From ae04101bb027d1f5112ac089be51911c097141c2 Mon Sep 17 00:00:00 2001
From: Gabriel Felipe Soares <gabrielfs7@gmail.com>
Date: Thu, 19 Oct 2023 16:03:14 +0200
Subject: [PATCH] feat: create new command to change all permissions

---
 model/Command/ChangeAccessCommand.php | 94 +++++++++++++++++++++++++++
 model/Command/RevokeAccessCommand.php | 71 --------------------
 model/DataBaseAccess.php              | 94 +++++++++++++--------------
 model/PermissionProvider.php          |  5 ++
 4 files changed, 144 insertions(+), 120 deletions(-)
 create mode 100644 model/Command/ChangeAccessCommand.php
 delete mode 100644 model/Command/RevokeAccessCommand.php

diff --git a/model/Command/ChangeAccessCommand.php b/model/Command/ChangeAccessCommand.php
new file mode 100644
index 0000000..ecf485c
--- /dev/null
+++ b/model/Command/ChangeAccessCommand.php
@@ -0,0 +1,94 @@
+<?php
+
+/**
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; under version 2
+ * of the License (non-upgradable).
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * Copyright (c) 2023 (original work) Open Assessment Technologies SA.
+ */
+
+declare(strict_types=1);
+
+namespace oat\taoDacSimple\model\Command;
+
+class ChangeAccessCommand
+{
+    /**
+     * An array in the form ['resourceId' => ['userId1', 'userId2']]
+     *
+     * @var string[][]
+     */
+    private array $removeAccessMap = [];
+
+    /**
+     * An array in the form ['resourceId' [ 'READ' => ['userId1', 'userId2']]]
+     *
+     * @var string[][][]
+     */
+    private array $giveAccessMap = [];
+
+    public function __construct() {
+    }
+
+    public function revokeResourceForUser(string $resourceId, string $userId): void
+    {
+        $this->removeAccessMap[$resourceId] = $this->removeAccessMap[$resourceId] ?? [];
+        $this->removeAccessMap[$resourceId] = array_unique(array_merge($this->removeAccessMap[$resourceId], [$userId]));
+    }
+
+    public function cancelRevokeResourceForUser(string $resourceId, string $userId): void
+    {
+        $this->removeAccessMap[$resourceId] = $this->removeAccessMap[$resourceId] ?? [];
+
+        $key = array_search($userId, $this->removeAccessMap[$resourceId]);
+
+        if ($key === false) {
+            return;
+        }
+
+        unset($this->removeAccessMap[$resourceId][$key]);
+    }
+
+    public function getResourceIdsToRevoke(): array
+    {
+        return array_keys($this->removeAccessMap);
+    }
+
+    public function getUserIdsToRevoke(string $resourceId): array
+    {
+        return $this->removeAccessMap[$resourceId] ?? [];
+    }
+
+    public function grantResourceForUser(string $resourceId, string $permission, string $userId): void
+    {
+        $this->giveAccessMap[$resourceId] = $this->giveAccessMap[$resourceId] ?? [];
+        $this->giveAccessMap[$resourceId][$permission] = $this->giveAccessMap[$resourceId][$permission] ?? [];
+        $this->giveAccessMap[$resourceId][$permission] = array_unique(
+            array_merge(
+                $this->giveAccessMap[$resourceId][$permission],
+                [$userId]
+            )
+        );
+    }
+
+    public function getResourceIdsToGrant(): array
+    {
+        return array_keys($this->giveAccessMap);
+    }
+
+    public function getUserIdsToGrant(string $resourceId, string $permission): array
+    {
+        return $this->giveAccessMap[$resourceId][$permission] ?? [];
+    }
+}
diff --git a/model/Command/RevokeAccessCommand.php b/model/Command/RevokeAccessCommand.php
deleted file mode 100644
index 5eadc8c..0000000
--- a/model/Command/RevokeAccessCommand.php
+++ /dev/null
@@ -1,71 +0,0 @@
-<?php
-
-/**
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; under version 2
- * of the License (non-upgradable).
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- *
- * Copyright (c) 2023 (original work) Open Assessment Technologies SA.
- */
-
-declare(strict_types=1);
-
-namespace oat\taoDacSimple\model\Command;
-
-use core_kernel_classes_Resource;
-
-class RevokeAccessCommand
-{
-    private core_kernel_classes_Resource $root;
-
-    private string $masterRequest;
-
-    /**
-     * An array in the form ['resourceId' => ['userId1', 'userId2']]
-     *
-     * @var string[][]
-     */
-    private array $resourceMap = [];
-
-    public function __construct() {
-    }
-
-    public function revokeResourceForUser(string $resourceId, string $userId): void
-    {
-        $this->resourceMap[$resourceId] = $this->resourceMap[$resourceId] ?? [];
-        $this->resourceMap[$resourceId] = array_unique(array_merge($this->resourceMap[$resourceId], [$userId]));
-    }
-
-    public function cancelRevokeResourceForUser(string $resourceId, string $userId): void
-    {
-        $this->resourceMap[$resourceId] = $this->resourceMap[$resourceId] ?? [];
-
-        $key = array_search($userId, $this->resourceMap[$resourceId]);
-
-        if ($key === false) {
-            return;
-        }
-
-        unset($this->resourceMap[$resourceId][$key]);
-    }
-
-    public function getResourceIdsToRevoke(): array
-    {
-        return array_keys($this->resourceMap);
-    }
-
-    public function getUserIdsToRevoke(string $resourceId): array
-    {
-        return $this->resourceMap[$resourceId] ?? [];
-    }
-}
diff --git a/model/DataBaseAccess.php b/model/DataBaseAccess.php
index 08a0cf7..a4e5817 100644
--- a/model/DataBaseAccess.php
+++ b/model/DataBaseAccess.php
@@ -23,7 +23,7 @@
 use common_persistence_SqlPersistence;
 use oat\oatbox\event\EventManager;
 use oat\oatbox\service\ConfigurableService;
-use oat\taoDacSimple\model\Command\RevokeAccessCommand;
+use oat\taoDacSimple\model\Command\ChangeAccessCommand;
 use oat\taoDacSimple\model\event\DacAddedEvent;
 use oat\taoDacSimple\model\event\DacRemovedEvent;
 use oat\generis\persistence\PersistenceManager;
@@ -185,67 +185,63 @@ public function changeResourcePermissions(array $resources): void
         }
     }
 
