Prototyped permissions (#13)

Bertrand Dunogier · Bertrand Dunogier · commit b932c6f05486 · 2018-11-11T11:19:33.000+01:00
The `_repository` field will only show up for users with at least one of content/edit, class/update or role/view.
Can easily be extended to more granular items.
diff --git a/GraphQL/ExpressionLanguage/HasAdminAccessFunction.php b/GraphQL/ExpressionLanguage/HasAdminAccessFunction.php
@@ -0,0 +1,37 @@
+<?php
+namespace BD\EzPlatformGraphQLBundle\GraphQL\ExpressionLanguage;
+
+use Overblog\GraphQLBundle\ExpressionLanguage\ExpressionFunction;
+
+class HasAdminAccessFunction extends ExpressionFunction
+{
+    public function __construct()
+    {
+        parent::__construct(
+            'hasAdminAccess',
+            function () {
+                return $this->buildHasAccessCode(["section/view", "class/create", "role/read"]);
+            }
+        );
+    }
+
+    private function buildHasAccessCode(array $policies)
+    {
+        $checks = array_map(
+            function($policy) {
+                list($module, $function) = explode('/', $policy);
+                return sprintf(
+                    '(true === ($access = $pr->hasAccess("%s", "%s")) || is_array($access))',
+                    $module,
+                    $function
+                );
+            },
+            $policies
+        );
+
+        return sprintf('(function() use ($globalVariable) {
+  $pr = $globalVariable->get("container")->get("eZ\Publish\API\Repository\PermissionResolver");
+  return %s;
+})()', implode('||', $checks));
+    }
+}
diff --git a/Resources/config/graphql/Platform.types.yml b/Resources/config/graphql/Platform.types.yml
@@ -5,4 +5,6 @@ Platform:
             _repository:
                 type: Repository
                 resolve: { }
-                description: "eZ Platform repository API"
+                description: "eZ Platform repository API"
+                public: '@=hasAdminAccess()'
+                public: '@=hasAdminAccess()'
diff --git a/Resources/config/services.yml b/Resources/config/services.yml
@@ -22,3 +22,6 @@ services:
             - { name: "overblog_graphql.mutation", alias: "DeleteSection", method: "deleteSection" }
 
     BD\EzPlatformGraphQLBundle\GraphQL\InputMapper\SearchQueryMapper: ~
+
+    BD\EzPlatformGraphQLBundle\GraphQL\ExpressionLanguage\HasAdminAccessFunction:
+        tags: ['overblog_graphql.expression_function']
