|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
declare(strict_types=1); |
|
4
|
|
|
|
|
5
|
|
|
namespace GraphQLAPI\GraphQLAPI\ModuleResolvers; |
|
6
|
|
|
|
|
7
|
|
|
use GraphQLAPI\GraphQLAPI\Plugin; |
|
8
|
|
|
use PoP\AccessControl\Schema\SchemaModes; |
|
9
|
|
|
use GraphQLAPI\GraphQLAPI\ComponentConfiguration; |
|
10
|
|
|
use GraphQLAPI\GraphQLAPI\ModuleSettings\Properties; |
|
11
|
|
|
use GraphQLAPI\GraphQLAPI\ModuleResolvers\ModuleResolverTrait; |
|
12
|
|
|
|
|
13
|
|
|
class AccessControlFunctionalityModuleResolver extends AbstractFunctionalityModuleResolver |
|
14
|
|
|
{ |
|
15
|
|
|
use ModuleResolverTrait; |
|
16
|
|
|
|
|
17
|
|
|
public const PUBLIC_PRIVATE_SCHEMA = Plugin::NAMESPACE . '\public-private-schema'; |
|
18
|
|
|
public const ACCESS_CONTROL = Plugin::NAMESPACE . '\access-control'; |
|
19
|
|
|
public const ACCESS_CONTROL_RULE_DISABLE_ACCESS = Plugin::NAMESPACE . '\access-control-rule-disable-access'; |
|
20
|
|
|
public const ACCESS_CONTROL_RULE_USER_STATE = Plugin::NAMESPACE . '\access-control-rule-user-state'; |
|
21
|
|
|
public const ACCESS_CONTROL_RULE_USER_ROLES = Plugin::NAMESPACE . '\access-control-rule-user-roles'; |
|
22
|
|
|
public const ACCESS_CONTROL_RULE_USER_CAPABILITIES = Plugin::NAMESPACE . '\access-control-rule-user-capabilities'; |
|
23
|
|
|
|
|
24
|
|
|
/** |
|
25
|
|
|
* Setting options |
|
26
|
|
|
*/ |
|
27
|
|
|
public const OPTION_MODE = 'mode'; |
|
28
|
|
|
public const OPTION_ENABLE_GRANULAR = 'granular'; |
|
29
|
|
|
|
|
30
|
|
|
public static function getModulesToResolve(): array |
|
31
|
|
|
{ |
|
32
|
|
|
return [ |
|
33
|
|
|
self::ACCESS_CONTROL, |
|
34
|
|
|
self::ACCESS_CONTROL_RULE_DISABLE_ACCESS, |
|
35
|
|
|
self::ACCESS_CONTROL_RULE_USER_STATE, |
|
36
|
|
|
self::ACCESS_CONTROL_RULE_USER_ROLES, |
|
37
|
|
|
self::ACCESS_CONTROL_RULE_USER_CAPABILITIES, |
|
38
|
|
|
self::PUBLIC_PRIVATE_SCHEMA, |
|
39
|
|
|
]; |
|
40
|
|
|
} |
|
41
|
|
|
|
|
42
|
|
|
public function getDependedModuleLists(string $module): array |
|
43
|
|
|
{ |
|
44
|
|
|
switch ($module) { |
|
45
|
|
|
case self::ACCESS_CONTROL: |
|
46
|
|
|
return [ |
|
47
|
|
|
[ |
|
48
|
|
|
FunctionalityModuleResolver::SCHEMA_CONFIGURATION, |
|
49
|
|
|
], |
|
50
|
|
|
]; |
|
51
|
|
|
case self::PUBLIC_PRIVATE_SCHEMA: |
|
52
|
|
|
case self::ACCESS_CONTROL_RULE_DISABLE_ACCESS: |
|
53
|
|
|
case self::ACCESS_CONTROL_RULE_USER_STATE: |
|
54
|
|
|
case self::ACCESS_CONTROL_RULE_USER_ROLES: |
|
55
|
|
|
case self::ACCESS_CONTROL_RULE_USER_CAPABILITIES: |
|
56
|
|
|
return [ |
|
57
|
|
|
[ |
|
58
|
|
|
self::ACCESS_CONTROL, |
|
59
|
|
|
], |
|
60
|
|
|
]; |
|
61
|
|
|
} |
|
62
|
|
|
return parent::getDependedModuleLists($module); |
|
63
|
|
|
} |
|
64
|
|
|
