Issues-108

Author: atelomycterus

config/vanilla/bootstrap.before.php

@@ -372,19 +372,24 @@ function checkGroupPermission($groupID,$permission = null, $fullMatch = true) {
    }
 }
 
-if(!function_exists('updateTopcoderRolePermissions')) {
+if(!function_exists('updateRolePermissions')) {
 
-    function updateTopcoderRolePermissions($topcoderRoles)  {
+    /**
+     * Update role permissions
+     * @param $roleType
+     * @param $roles
+     */
+    function updateRolePermissions($roleType, $roles)  {
         $RoleModel = new RoleModel();
         $PermissionModel = new PermissionModel();
-        // Configure default permission for Topcoder roles
-        $allRoles = $RoleModel->getByType(RoleModel::TYPE_TOPCODER)->resultArray();
+        // Configure default permission for roles
+        $allRoles = $RoleModel->getByType($roleType)->resultArray();
         foreach ($allRoles as $role) {
             $allPermissions = $PermissionModel->getRolePermissions($role['RoleID']);
             foreach ($allPermissions as $permission) {
                 $roleName = $role['Name'];
-                if (array_key_exists($roleName, $topcoderRoles)) {
-                    $globalRolePermissions = $topcoderRoles[$roleName];
+                if (array_key_exists($roleName, $roles)) {
+                    $globalRolePermissions = $roles[$roleName];
                     foreach ($globalRolePermissions as $key => $value) {
                         $permission[$key] = $globalRolePermissions[$key];
                     }
@@ -393,5 +398,4 @@ function updateTopcoderRolePermissions($topcoderRoles)  {
             }
         }
     }
-
 }

config/vanilla/bootstrap.late.php

@@ -22,7 +22,11 @@
         'Groups.EmailInvitations.Add',
         'Groups.Group.Archive']);
 
-   // TODO: need to be sure that all roles and permissions haven't be changed manually in prod/dev
-    updateTopcoderRolePermissions(RoleModel::TOPCODER_ROLES);
-   // updateTopcoderRolePermissions(RoleModel::TOPCODER_PROJECT_ROLES);
+    updateRolePermissions(RoleModel::TYPE_GUEST, RoleModel::VANILLA_GUEST_ROLES);
+
+   // TODO: Role permission might be configured manually in the env
+   // Before uncommenting the next lines:
+   // Check all roles in the env and update all role permissions in RoleModel
+   // updateRolePermissions(RoleModel::TYPE_TOPCODER, RoleModel::TOPCODER_ROLES);
+   // updateTopcoderRolePermissions(RoleModel::TYPE_TOPCODER,RoleModel::TOPCODER_PROJECT_ROLES);
 }

