Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Admin-scope token or: How to get hidden objects #188

Closed
wants to merge 5 commits into from
Closed

Admin-scope token or: How to get hidden objects #188

wants to merge 5 commits into from

Conversation

gevorgmansuryan
Copy link
Contributor

@gevorgmansuryan gevorgmansuryan self-assigned this Feb 22, 2025
luke-
luke- requested changes Feb 23, 2025
View reviewed changes
controllers/space/SpaceController.php Outdated
$query = Space::find()->visible();
$query = Space::find();

if (!(Yii::$app->getModule('space')->globalAdminCanAccessPrivateContent && Yii::$app->user->identity->isSystemAdmin())) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gevorgmansuryan Perhaps we would be better off using this permission here, instead of the Flag and isSystemAdmin: https://github.com/humhub/humhub/blob/master/protected/humhub/modules/admin/permissions/ManageSpaces.php

@marc-farre Is the flag globalAdminCanAccessPrivateContent still required / not deprecated with the new ManageContent permission?

Copy link
Contributor Author

@gevorgmansuryan gevorgmansuryan Feb 23, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@luke- the same is used at \humhub\modules\space\models\Space::canAccessPrivateContent too. Change to ManageSpaces bot and remove globalAdminCanAccessPrivateContent ? Or you mean Yii::$app->user->identity->canManageAllContent() ?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gevorgmansuryan This endpoint it is only about the Spaces and not about the Contents of the Space.

So I would only check the 'ManageSpaces' permission. Same as in /admin/space.

Copy link
Contributor Author

@gevorgmansuryan gevorgmansuryan Feb 26, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@luke- found an issue. fixed

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gevorgmansuryan Hmm, I would expect the current user is automatically used.

https://github.com/humhub/humhub/blob/master/protected/humhub/modules/space/components/ActiveQuerySpace.php#L44-L46

Any idea why this is not working here?

luke-
luke- requested changes Feb 24, 2025
View reviewed changes
controllers/space/SpaceController.php Outdated
$query = Space::find()->visible();
$query = Space::find();

if (!(Yii::$app->getModule('space')->globalAdminCanAccessPrivateContent && Yii::$app->user->identity->isSystemAdmin())) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gevorgmansuryan This endpoint it is only about the Spaces and not about the Contents of the Space.

So I would only check the 'ManageSpaces' permission. Same as in /admin/space.

@gevorgmansuryan gevorgmansuryan deleted the fix/visible-hidden-object-to-admin branch February 26, 2025 11:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@luke- luke- Awaiting requested review from luke-

Assignees

@gevorgmansuryan gevorgmansuryan

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@gevorgmansuryan @luke-