diff --git a/docs/auth_actions.md b/docs/auth_actions.md index d1ab92938..0e38dfe67 100644 --- a/docs/auth_actions.md +++ b/docs/auth_actions.md @@ -2,8 +2,10 @@ - [Authentication Actions](#authentication-actions) - [Configuring Actions](#configuring-actions) + - [Cancel Actions For Custom Cases](#cancel-actions-for-custom-cases) - [Defining New Actions](#defining-new-actions) + Authentication Actions are a way to group actions that can happen after login or registration. Shield ships with two actions you can use, and makes it simple for you to define your own. @@ -55,6 +57,23 @@ Views for all of these pages are defined in the `Auth` config file, with the `$v ]; ``` +## Cancel Actions For Custom Cases + +By default, if the actions are set with the `$actions` variable, Actions will be applied regardless of the limit. +If you need actions cancel for custom cases, you can complete the following cases. + +```php +public array $cancelActions = [ + 'groups' => ['superadmin', 'admin'], + 'permissions' => ['users.create', 'users.edit'], + 'usersId' => null, +]; +``` + +In the above example, given that the groups value and permissions are set, if the target user +has one of the `superadmin` or `admin` groups, or one of the permissions `users.create` or `users.edit`, +The actions is not executed for him. + ## Defining New Actions While the provided email-based activation and 2FA will work for many sites, others will have different diff --git a/src/Authentication/Authenticators/Session.php b/src/Authentication/Authenticators/Session.php index 5f91f4c3e..54956ae74 100644 --- a/src/Authentication/Authenticators/Session.php +++ b/src/Authentication/Authenticators/Session.php @@ -156,6 +156,30 @@ public function startUpAction(string $type, User $user): bool return false; } + $hasCancelAction = setting('Auth.cancelActions')['groups'] !== null + || setting('Auth.cancelActions')['permissions'] !== null + || setting('Auth.cancelActions')['usersId'] !== null; + + if ($hasCancelAction) { + $userPermissions = $user->getPermissions(); + $userGroups = $user->getGroups(); + $userId = (array) $user->id; + + $currentUserInfo = array_merge($userPermissions, $userGroups, $userId); + + $casesforCancelAction = array_merge( + setting('Auth.cancelActions')['groups'] ?? [], + setting('Auth.cancelActions')['permissions'] ?? [], + setting('Auth.cancelActions')['usersId'] ?? [], + ); + + foreach ($casesforCancelAction as $casesCancel) { + if (in_array($casesCancel, $currentUserInfo, true)) { + return false; + } + } + } + $action = Factories::actions($actionClass); // @phpstan-ignore-line // Create identity for the action. diff --git a/src/Config/Auth.php b/src/Config/Auth.php index bae29f048..1cfa977ff 100644 --- a/src/Config/Auth.php +++ b/src/Config/Auth.php @@ -65,6 +65,30 @@ class Auth extends BaseConfig 'register' => null, ]; + /** + * -------------------------------------------------------------------- + * Cancel Authentication Actions For Custom Cases + * -------------------------------------------------------------------- + * By default, if the actions are set, they will be applied regardless of the limit. + * If you need actions cancel for custom cases,you can complete the following cases. + * + * Method of set values: + * - groups: ['superadmin', 'admin'], + * - permissions: ['users.create'], + * - usersId: ['1','2','3'], + * + * Example: + * If set this, actions not applay for users have groups "superadmin" or "admin" + * - groups: ['superadmin', 'admin'], + * + * @var array + */ + public array $cancelActions = [ + 'groups' => ['superadmin', 'staff'], + 'permissions' => null, + 'usersId' => null, + ]; + /** * -------------------------------------------------------------------- * Authenticators