Add more granular notes add/delete permissions

Tam · Tam · commit 327abb2e2da9 · 2020-11-20T09:06:48.000Z
Closes #1
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,4 +1,7 @@
 ## [Unreleased] 1.0.3
+### Added
+- Add more granular notes add/delete permissions (Closes #1)
+
 ### Fixed
 - Fix note meta only returning full name if user has one when adding notes (Fixes #2)
 
diff --git a/src/Field.php b/src/Field.php
@@ -21,11 +21,21 @@
 class Field extends \craft\base\Field
 {
 
+	const ADD_ANY = 'addAny';
+	const ADD_PERMISSION = 'addPermission';
+	const ADD_NONE = 'addNone';
+	const DELETE_ANY = 'deleteAny';
+	const DELETE_PERMISSION = 'deletePermission';
+	const DELETE_NONE = 'deleteNone';
+
 	public static $table = '{{%notes}}';
 	public static $dateFormat = 'M j, Y g:ia';
 
-	/** @var bool Will allow the deleting of notes if true */
-	public $allowDeleting = false;
+	/** @var bool|string Manage who can add notes */
+	public $allowAdding = self::ADD_PERMISSION;
+
+	/** @var bool|string Manage who can delete notes */
+	public $allowDeleting = self::DELETE_PERMISSION;
 
 	public static function displayName (): string
 	{
@@ -58,8 +68,16 @@ public function normalizeValue ($value, ElementInterface $element = null)
 
 	public function getSettingsHtml ()
 	{
+		// 1.0.2 back-compat
+		$allowDeleting = $this->allowDeleting;
+		if ($allowDeleting === true) $allowDeleting = self::DELETE_ANY;
+		elseif ($allowDeleting === false) $allowDeleting = self::DELETE_NONE;
+
 		return Craft::$app->getView()->renderTemplate('notes/settings', [
-			'allowDeleting' => $this->allowDeleting,
+			'allowAdding' => $this->allowAdding,
+			'allowDeleting' => $allowDeleting,
+			'addOpts' => self::_addOpts(),
+			'deleteOpts' => self::_deleteOpts(),
 		]);
 	}
 
@@ -75,8 +93,64 @@ protected function inputHtml ($value, ElementInterface $element = null): string
 			'ns' => $this->handle,
 			'element' => $element,
 			'notes' => $value,
-			'allowDeleting' => $this->allowDeleting,
+			'allowAdding' => $this->_canAdd(),
+			'allowDeleting' => $this->_canDelete(),
 		]);
 	}
 
+	// Helpers
+	// =========================================================================
+
+	private static function _addOpts ()
+	{
+		return [
+			self::ADD_ANY => Craft::t('notes', 'All users'),
+			self::ADD_PERMISSION => Craft::t('notes', 'User permission'),
+			self::ADD_NONE => Craft::t('notes', 'Disabled'),
+		];
+	}
+
+	private static function _deleteOpts ()
+	{
+		return [
+			self::DELETE_ANY => Craft::t('notes', 'All users'),
+			self::DELETE_PERMISSION => Craft::t('notes', 'User permission'),
+			self::DELETE_NONE => Craft::t('notes', 'Disabled'),
+		];
+	}
+
+	private function _canAdd ()
+	{
+		switch ($this->allowAdding)
+		{
+			case self::ADD_PERMISSION:
+				return Craft::$app->user->checkPermission('addNotes');
+			case self::ADD_NONE:
+				return false;
+			default:
+			case self::ADD_ANY:
+				return true;
+		}
+	}
+
+	private function _canDelete ()
+	{
+		$user = Craft::$app->getUser();
+
+		switch ($this->allowDeleting)
+		{
+			case self::DELETE_PERMISSION:
+				return $user->checkPermission('deleteAllNotes')
+					? true
+					: $user->checkPermission('deleteOwnNotes')
+						? 'own'
+						: false;
+			case self::DELETE_NONE:
+				return false;
+			default:
+			case self::DELETE_ANY:
+				return true;
+		}
+	}
+
 }
diff --git a/src/Notes.php b/src/Notes.php
@@ -8,9 +8,12 @@
 
 namespace ether\notes;
 
+use Craft;
 use craft\base\Plugin;
 use craft\events\RegisterComponentTypesEvent;
+use craft\events\RegisterUserPermissionsEvent;
 use craft\services\Fields;
+use craft\services\UserPermissions;
 use yii\base\Event;
 
 /**
@@ -36,11 +39,32 @@ public function init ()
 			Fields::EVENT_REGISTER_FIELD_TYPES,
 			[$this, 'onRegisterFieldTypes']
 		);
+
+		Event::on(
+			UserPermissions::class,
+			UserPermissions::EVENT_REGISTER_PERMISSIONS,
+			[$this, 'onRegisterPermissions']
+		);
 	}
 
 	public function onRegisterFieldTypes (RegisterComponentTypesEvent $event)
 	{
 		$event->types[] = Field::class;
 	}
 
