WIP adjustments for #5132

see 916e510
neos · Oct 31, 2024 · 0e00dfa · 0e00dfa
1 parent 74dd00b
commit 0e00dfa
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 4 deletions.
diff --git a/Neos.Neos/Classes/Domain/Model/WorkspacePermissions.php b/Neos.Neos/Classes/Domain/Model/WorkspacePermissions.php
@@ -47,4 +47,9 @@ public static function all(): self
     {
         return new self(true, true, true);
     }
+
+    public static function none(): self
+    {
+        return new self(false, false, false);
+    }
 }
diff --git a/Neos.Neos/Classes/Domain/Service/WorkspaceService.php b/Neos.Neos/Classes/Domain/Service/WorkspaceService.php
@@ -302,19 +302,30 @@ public function getWorkspacePermissionsForUser(ContentRepositoryId $contentRepos
         } catch (NoSuchRoleException $e) {
             throw new \RuntimeException(sprintf('Failed to determine roles for user "%s", check your package dependencies: %s', $user->getId()->value, $e->getMessage()), 1727084881, $e);
         }
+
+        $userIsAdministrator = in_array('Neos.Neos:Administrator', $userRoles, true);
+
+        if ($userIsAdministrator) {
+            return WorkspacePermissions::all();
+        }
+
         $workspaceMetadata = $this->loadWorkspaceMetadata($contentRepositoryId, $workspaceName);
-        if ($workspaceMetadata !== null && $workspaceMetadata->ownerUserId !== null && $workspaceMetadata->ownerUserId->equals($user->getId())) {
+        $userIsOwner = $workspaceMetadata !== null && $workspaceMetadata->ownerUserId !== null && $workspaceMetadata->ownerUserId->equals($user->getId());
+
+        if ($userIsOwner) {
             return WorkspacePermissions::all();
         }
+
         $userWorkspaceRole = $this->loadWorkspaceRoleOfUser($contentRepositoryId, $workspaceName, $user->getId(), $userRoles);
-        $userIsAdministrator = in_array('Neos.Neos:Administrator', $userRoles, true);
+
         if ($userWorkspaceRole === null) {
-            return WorkspacePermissions::create(false, false, $userIsAdministrator);
+            return WorkspacePermissions::none();
         }
+
         return WorkspacePermissions::create(
             read: $userWorkspaceRole->isAtLeast(WorkspaceRole::COLLABORATOR),
             write: $userWorkspaceRole->isAtLeast(WorkspaceRole::COLLABORATOR),
-            manage: $userIsAdministrator || $userWorkspaceRole->isAtLeast(WorkspaceRole::MANAGER),
+            manage: $userWorkspaceRole->isAtLeast(WorkspaceRole::MANAGER),
         );
     }