.ini | 12 +++++++++-
.../CustomTraits/FidAcquisitionTrait.php | 8 +++++--
module/fid/src/View/Helper/Root/Factory.php | 3 ++-
module/fid/src/View/Helper/Root/GetIt.php | 24 +++++++++++++++----
4 files changed, 38 insertions(+), 9 deletions(-)
diff --git a/fid/config/vufind/permissions.ini b/fid/config/vufind/permissions.ini
index d22779c8b85..4b4053857ba 100644
--- a/fid/config/vufind/permissions.ini
+++ b/fid/config/vufind/permissions.ini
@@ -39,4 +39,14 @@ permission = fid.LimitedAccess
[fid.FullAccess]
role[] = loggedin
FidApiPermission[] = full_access
-permission = fid.FullAccess
\ No newline at end of file
+permission = fid.FullAccess
+
+[fid.EBooks]
+role[] = loggedin
+FidApiPermission[] = limited_access
+permission = fid.EBooks
+
+[fid.Acquisitions]
+role[] = loggedin
+FidApiPermission[] = limited_access
+permission = fid.Acquisitions
\ No newline at end of file
diff --git a/module/fid/src/Controller/CustomTraits/FidAcquisitionTrait.php b/module/fid/src/Controller/CustomTraits/FidAcquisitionTrait.php
index bf40e3846c1..2a8f31a86bb 100644
--- a/module/fid/src/Controller/CustomTraits/FidAcquisitionTrait.php
+++ b/module/fid/src/Controller/CustomTraits/FidAcquisitionTrait.php
@@ -33,6 +33,7 @@ use fid\Service\DataTransferObject\User;
use fid\Validator\SubitoPartialCopyPageBounds;
use fid\Validator\SubitoPartialCopyPageSelection;
use finc\View\Helper\Root\Citation;
+use VuFind\Exception\Forbidden as ForbiddenException;
use Zend\Form\Form;
/**
@@ -89,7 +90,10 @@ trait FidAcquisitionTrait
/** @var User $user */
$user = $this->client->requestUserDetails();
- if ($user->hasPermission('limited_access')) {
+ try {
+ /* pass if permission is granted, else throw exception and switch to catch block */
+ $this->permission()->check('fid.Acquisitions', 'exception');
+
$driver = $this->loadRecord();
$recordId = $driver->tryMethod('getUniqueID');
@@ -126,7 +130,7 @@ trait FidAcquisitionTrait
$view = $this->createViewModel();
$view->setVariables(compact('form', 'driver', 'user'));
$view->setTemplate("fid/record/acquisition-$this->type");
- } else {
+ } catch (ForbiddenException $ex) {
$view = $this->getPermissionDeniedView();
}
diff --git a/module/fid/src/View/Helper/Root/Factory.php b/module/fid/src/View/Helper/Root/Factory.php
index 89a4248bf60..044f0f58ea6 100644
--- a/module/fid/src/View/Helper/Root/Factory.php
+++ b/module/fid/src/View/Helper/Root/Factory.php
@@ -68,7 +68,8 @@ class Factory
{
return new GetIt(
$container->get('VuFind\Config')->get('getit'),
- $container->get(Client::class)
+ $container->get(Client::class),
+ $container->get('VuFind\Role\PermissionManager')
);
}
}
diff --git a/module/fid/src/View/Helper/Root/GetIt.php b/module/fid/src/View/Helper/Root/GetIt.php
index 780c6dc60be..b8a79995a37 100644
--- a/module/fid/src/View/Helper/Root/GetIt.php
+++ b/module/fid/src/View/Helper/Root/GetIt.php
@@ -29,6 +29,7 @@ namespace fid\View\Helper\Root;
use VuFind\I18n\Translator\TranslatorAwareTrait;
use VuFind\RecordDriver\AbstractBase;
+use VuFind\Role\PermissionManager;
use VuFind\View\Helper\Root\Config;
use Zend\View\Helper\AbstractHelper;
@@ -77,6 +78,14 @@ class GetIt extends AbstractHelper
* @var \fid\Service\Client
*/
protected $fidClient;
+
+ /**
+ * Permission Manager
+ *
+ * @var PermissionManager
+ */
+ protected $permissionManager;
+
/**
* Solr field source_id
* @var
@@ -155,10 +164,11 @@ class GetIt extends AbstractHelper
*
* @param Config $getItConfig Get It box Configuration
*/
- public function __construct($getItConfig, $fidClient)
+ public function __construct($getItConfig, $fidClient,$permissionManager)
{
$this->config = $getItConfig;
$this->fidClient = $fidClient;
+ $this->permissionManager = $permissionManager;
}
/**
@@ -188,6 +198,10 @@ class GetIt extends AbstractHelper
return $this;
}
+ protected function hasPermission($permission) {
+ return $this->permissionManager->isAuthorized($permission);
+ }
+
/**
* Retrieve SIDs from config (getit.ini)
*
@@ -446,15 +460,15 @@ class GetIt extends AbstractHelper
&$isAiSidRecord,
&$noticeLinkType
) {
- $limited_access = false;
+ $hasEBookAccess = false;
if ($this->fidClient->isLoggedOn()) {
- $limited_access = $this->fidClient->requestUserDetails()->hasPermission('limited_access');
+ $hasEBookAccess = $this->hasPermission('fid.EBooks');
}
$accordeonColor = $this->accordeonColorAlternative;
$accordeonHeadline = $this->accordeonHeadlineAlternative;
if ($this->fidClient->isLoggedOn()) {
- if ($limited_access) {
+ if ($hasEBookAccess) {
$notice = $this->translate('getit_text_13');
} else {
$notice = $this->translate('getit_text_13b_1');
@@ -465,7 +479,7 @@ class GetIt extends AbstractHelper
$noticeLinkType = "register";
}
$boxHeadline = $this->fidClient->isLoggedOn() ? $this->translate('Get it') : $this->translate('getit_logged_not');
- $showLinks = $this->fidClient->isLoggedOn() && $limited_access;
+ $showLinks = $this->fidClient->isLoggedOn() && $hasEBookAccess;
}
/**
--
GitLab