Merge pull request #5290 from neos/bugfix/4726-fix-workspace-permissi…

…ons-for-workspaces-without-metadata BUGFIX: Fix admin workspace permissions for workspaces without metadata
neos · Oct 16, 2024 · 595d4ee · 595d4ee
2 parents 263966a + ee1c15c
commit 595d4ee
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 6 deletions.
diff --git a/Neos.Neos/Classes/Command/CrCommandController.php b/Neos.Neos/Classes/Command/CrCommandController.php
@@ -25,6 +25,7 @@
 use Neos\Neos\AssetUsage\AssetUsageService;
 use Neos\Neos\Domain\Model\WorkspaceRole;
 use Neos\Neos\Domain\Model\WorkspaceRoleAssignment;
+use Neos\Neos\Domain\Model\WorkspaceTitle;
 use Neos\Neos\Domain\Service\WorkspaceService;
 use Neos\Utility\Files;
 
@@ -120,6 +121,8 @@ public function importCommand(string $path, string $contentRepository = 'default
         $projectionService->replayAllProjections(CatchUpOptions::create());
 
         $this->outputLine('Assigning live workspace role');
+        // set the live-workspace title to (implicitly) create the metadata record for this workspace
+        $this->workspaceService->setWorkspaceTitle($contentRepositoryId, WorkspaceName::forLive(), WorkspaceTitle::fromString('Live workspace'));
         $this->workspaceService->assignWorkspaceRole($contentRepositoryId, WorkspaceName::forLive(), WorkspaceRoleAssignment::createForGroup('Neos.Neos:LivePublisher', WorkspaceRole::COLLABORATOR));
 
         $this->outputLine('<success>Done</success>');

diff --git a/Neos.Neos/Classes/Domain/Service/WorkspaceService.php b/Neos.Neos/Classes/Domain/Service/WorkspaceService.php
@@ -278,16 +278,12 @@ public function getWorkspacePermissionsForUser(ContentRepositoryId $contentRepos
         } catch (NoSuchRoleException $e) {
             throw new \RuntimeException(sprintf('Failed to determine roles for user "%s", check your package dependencies: %s', $user->getId()->value, $e->getMessage()), 1727084881, $e);
         }
-        $userIsAdministrator = in_array('Neos.Neos:Administrator', $userRoles, true);
         $workspaceMetadata = $this->loadWorkspaceMetadata($contentRepositoryId, $workspaceName);
-        if ($workspaceMetadata === null) {
-            return WorkspacePermissions::create(false, false, $userIsAdministrator);
-        }
-        if ($workspaceMetadata->ownerUserId !== null && $workspaceMetadata->ownerUserId->equals($user->getId())) {
+        if ($workspaceMetadata !== null && $workspaceMetadata->ownerUserId !== null && $workspaceMetadata->ownerUserId->equals($user->getId())) {
             return WorkspacePermissions::all();
         }
-
         $userWorkspaceRole = $this->loadWorkspaceRoleOfUser($contentRepositoryId, $workspaceName, $user->getId(), $userRoles);
+        $userIsAdministrator = in_array('Neos.Neos:Administrator', $userRoles, true);
         if ($userWorkspaceRole === null) {
             return WorkspacePermissions::create(false, false, $userIsAdministrator);
         }

diff --git a/Neos.Neos/Tests/Behavior/Features/ContentRepository/WorkspaceService.feature b/Neos.Neos/Tests/Behavior/Features/ContentRepository/WorkspaceService.feature
@@ -209,3 +209,10 @@ Feature: Neos WorkspaceService related features
     When the role COLLABORATOR is assigned to workspace "some-root-workspace" for group "Neos.Neos:Editor"
     When the role MANAGER is assigned to workspace "some-root-workspace" for user "editor"
     And the Neos user "editor" should have the permissions "read,write,manage" for workspace "some-root-workspace"
+
+  Scenario: Permissions for workspace without metadata
+    Given a root workspace "some-root-workspace" exists without metadata
+    When the role COLLABORATOR is assigned to workspace "some-root-workspace" for user "janedoe"
+    Then the Neos user "jane.doe" should have the permissions "read,write,manage" for workspace "some-root-workspace"
+    And the Neos user "john.doe" should have no permissions for workspace "some-root-workspace"
+    And the Neos user "editor" should have no permissions for workspace "some-root-workspace"