modxcms · opengeek · Jul 5, 2024 · May 8, 2024 · May 8, 2024 · Jul 5, 2024
@@ -563,15 +563,30 @@ a.x-grid-link:focus {
 }
 
 .x-editable-column {
-  cursor: pointer;
-  &:hover,
-  &:focus {
-    color: $colorSplash;
-    > div::after {
-      @include awesome-font;
-      content: fa-content($fa-var-pen);
-      margin: 0 0.5em;
+  cursor: default;
+  &:not(.editor-disabled) {
+    cursor: pointer;
+    &:hover,
+    &:focus {
       color: $colorSplash;
+      > div {
+        &::after {
+            @include awesome-font;
+            content: fa-content($fa-var-pen);
+            margin: 0 0.5em;
+            color: $colorSplash;
+        }
+      }
+    }
+  }
+  &.locked {
+    cursor: default;
+    &:hover,
+    &:focus {
+      > div::after {
+        content: fa-content($fa-var-lock);
+        color: scale-color($color: $colorSplash, $saturation: -70%, $lightness: 30%);
+      }
     }
   }
 }

@@ -43,11 +43,13 @@
 $_lang['role_err_nf'] = 'Role not found.';
 $_lang['role_err_nfs'] = 'Role not found with id: [[+role]]';
 $_lang['role_err_ns'] = 'Role not specified!';
+$_lang['role_err_ns_authority'] = 'Please specify an authority level for this role.';
 $_lang['role_err_ns_name'] = 'Please specify a name for the role.';
 $_lang['role_err_remove'] = 'An error occurred while trying to delete the role.';
 $_lang['role_err_remove_admin'] = 'The role you are trying to delete is the admin role. This role cannot be deleted!';
 $_lang['role_remove'] = 'Delete Role';
 $_lang['role_remove_confirm'] = 'Are you sure you want to delete this role?';
+$_lang['role_warn_authority_locked'] = 'This Role’s authority can not be changed because this Role is currently assigned to one or more Access Control List entries.';
 $_lang['roles'] = 'Roles';
 $_lang['rrg_drag'] = 'Drag resources into resource groups here.';
 $_lang['ugc_grid_title'] = 'User Group Access to Contexts';

@@ -1,4 +1,5 @@
 <?php
+
 /*
  * This file is part of MODX Revolution.
  *
@@ -10,8 +11,8 @@
 
 namespace MODX\Revolution\Processors\Security\Role;
 
-
 use MODX\Revolution\Processors\Model\GetListProcessor;
+use MODX\Revolution\modUserGroupMember;
 use MODX\Revolution\modUserGroupRole;
 use xPDO\Om\xPDOObject;
 use xPDO\Om\xPDOQuery;
@@ -83,6 +84,18 @@ public function beforeIteration(array $list)
         return $list;
     }
 
+    /**
+     * See if the Role is assigned to any users
+     * @return boolean
+     */
+    public function isAssigned(int $id)
+    {
+        $c = $this->modx->newQuery(modUserGroupMember::class);
+        $c = $c->where(['role' => $id]);
+
+        return $this->modx->getCount(modUserGroupMember::class, $c) > 0;
+    }
+
     /**
      * {@inheritDoc}
      * @param xPDOObject $object
@@ -91,17 +104,21 @@ public function beforeIteration(array $list)
     public function prepareRow(xPDOObject $object)
     {
         $objectArray = $object->toArray();
-        $isCoreRole = $object->get('id') === 1
-            || $object->get('id') === 2
-            || $object->get('name') === 'Super User'
-            || $object->get('name') === 'Member';
+        $objectId = $object->get('id');
+        $roleName = $object->get('name');
+        $isCoreRole = in_array($objectId, [1, 2]) || in_array($roleName, ['Super User', 'Member']);
 
         $perm = [];
         if (!$isCoreRole) {
             $perm[] = 'edit';
+            if ($this->isAssigned($objectId)) {
+                $objectArray['isAssigned'] = 1;
+            }
             if ($this->canRemove) {
                 $perm[] = 'remove';
             }
+        } else {
+            $objectArray['isProtected'] = 1;
         }
         $objectArray['perm'] = implode(' ', $perm);
 

@@ -744,6 +744,71 @@ Ext.extend(MODx.grid.Grid,Ext.grid.EditorGridPanel,{
         return el.dom.outerHTML;
     }
 
+    /**
+     * Deprecated; renamed checkCellIsEditable. Remove in 3.1
+     */
+    ,checkEditable: function(e) {
+        this.checkCellIsEditable(e);
+    }
+
+    /**
+     * Disables cell editor under specified conditions
+     * @param {Object} e - Ext event object containing references to grid, record, field, value, row (index), column (index), and cancel (set true to cancel edit).
+     * @return {Boolean} Return false to cancel or true to commit the edit
+     */
+    ,checkCellIsEditable: function(e) {
+        const permissions = e.record.data.perm || '';
+        if (permissions.indexOf('edit') === -1) {
+            return false;
+        }
+        // Grid-specific conditions
+        switch (e.grid.xtype) {
+            case 'modx-grid-role': {
+                const
+                    isAuthorityField = e.field === 'authority',
+                    roleIsAssigned = e.record.json.isAssigned
+                ;
+                if (roleIsAssigned && isAuthorityField) {
+                    return false;
+                }
+                break;
+            }
+            default:
+        }
+        return true;
+    }
+
+    /**
+     * Add one or more classes to a specific Editor Grid cell, typically to indicate a level of restriction
+     * 
+     * @param {Object} record - The row's data record
+     * @param {Array} lockConditions - A set of one or more Boolean values (or ones that cast correctly to the expected Boolean value) derived from the row record or other values that indicate whether or not the subject cell should be marked as locked
+     * @param {String} lockedClasses - One or more css class names
+     * @param {Boolean} conditionsRequireAll - Whether all passed lockConditions need to evaluate to true to apply the locked class(es)
+     */
+    ,setEditableCellClasses: function(record, lockConditions = [], lockedClasses = 'locked', conditionsRequireAll = true) {
+        const
+            permissions = record.data.perm.trim(),
+            hasEditPermission = permissions.split(' ').includes('edit')
+        ;
+        let
+            classes = '',
+            shouldLock = false
+        ;
+        if (lockConditions.length > 0) {
+            shouldLock = conditionsRequireAll
+                ? lockConditions.every(condition => Boolean(condition) === true)
+                : lockConditions.some(condition => Boolean(condition) === true)
+            ;
+        }
+        if (Ext.isEmpty(permissions)) {
+            classes = 'editor-disabled';
+        } else if (hasEditPermission && shouldLock) {
+            classes = lockedClasses;
+        }
+        return classes;
+    }
+
     /**
      * @property {Function} getLinkTemplate - Adds a link on a grid column's value based on the passed params.
      * Usage of this method is necessary for grouping grids, where usage of renderers on its column model