Fix EZP-25280: ParentDepth Limitation fails on content creation

bin/.travis/prepare_unittest.sh

@@ -35,7 +35,7 @@ COMPOSER_UPDATE=""
 # solr package search API integration tests
 if [ "$TEST_CONFIG" = "phpunit-integration-legacy-solr.xml" ] ; then
     echo "> Require ezsystems/ezplatform-solr-search-engine:dev-master"
-    composer require --no-update ezsystems/ezplatform-solr-search-engine:dev-master
+    composer require --no-update ezsystems/ezplatform-solr-search-engine:^1.0.0@dev
     COMPOSER_UPDATE="true"
 fi
 

eZ/Publish/API/Repository/Tests/Values/User/Limitation/ParentDepthLimitationTest.php

@@ -29,8 +29,10 @@ class ParentDepthLimitationTest extends BaseLimitationTest
      *
      * @see \eZ\Publish\API\Repository\Values\User\Limitation\ContentTypeLimitation
      * @see \eZ\Publish\API\Repository\Values\User\Limitation\ParentDepthLimitation
+     *
+     * @expectedException \eZ\Publish\API\Repository\Exceptions\UnauthorizedException
      */
-    public function testParentDepthLimitationAllow()
+    public function testParentDepthLimitationForbid()
     {
         $repository = $this->getRepository();
 
@@ -45,7 +47,7 @@ public function testParentDepthLimitationAllow()
         $policyCreate = $roleService->newPolicyCreateStruct('content', 'create');
         $policyCreate->addLimitation(
             new ParentDepthLimitation(
-                array('limitationValues' => array(2))
+                array('limitationValues' => array(3))
             )
         );
         $policyCreate->addLimitation(
@@ -74,9 +76,8 @@ public function testParentDepthLimitationAllow()
      *
      * @see \eZ\Publish\API\Repository\Values\User\Limitation\ContentTypeLimitation
      * @see \eZ\Publish\API\Repository\Values\User\Limitation\ParentDepthLimitation
-     * @expectedException \eZ\Publish\API\Repository\Exceptions\UnauthorizedException
      */
-    public function testParentDepthLimitationForbid()
+    public function testParentDepthLimitationAllow()
     {
         $repository = $this->getRepository();
 
@@ -91,7 +92,7 @@ public function testParentDepthLimitationForbid()
         $policyCreate = $roleService->newPolicyCreateStruct('content', 'create');
         $policyCreate->addLimitation(
             new ParentDepthLimitation(
-                array('limitationValues' => array(1, 3, 4))
+                array('limitationValues' => array(1, 2, 3, 4))
             )
         );
         $policyCreate->addLimitation(
@@ -109,4 +110,50 @@ public function testParentDepthLimitationForbid()
         $this->createWikiPageDraft();
         /* END: Use Case */
     }
+
+    /**
+     * Tests a combination of ParentDepthLimitation and ContentTypeLimitation.
+     *
+     * @depends testParentDepthLimitationAllow
+     *
+     * @see \eZ\Publish\API\Repository\Values\User\Limitation\ContentTypeLimitation
+     * @see \eZ\Publish\API\Repository\Values\User\Limitation\ParentDepthLimitation
+     */
+    public function testParentDepthLimitationAllowPublish()
+    {
+        $repository = $this->getRepository();
+
+        $contentTypeId = $this->generateId('contentType', 22);
+        /* BEGIN: Use Case */
+        $user = $this->createUserVersion1();
+
+        $roleService = $repository->getRoleService();
+
+        $role = $roleService->loadRoleByIdentifier('Editor');
+
+        $policyCreate = $roleService->newPolicyCreateStruct('content', 'create');
+        $policyCreate->addLimitation(
+            new ParentDepthLimitation(
+                array('limitationValues' => array(1, 2, 3, 4))
+            )
+        );
+        $policyCreate->addLimitation(
+            new ContentTypeLimitation(
+                array('limitationValues' => array($contentTypeId))
+            )
+        );
+
+        $role = $roleService->addPolicy($role, $policyCreate);
+
+        $roleService->assignRoleToUser($role, $user);
+
+        $repository->setCurrentUser($user);
+
+        $draft = $this->createWikiPageDraft();
+
+        $contentService = $repository->getContentService();
+
+        $content = $contentService->publishVersion($draft->versionInfo);
+        /* END: Use Case */
+    }
 }