-    public function addReadAccess(array $addAccessList): bool
+    public function changeAccess(ChangeAccessCommand $command): bool
     {
-        //@TODO Use proper object in the command instead of an array
-        if (empty($addAccessList)) {
-            return true;
-        }
+        $resourceIds = $command->getResourceIdsToGrant();
 
-        $values = [];
+        if (!empty($resourceIds)) {
+            $values = [];
 
-        try {
-            foreach ($addAccessList as $resourceId => $usersIds) {
-                foreach ($usersIds as $userId) {
-                    $values[] = [
-                        'user_id' => $userId,
-                        'resource_id' => $resourceId,
-                        'privilege' => PermissionProvider::PERMISSION_READ
-                    ];
+            try {
+                foreach ($resourceIds as $resourceId) {
+                    foreach (PermissionProvider::ALLOWED_PERMISSIONS as $permission) {
+                        $usersIds = $command->getUserIdsToGrant($resourceId, $permission);
+
+                        foreach ($usersIds as $userId) {
+                            $values[] = [
+                                'user_id' => $userId,
+                                'resource_id' => $resourceId,
+                                'privilege' => $permission,
+                            ];
+                        }
+                    }
                 }
-            }
 
-            $this->insertPermissions($values);
+                $this->insertPermissions($values);
+            } catch (Throwable $exception) {
+                $this->logError('Error when adding permission access: ' . $exception->getMessage());
 
-            return true;
-        } catch (Throwable $exception) {
-            $this->logError('Error when adding READ access: ' . $exception->getMessage());
-
-            return false;
+                return false;
+            }
         }
-    }
 
-    public function revokeAccess(RevokeAccessCommand $revokeAccess): bool
-    {
-        $resourceIds = $revokeAccess->getResourceIdsToRevoke();
+        $resourceIds = $command->getResourceIdsToRevoke();
 
-        if (empty($resourceIds)) {
-            return true;
-        }
-
-        $persistence = $this->getPersistence();
+        if (!empty($resourceIds)) {
+            $persistence = $this->getPersistence();
 
-        try {
-            $persistence->transactional(static function () use ($resourceIds, $revokeAccess, $persistence): void {
-                foreach ($resourceIds as $resourceId) {
-                    $usersIds = $revokeAccess->getUserIdsToRevoke($resourceId);
-
-                    $persistence->exec(
-                        sprintf(
-                            'DELETE FROM data_privileges WHERE resource_id = ? AND user_id IN (%s)',
-                            implode(',', array_fill(0, count($usersIds), ' ? '))
-                        ),
-                        array_merge([$resourceId], array_values($usersIds))
-                    );
-                }
-            });
+            try {
+                $persistence->transactional(static function () use ($resourceIds, $command, $persistence): void {
+                    foreach ($resourceIds as $resourceId) {
+                        $usersIds = $command->getUserIdsToRevoke($resourceId);
 
-            return true;
-        } catch (Throwable $exception) {
-            $this->logError('Error when revoking access: ' . $exception->getMessage());
+                        $persistence->exec(
+                            sprintf(
+                                'DELETE FROM data_privileges WHERE resource_id = ? AND user_id IN (%s)',
+                                implode(',', array_fill(0, count($usersIds), ' ? '))
+                            ),
+                            array_merge([$resourceId], array_values($usersIds))
+                        );
+                    }
+                });
+            } catch (Throwable $exception) {
+                $this->logError('Error when revoking access: ' . $exception->getMessage());
 
-            return false;
+                return false;
+            }
         }
+
+        return true;
     }
 
     /**
diff --git a/model/PermissionProvider.php b/model/PermissionProvider.php
index caab914..eb131c0 100644
--- a/model/PermissionProvider.php
+++ b/model/PermissionProvider.php
@@ -48,6 +48,11 @@ class PermissionProvider extends ConfigurableService implements PermissionInterf
     public const PERMISSION_GRANT = 'GRANT';
     public const PERMISSION_READ = 'READ';
     public const PERMISSION_WRITE = 'WRITE';
+    public const ALLOWED_PERMISSIONS = [
+        PermissionProvider::PERMISSION_READ,
+        PermissionProvider::PERMISSION_GRANT,
+        PermissionProvider::PERMISSION_WRITE,
+    ];
 
     /**
      * (non-PHPdoc)