Refactor permission handling in asset folder content preview.

pimcore · Dec 26, 2024 · 4dd1e92 · 4dd1e92
1 parent 01789a3
commit 4dd1e92
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 13 deletions.
diff --git a/src/Controller/Admin/Asset/AssetController.php b/src/Controller/Admin/Asset/AssetController.php
@@ -1658,7 +1658,10 @@ public function imageEditorSaveAction(Request $request): JsonResponse
     /**
      * @Route("/get-folder-content-preview", name="pimcore_admin_asset_getfoldercontentpreview", methods={"GET"})
      */
-    public function getFolderContentPreviewAction(Request $request, EventDispatcherInterface $eventDispatcher): JsonResponse
+    /**
+     * @Route("/get-folder-content-preview", name="pimcore_admin_asset_getfoldercontentpreview", methods={"GET"})
+     */
+    public function getFolderContentPreviewAction(Request $request, EventDispatcherInterface $eventDispatcher, GridHelperService $gridHelperService): JsonResponse
     {
         $allParams = array_merge($request->request->all(), $request->query->all());
 
@@ -1685,18 +1688,10 @@ public function getFolderContentPreviewAction(Request $request, EventDispatcherI
         $list = new Asset\Listing();
         $conditionFilters[] = '`path` LIKE ' . ($folder->getRealFullPath() == '/' ? "'/%'" : $list->quote(Helper::escapeLike($folder->getRealFullPath()) . '/%')) . " AND `type` != 'folder'";
 
-        if (!$this->getAdminUser()->isAdmin()) {
-            $userIds = $this->getAdminUser()->getRoles();
-            $currentUserId = $this->getAdminUser()->getId();
-            $userIds[] = $currentUserId;
-
-            $inheritedPermission = $folder->getDao()->isInheritingPermission('list', $userIds);
-
-            $anyAllowedRowOrChildren = 'EXISTS(SELECT list FROM users_workspaces_asset uwa WHERE userId IN (' . implode(',', $userIds) . ') AND list=1 AND LOCATE(CONCAT(`path`,filename),cpath)=1 AND
-            NOT EXISTS(SELECT list FROM users_workspaces_asset WHERE userId =' . $currentUserId . '  AND list=0 AND cpath = uwa.cpath))';
-            $isDisallowedCurrentRow = 'EXISTS(SELECT list FROM users_workspaces_asset WHERE userId IN (' . implode(',', $userIds) . ')  AND cid = id AND list=0)';
+        $adminUser = $this->getAdminUser();
 
-            $conditionFilters[] = 'IF(' . $anyAllowedRowOrChildren . ',1,IF(' . $inheritedPermission . ', ' . $isDisallowedCurrentRow . ' = 0, 0)) = 1';
+        if (!$adminUser->isAdmin()) {
+            $conditionFilters[] = $gridHelperService->getPermittedPathsByUser('asset', $adminUser);
         }
 
         $condition = implode(' AND ', $conditionFilters);

diff --git a/src/Helper/GridHelperService.php b/src/Helper/GridHelperService.php
@@ -976,7 +976,7 @@ private function optimizedConcatNotLike(
      *
      * @internal
      */
-    protected function getPermittedPathsByUser(string $type, User $user): string
+    public function getPermittedPathsByUser(string $type, User $user): string
     {
         $allowedTypes = [];