|
|
65
|
|
|
public function getName(string $module): string |
|
66
|
|
|
{ |
|
67
|
|
|
$names = [ |
|
68
|
|
|
self::PUBLIC_PRIVATE_SCHEMA => \__('Public/Private Schema', 'graphql-api'), |
|
69
|
|
|
self::ACCESS_CONTROL => \__('Access Control', 'graphql-api'), |
|
70
|
|
|
self::ACCESS_CONTROL_RULE_DISABLE_ACCESS => \__('Access Control Rule: Disable Access', 'graphql-api'), |
|
71
|
|
|
self::ACCESS_CONTROL_RULE_USER_STATE => \__('Access Control Rule: User State', 'graphql-api'), |
|
72
|
|
|
self::ACCESS_CONTROL_RULE_USER_ROLES => \__('Access Control Rule: User Roles', 'graphql-api'), |
|
73
|
|
|
self::ACCESS_CONTROL_RULE_USER_CAPABILITIES => \__('Access Control Rule: User Capabilities', 'graphql-api'), |
|
74
|
|
|
]; |
|
75
|
|
|
return $names[$module] ?? $module; |
|
76
|
|
|
} |
|
77
|
|
|
|
|
78
|
|
|
public function getDescription(string $module): string |
|
79
|
|
|
{ |
|
80
|
|
|
switch ($module) { |
|
81
|
|
|
case self::PUBLIC_PRIVATE_SCHEMA: |
|
82
|
|
|
return \__('Enable to communicate the existence of some field from the schema to certain users only (private mode) or to everyone (public mode). If disabled, fields are always available to everyone (public mode)', 'graphql-api'); |
|
83
|
|
|
case self::ACCESS_CONTROL: |
|
84
|
|
|
return \__('Set-up rules to define who can access the different fields and directives from a schema', 'graphql-api'); |
|
85
|
|
|
case self::ACCESS_CONTROL_RULE_DISABLE_ACCESS: |
|
86
|
|
|
return \__('Remove access to the fields and directives', 'graphql-api'); |
|
87
|
|
|
case self::ACCESS_CONTROL_RULE_USER_STATE: |
|
88
|
|
|
return \__('Allow or reject access to the fields and directives based on the user being logged-in or not', 'graphql-api'); |
|
89
|
|
|
case self::ACCESS_CONTROL_RULE_USER_ROLES: |
|
90
|
|
|
return \__('Allow or reject access to the fields and directives based on the user having a certain role', 'graphql-api'); |
|
91
|
|
|
case self::ACCESS_CONTROL_RULE_USER_CAPABILITIES: |
|
92
|
|
|
return \__('Allow or reject access to the fields and directives based on the user having a certain capability', 'graphql-api'); |
|
93
|
|
|
} |
|
94
|
|
|
return parent::getDescription($module); |
|
95
|
|
|
} |
|
96
|
|
|
|
|
97
|
|
|
/** |
|
98
|
|
|
* Default value for an option set by the module |
|
99
|
|
|
* |
|
100
|
|
|
* @param string $module |
|
101
|
|
|
* @param string $option |
|
102
|
|
|
* @return mixed Anything the setting might be: an array|string|bool|int|null |
|
103
|
|
|
*/ |
|
104
|
|
|
public function getSettingsDefaultValue(string $module, string $option) |
|
105
|
|
|
{ |
|
106
|
|
|
$defaultValues = [ |
|
107
|
|
|
self::PUBLIC_PRIVATE_SCHEMA => [ |
|
108
|
|
|
self::OPTION_MODE => SchemaModes::PUBLIC_SCHEMA_MODE, |