+	public function onRegisterPermissions (RegisterUserPermissionsEvent $event)
+	{
+		$event->permissions['Notes'] = [
+			'addNotes' => [
+				'label' => Craft::t('notes', 'Add notes'),
+			],
+			'deleteOwnNotes' => [
+				'label' => Craft::t('notes', 'Delete own notes'),
+			],
+			'deleteAllNotes' => [
+				'label' => Craft::t('notes', 'Delete all notes'),
+			],
+		];
+	}
+
 }
diff --git a/src/templates/field.twig b/src/templates/field.twig
@@ -1,18 +1,20 @@
 {% namespace ns %}
-	{% import "_includes/forms" as forms %}
+	{% if allowAdding %}
+		{% import "_includes/forms" as forms %}
 
-	{{ forms.textarea({
-		placeholder: 'Add a note'|t('notes'),
-		class: 'notes-input',
-		id: 'input',
-	})|attr({
-		'oninput': "this.style.height = '';this.style.height = this.scrollHeight + 2 + 'px';",
-	}) }}
+		{{ forms.textarea({
+			placeholder: 'Add a note'|t('notes'),
+			class: 'notes-input',
+			id: 'input',
+		})|attr({
+			'oninput': "this.style.height = '';this.style.height = this.scrollHeight + 2 + 'px';",
+		}) }}
 
-	<div>
-		<button class="btn notes-add" type="button" id="add">+ {{ 'Add Note'|t('notes') }}</button>
-		<div class="spinner hidden" id="spin"></div>
-	</div>
+		<div>
+			<button class="btn notes-add" type="button" id="add">+ {{ 'Add Note'|t('notes') }}</button>
+			<div class="spinner hidden" id="spin"></div>
+		</div>
+	{% endif %}
 
 	<ul class="notes" id="notes">
 		{% for note in notes %}
diff --git a/src/templates/settings.twig b/src/templates/settings.twig
@@ -1,10 +1,18 @@
 {% import '_includes/forms' as forms %}
 
-{{ forms.lightswitchField({
+{{ forms.selectField({
 	first: true,
-	label: 'Allow Deleting'|t('notes'),
-	instructions: 'Allow users to delete notes'|t('notes'),
-	id: 'allowDeleting',
+	label: 'Adding'|t('notes'),
+	instructions: 'Manage who can add notes'|t('notes'),
+	name: 'allowAdding',
+	options: addOpts,
+	value: allowAdding,
+}) }}
+
+{{ forms.selectField({
+	label: 'Deleting'|t('notes'),
+	instructions: 'Manage who can delete notes'|t('notes'),
 	name: 'allowDeleting',
-	on: allowDeleting
+	options: deleteOpts,
+	value: allowDeleting,
 }) }}
diff --git a/src/translations/en/notes.php b/src/translations/en/notes.php
@@ -8,9 +8,19 @@
 
 return [
 	'Notes' => 'Notes',
-	'Allow Deleting' => 'Allow Deleting',
-	'Allow users to delete notes' => 'Allow users to delete notes',
 	'You must save the element before you can add notes!' => 'You must save the element before you can add notes!',
 	'Add a note' => 'Add a note',
 	'Add Note' => 'Add Note',
+	'Add notes' => 'Add notes',
+	'Delete own notes' => 'Delete own notes',
+	'Delete all notes' => 'Delete all notes',
+
+	'All users' => 'All users',
+	'User permission' => 'User permission',
+	'Disabled' => 'Disabled',
+
+	'Adding' => 'Adding',
+	'Deleting' => 'Deleting',
+	'Manage who can add notes' => 'Manage who can add notes',
+	'Manage who can delete notes' => 'Manage who can delete notes',
 ];
diff --git a/src/web/notes.js b/src/web/notes.js
@@ -34,7 +34,7 @@ function NotesField ([ns, siteId, elementId, userId, allowDeleting]) {
 		spin.classList.add('hidden');
 	};
 
-	input.addEventListener('keydown', e => {
+	input && input.addEventListener('keydown', e => {
 		if (!(e.key === 'Enter' && e.metaKey)) return;
 		save();
 	});
@@ -43,7 +43,7 @@ function NotesField ([ns, siteId, elementId, userId, allowDeleting]) {
 		a.addEventListener('click', NotesField.delete);
 	});
 
-	add.addEventListener('click', save);
+	add && add.addEventListener('click', save);
 }
 
 NotesField.delete = async e => {
