refs #18605 [fid] use VuFind's permission system for GetIt-Box

* defines some basic functional permissions * uses permission manager to give/deny access to ** acquisitions ** ebook links * handle fid.Acqusitions permission via Permission Controller Plugin of VuFind

refs #18605 [fid] use VuFind's permission system for GetIt-Box
* defines some basic functional permissions * uses permission manager to give/deny access to ** acquisitions ** ebook links * handle fid.Acqusitions permission via Permission Controller Plugin of VuFind
08ad62b6 · Dorian Merz · 6bfc1d7c · 08ad62b6 · 08ad62b6 · 08ad62b6
Commit 08ad62b6 authored 4 years ago by Dorian Merz
--- a/fid/config/vufind/permissions.ini
+++ b/fid/config/vufind/permissions.ini
@@ -39,4 +39,14 @@ permission = fid.LimitedAccess
 [fid.FullAccess]
 role[] = loggedin
 FidApiPermission[] = full_access
-permission = fid.FullAccess
\ No newline at end of file
+permission = fid.FullAccess
+
+[fid.EBooks]
+role[] = loggedin
+FidApiPermission[] = limited_access
+permission = fid.EBooks
+
+[fid.Acquisitions]
+role[] = loggedin
+FidApiPermission[] = limited_access
+permission = fid.Acquisitions
\ No newline at end of file
--- a/module/fid/src/Controller/CustomTraits/FidAcquisitionTrait.php
+++ b/module/fid/src/Controller/CustomTraits/FidAcquisitionTrait.php
@@ -33,6 +33,7 @@ use fid\Service\DataTransferObject\User;
 use fid\Validator\SubitoPartialCopyPageBounds;
 use fid\Validator\SubitoPartialCopyPageSelection;
 use finc\View\Helper\Root\Citation;
+use VuFind\Exception\Forbidden as ForbiddenException;
 use Zend\Form\Form;

 /**
@@ -89,7 +90,10 @@ trait FidAcquisitionTrait
        /** @var User $user */
        $user = $this->client->requestUserDetails();

-        if ($user->hasPermission('limited_access')) {
+        try {
+            /* pass if permission is granted, else throw exception and switch to catch block */
+            $this->permission()->check('fid.Acquisitions', 'exception');
+
            $driver = $this->loadRecord();
            $recordId = $driver->tryMethod('getUniqueID');

@@ -126,7 +130,7 @@ trait FidAcquisitionTrait
            $view = $this->createViewModel();
            $view->setVariables(compact('form', 'driver', 'user'));
            $view->setTemplate("fid/record/acquisition-$this->type");
-        } else {
+        } catch (ForbiddenException $ex) {
            $view = $this->getPermissionDeniedView();
        }


--- a/module/fid/src/View/Helper/Root/Factory.php
+++ b/module/fid/src/View/Helper/Root/Factory.php
@@ -68,7 +68,8 @@ class Factory
    {
        return new GetIt(
            $container->get('VuFind\Config')->get('getit'),
-            $container->get(Client::class)
+            $container->get(Client::class),
+            $container->get('VuFind\Role\PermissionManager')
        );
    }
 }
--- a/module/fid/src/View/Helper/Root/GetIt.php
+++ b/module/fid/src/View/Helper/Root/GetIt.php
@@ -29,6 +29,7 @@ namespace fid\View\Helper\Root;

 use VuFind\I18n\Translator\TranslatorAwareTrait;
 use VuFind\RecordDriver\AbstractBase;
+use VuFind\Role\PermissionManager;
 use VuFind\View\Helper\Root\Config;
 use Zend\View\Helper\AbstractHelper;

@@ -77,6 +78,14 @@ class GetIt extends AbstractHelper
     * @var \fid\Service\Client
     */
    protected $fidClient;
+
+    /**
+     * Permission Manager
+     *
+     * @var PermissionManager
+     */
+    protected $permissionManager;
+
    /**
     * Solr field source_id
     * @var
@@ -155,10 +164,11 @@ class GetIt extends AbstractHelper
     *
     * @param Config $getItConfig Get It box Configuration
     */
-    public function __construct($getItConfig, $fidClient)
+    public function __construct($getItConfig, $fidClient,$permissionManager)
    {
        $this->config = $getItConfig;
        $this->fidClient = $fidClient;
+        $this->permissionManager = $permissionManager;
    }

    /**
@@ -188,6 +198,10 @@ class GetIt extends AbstractHelper
        return $this;
    }

+    protected function hasPermission($permission) {
+        return $this->permissionManager->isAuthorized($permission);
+    }
+
    /**
     * Retrieve SIDs from config (getit.ini)
     *
@@ -446,15 +460,15 @@ class GetIt extends AbstractHelper
        &$isAiSidRecord,
        &$noticeLinkType
    ) {
-        $limited_access = false;
+        $hasEBookAccess = false;
        if ($this->fidClient->isLoggedOn()) {
-            $limited_access = $this->fidClient->requestUserDetails()->hasPermission('limited_access');
+            $hasEBookAccess = $this->hasPermission('fid.EBooks');
        }

        $accordeonColor = $this->accordeonColorAlternative;
        $accordeonHeadline = $this->accordeonHeadlineAlternative;
        if ($this->fidClient->isLoggedOn()) {
-            if ($limited_access) {
+            if ($hasEBookAccess) {
                $notice = $this->translate('getit_text_13');
            } else {
                $notice = $this->translate('getit_text_13b_1');
@@ -465,7 +479,7 @@ class GetIt extends AbstractHelper
            $noticeLinkType = "register";
        }
        $boxHeadline = $this->fidClient->isLoggedOn() ? $this->translate('Get it') : $this->translate('getit_logged_not');
-        $showLinks = $this->fidClient->isLoggedOn() && $limited_access;
+        $showLinks = $this->fidClient->isLoggedOn() && $hasEBookAccess;
    }

    /**