vanilla/applications/dashboard/models/class.rolemodel.php

@@ -66,6 +66,7 @@ class RoleModel extends Gdn_Model {
         'Groups.Category.Manage' => 1,
         'Groups.Group.Delete' => 1,
         'Groups.Group.Edit' => 1,
+        'Groups.Group.Archive' => 1,
         'Garden.Uploads.Add' => 1,
         'Vanilla.Tagging.Add' => 1,
         'Conversations.Moderation.Manage' => 1,
@@ -83,17 +84,82 @@ class RoleModel extends Gdn_Model {
         'Vanilla.Comments.Edit' => 1,
         'Vanilla.Comments.Delete' => 1,
         'Plugins.Attachments.Upload.Allow' => 1,
-        'Groups.Group.Archive' => 1
+    ];
+
+    const GUEST_PERMISSIONS = [
+        'Garden.Email.View' => 0,
+        'Garden.Settings.Manage' => 0,
+        'Garden.Settings.View' => 0,
+        'Garden.SignIn.Allow' => 0,
+        'Garden.Users.Add' => 0,
+        'Garden.Users.Edit' => 0,
+        'Garden.Users.Delete' => 0,
+        'Garden.Users.Approve' => 0,
+        'Garden.Activity.Delete' => 0,
+        'Garden.Activity.View' => 0,
+        'Garden.Profiles.View' => 0,
+        'Garden.Profiles.Edit' => 0,
+        'Garden.Curation.Manage' => 0,
+        'Garden.Moderation.Manage' => 0,
+        'Garden.PersonalInfo.View' => 0,
+        'Garden.AdvancedNotifications.Allow' => 0,
+        'Garden.Community.Manage' => 0,
+        'Garden.Tokens.Add' => 0,
+        'Groups.Group.Add' => 0,
+        'Groups.Moderation.Manage' => 0,
+        'Groups.EmailInvitations.Add'  => 0,
+        'Groups.Category.Manage' => 0,
+        'Groups.Group.Delete' => 0,
+        'Groups.Group.Edit' => 0,
+        'Groups.Group.Archive' => 0,
+        'Garden.Uploads.Add' => 0,
+        'Vanilla.Tagging.Add' => 0,
+        'Conversations.Moderation.Manage' => 0,
+        'Conversations.Conversations.Add'=> 0,
+        'Vanilla.Approval.Require' => 1, //
+        'Vanilla.Comments.Me' => 0,
+        'Vanilla.Discussions.View' => 0,
+        'Vanilla.Discussions.Add' => 0,
+        'Vanilla.Discussions.Edit' => 0,
+        'Vanilla.Discussions.Announce' => 0,
+        'Vanilla.Discussions.Sink' => 0,
+        'Vanilla.Discussions.Close' => 0,
+        'Vanilla.Discussions.Delete' => 0,
+        'Vanilla.Comments.Add' => 0,
+        'Vanilla.Comments.Edit' => 0,
+        'Vanilla.Comments.Delete' => 0,
+        'Plugins.Attachments.Upload.Allow' => 0
+    ];
 
+    const VANILLA_GUEST_ROLES = [
+      'Guest' => self::GUEST_PERMISSIONS //The default Vanilla role for Guests
     ];
+
     const TOPCODER_ROLES = [
         'administrator' => self::ALL_VANILLA_PERMISSIONS,
-        'Connect Manager' => [],
+        'Connect Manager' => [
+            'Groups.Category.Manage' => 1,
+        ],
         'Connect Account Manager' => [],
         'Connect Copilot' => [
            'Groups.Category.Manage' => 1,
            'Groups.Moderation.Manage' => 1,
-           'Groups.EmailInvitations.Add' => 1
+           'Groups.EmailInvitations.Add' => 1,
+           'Groups.Category.Manage' => 1,
+           'Groups.Moderation.Manage' => 1,
+           'Groups.EmailInvitations.Add' => 1,
+           'Garden.Uploads.Add' => 1,
+           'Plugins.Attachments.Upload.Allow' => 1,
+           'Vanilla.Discussions.View' => 1,
+           'Vanilla.Discussions.Add' => 1,
+           'Vanilla.Discussions.Edit' => 1,
+           'Vanilla.Discussions.Announce' => 1,
+           'Vanilla.Discussions.Sink' => 1,
+           'Vanilla.Discussions.Close' => 0,
+           'Vanilla.Discussions.Delete' => 1,
+           'Vanilla.Comments.Add' => 1,
+           'Vanilla.Comments.Edit' => 0,
+           'Vanilla.Comments.Delete' => 1,
         ],
         'Connect Admin' => self::ALL_VANILLA_PERMISSIONS,
         'Connect Copilot Manager' => [
@@ -119,7 +185,16 @@ class RoleModel extends Gdn_Model {
         'copilot' =>  [
             'Groups.Category.Manage' => 1,
             'Groups.Moderation.Manage' => 1,
-            'Groups.EmailInvitations.Add' => 1
+            'Groups.EmailInvitations.Add' => 1,
+            'Garden.Uploads.Add' => 1,
+            'Plugins.Attachments.Upload.Allow' => 1,
+            'Vanilla.Discussions.View' => 1,
+            'Vanilla.Discussions.Add' => 1,
+            'Vanilla.Discussions.Edit' => 1,
+            'Vanilla.Discussions.Announce' => 1,
+            'Vanilla.Discussions.Sink' => 0,
+            'Vanilla.Discussions.Close' => 1,
+            'Vanilla.Discussions.Delete' => 1,
         ],
         'customer' => [],
         'observer'=> [],