Improve entry publish state management permission (#3039)

statamic · Jan 5, 2021 · 5fb0a86 · 5fb0a86
1 parent 3439c6f
commit 5fb0a86
Show file tree

Hide file tree

Showing 8 changed files with 26 additions and 2 deletions.
diff --git a/resources/js/components/entries/BaseCreateForm.vue b/resources/js/components/entries/BaseCreateForm.vue
@@ -17,6 +17,7 @@
         :revisions-enabled="revisions"
         :breadcrumbs="breadcrumbs"
         :initial-site="site"
+        :can-manage-publish-state="canManagePublishState"
         :create-another-url="createAnotherUrl"
         :listing-url="listingUrl"
         @saved="saved"
@@ -37,6 +38,7 @@ export default {
         'revisions',
         'breadcrumbs',
         'site',
+        'canManagePublishState',
         'createAnotherUrl',
         'listingUrl',
     ],

diff --git a/resources/js/components/entries/PublishForm.vue b/resources/js/components/entries/PublishForm.vue
@@ -121,7 +121,7 @@
 
                                 <div class="flex items-center border-t justify-between px-2 py-1" v-if="!revisionsEnabled">
                                     <label v-text="__('Published')" class="publish-field-label font-medium" />
-                                    <toggle-input :value="published" @input="setFieldValue('published', $event)" />
+                                    <toggle-input :value="published" :read-only="!canManagePublishState" @input="setFieldValue('published', $event)" />
                                 </div>
 
                                 <div class="border-t p-2" v-if="revisionsEnabled && !isCreating">
@@ -297,6 +297,7 @@ export default {
         revisionsEnabled: Boolean,
         preloadedAssets: Array,
         canEditBlueprint: Boolean,
+        canManagePublishState: Boolean,
         createAnotherUrl: String,
         listingUrl: String,
     },

diff --git a/resources/views/entries/create.blade.php b/resources/views/entries/create.blade.php
@@ -16,6 +16,7 @@
         site="{{ $locale }}"
         create-another-url="{{ cp_route('collections.entries.create', [$collection, $locale, 'blueprint' => $blueprint['handle']]) }}"
         listing-url="{{ cp_route('collections.show', $collection) }}"
+        :can-manage-publish-state="{{ Statamic\Support\Str::bool($canManagePublishState) }}"
     ></base-entry-create-form>
 
 @endsection
diff --git a/resources/views/entries/edit.blade.php b/resources/views/entries/edit.blade.php
@@ -30,6 +30,7 @@
         :preloaded-assets="{{ json_encode($preloadedAssets) }}"
         :breadcrumbs="{{ $breadcrumbs->toJson() }}"
         :can-edit-blueprint="{{ $str::bool($user->can('configure fields')) }}"
+        :can-manage-publish-state="{{ $str::bool($canManagePublishState) }}"
         create-another-url="{{ cp_route('collections.entries.create', [$collection, $locale]) }}"
         listing-url="{{ cp_route('collections.show', $collection) }}"
     ></entry-publish-form>

diff --git a/src/Fieldtypes/Entries.php b/src/Fieldtypes/Entries.php
@@ -42,6 +42,7 @@ class Entries extends Relationship
         'revisionsEnabled' => 'revisionsEnabled',
         'breadcrumbs' => 'breadcrumbs',
         'collectionHandle' => 'collection',
+        'canManagePublishState' => 'canManagePublishState',
     ];
 
     protected function configFieldItems(): array

diff --git a/src/Http/Controllers/CP/Collections/EntriesController.php b/src/Http/Controllers/CP/Collections/EntriesController.php
@@ -127,6 +127,7 @@ public function edit(Request $request, $collection, $entry)
             'preloadedAssets' => $this->extractAssetsFromValues($values),
             'revisionsEnabled' => $entry->revisionsEnabled(),
             'breadcrumbs' => $this->breadcrumbs($collection),
+            'canManagePublishState' => User::current()->can('publish', $entry),
         ];
 
         if ($request->wantsJson()) {
@@ -189,7 +190,7 @@ public function update(Request $request, $collection, $entry)
                 ->user(User::current())
                 ->save();
         } else {
-            if (! $entry->revisionsEnabled()) {
+            if (! $entry->revisionsEnabled() && User::current()->can('publish', $entry)) {
                 $entry->published($request->published);
             }
 
@@ -254,6 +255,7 @@ public function create(Request $request, $collection, $site)
             })->all(),
             'revisionsEnabled' => $collection->revisionsEnabled(),
             'breadcrumbs' => $this->breadcrumbs($collection),
+            'canManagePublishState' => User::current()->can('publish '.$collection->handle().' entries'),
         ];
 
         if ($request->wantsJson()) {

diff --git a/tests/Feature/Entries/StoreEntryTest.php b/tests/Feature/Entries/StoreEntryTest.php
@@ -114,6 +114,14 @@ public function validation_error_returns_back()
         $this->assertCount(0, Entry::all());
     }
 
+    /** @test */
+    public function user_without_permission_to_manage_publish_state_cannot_change_publish_status()
+    {
+        // when revisions are disabled
+
+        $this->markTestIncomplete();
+    }
+
     private function store($payload)
     {
         return $this->post(cp_route('collections.entries.store', ['blog', 'en']), $payload);

diff --git a/tests/Feature/Entries/UpdateEntryTest.php b/tests/Feature/Entries/UpdateEntryTest.php
@@ -177,6 +177,14 @@ public function validation_error_returns_back()
         ], $entry->data());
     }
 
+    /** @test */
+    public function user_without_permission_to_manage_publish_state_cannot_change_publish_status()
+    {
+        // when revisions are disabled
+
+        $this->markTestIncomplete();
+    }
+
     private function save($entry, $payload)
     {
         return $this->patch($entry->updateUrl(), $payload);