|
109
|
|
|
self::OPTION_ENABLE_GRANULAR => true, |
|
110
|
|
|
], |
|
111
|
|
|
]; |
|
112
|
|
|
return $defaultValues[$module][$option]; |
|
113
|
|
|
} |
|
114
|
|
|
|
|
115
|
|
|
/** |
|
116
|
|
|
* Array with the inputs to show as settings for the module |
|
117
|
|
|
* |
|
118
|
|
|
* @param string $module |
|
119
|
|
|
* @return array |
|
120
|
|
|
*/ |
|
121
|
|
|
public function getSettings(string $module): array |
|
122
|
|
|
{ |
|
123
|
|
|
$moduleSettings = parent::getSettings($module); |
|
124
|
|
|
// Do the if one by one, so that the SELECT do not get evaluated unless needed |
|
125
|
|
|
if ($module == self::PUBLIC_PRIVATE_SCHEMA) { |
|
126
|
|
|
$whereModules = []; |
|
127
|
|
|
$dependencyModules = [ |
|
128
|
|
|
FunctionalityModuleResolver::SCHEMA_CONFIGURATION, |
|
129
|
|
|
self::ACCESS_CONTROL, |
|
130
|
|
|
]; |
|
131
|
|
|
foreach ($dependencyModules as $dependencyModule) { |
|
132
|
|
|
$whereModules[] = '▹ ' . $this->getName($dependencyModule); |
|
133
|
|
|
} |
|
134
|
|
|
$option = self::OPTION_MODE; |
|
135
|
|
|
$moduleSettings[] = [ |
|
136
|
|
|
Properties::INPUT => $option, |
|
137
|
|
|
Properties::NAME => $this->getSettingOptionName( |
|
138
|
|
|
$module, |
|
139
|
|
|
$option |
|
140
|
|
|
), |
|
141
|
|
|
Properties::TITLE => \__('Default visibility', 'graphql-api'), |
|
142
|
|
|
Properties::DESCRIPTION => sprintf( |
|
143
|
|
|
\__('Visibility to use for fields and directives in the schema when option <code>"%s"</code> is selected (in %s)', 'graphql-api'), |
|
144
|
|
|
ComponentConfiguration::getSettingsValueLabel(), |
|
145
|
|
|
implode( |
|
146
|
|
|
\__(', ', 'graphql-api'), |
|
147
|
|
|
$whereModules |
|
148
|
|
|
) |
|
149
|
|
|
), |
|
150
|
|
|
Properties::TYPE => Properties::TYPE_STRING, |
|
151
|
|
|
Properties::POSSIBLE_VALUES => [ |
|
152
|
|
|
SchemaModes::PUBLIC_SCHEMA_MODE => \__('Public', 'graphql-api'), |
|
153
|
|
|
SchemaModes::PRIVATE_SCHEMA_MODE => \__('Private', 'graphql-api'), |
|
154
|
|
|
], |
|
155
|
|
|
]; |
|
156
|
|
|
$option = self::OPTION_ENABLE_GRANULAR; |
|
157
|
|
|
$moduleSettings[] = [ |
|
158
|
|
|
Properties::INPUT => $option, |
|
159
|
|
|
Properties::NAME => $this->getSettingOptionName( |
|
160
|
|
|
$module, |
|
161
|
|
|
$option |
|
162
|
|
|
), |
|
163
|
|
|
Properties::TITLE => \__('Enable granular control?', 'graphql-api'), |
|
164
|
|
|
Properties::DESCRIPTION => \__('Enable to select the visibility for a set of fields/directives when editing the Access Control List', 'graphql-api'), |
|
165
|
|
|
Properties::TYPE => Properties::TYPE_BOOL, |
|
166
|
|
|
]; |
|
167
|
|
|
} |
|
168
|
|
|
return $moduleSettings; |
|
169
|
|
|
} |
|
170
|
|
|
} |
|
171
|
|
|
|
GraphQLAPI /
graphql-api-for-wp