eZ/Publish/Core/Limitation/ParentDepthLimitationType.php

@@ -12,8 +12,12 @@
 
 use eZ\Publish\API\Repository\Values\ValueObject;
 use eZ\Publish\API\Repository\Values\User\UserReference as APIUserReference;
+use eZ\Publish\API\Repository\Values\Content\Content;
+use eZ\Publish\API\Repository\Values\Content\ContentCreateStruct;
+use eZ\Publish\API\Repository\Values\Content\ContentInfo;
 use eZ\Publish\API\Repository\Values\Content\Location;
 use eZ\Publish\API\Repository\Values\Content\LocationCreateStruct;
+use eZ\Publish\API\Repository\Values\Content\VersionInfo;
 use eZ\Publish\Core\Base\Exceptions\InvalidArgumentException;
 use eZ\Publish\Core\Base\Exceptions\InvalidArgumentType;
 use eZ\Publish\API\Repository\Values\User\Limitation\ParentDepthLimitation as APIParentDepthLimitation;
@@ -102,23 +106,84 @@ public function evaluate(APILimitationValue $value, APIUserReference $currentUse
             throw new InvalidArgumentException('$value', 'Must be of type: APIParentDepthLimitation');
         }
 
-        // Parent Limitations are usually used by content/create where target is specified, so we return false if not provided.
+        if ($object instanceof ContentCreateStruct) {
+            return $this->evaluateForContentCreateStruct($value, $targets);
+        } elseif ($object instanceof Content) {
+            $object = $object->getVersionInfo()->getContentInfo();
+        } elseif ($object instanceof VersionInfo) {
+            $object = $object->getContentInfo();
+        } elseif (!$object instanceof ContentInfo) {
+            throw new InvalidArgumentException(
+                '$object',
+                'Must be of type: ContentCreateStruct, Content, VersionInfo or ContentInfo'
+            );
+        }
+
+        // Load locations if no specific placement was provided
+        if (empty($targets)) {
+            if ($object->published) {
+                $targets = $this->persistence->locationHandler()->loadLocationsByContent($object->id);
+            } else {
+                // @todo Need support for draft locations to to work correctly
+                $targets = $this->persistence->locationHandler()->loadParentLocationsForDraftContent($object->id);
+            }
+        }
+
+        // Parent Limitations are usually used by content/create where target is specified,
+        // so we return false if not provided.
         if (empty($targets)) {
             return false;
         }
 
         foreach ($targets as $target) {
-            if ($target instanceof LocationCreateStruct) {
-                $depth = $this->persistence->locationHandler()->load($target->parentLocationId)->depth;
-            } elseif ($target instanceof Location || $target instanceof SPILocation) {
+            if ($target instanceof Location || $target instanceof SPILocation) {
                 $depth = $target->depth;
             } else {
                 throw new InvalidArgumentException(
                     '$targets',
-                    'Must contain objects of type: Location or LocationCreateStruct'
+                    'Must contain objects of type: Location'
+                );
+            }
+
+            // All placements must match
+            if (!in_array($depth, $value->limitationValues)) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    /**
+     * Evaluate permissions for ContentCreateStruct against LocationCreateStruct placements.
+     *
+     * @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException If $targets does not contain
+     *         objects of type LocationCreateStruct
+     *
+     * @param \eZ\Publish\API\Repository\Values\User\Limitation $value
+     * @param array|null $targets
+     *
+     * @return bool
+     */
+    protected function evaluateForContentCreateStruct(APILimitationValue $value, array $targets = null)
+    {
+        // If targets is empty/null return false as user does not have access
+        // to content w/o location with this limitation
+        if (empty($targets)) {
+            return false;
+        }
+
+        foreach ($targets as $target) {
+            if (!$target instanceof LocationCreateStruct) {
+                throw new InvalidArgumentException(
+                    '$targets',
+                    'If $object is ContentCreateStruct must contain objects of type: LocationCreateStruct'
                 );
             }
 
+            $depth = $this->persistence->locationHandler()->load($target->parentLocationId)->depth;
+
+            // All placements must match
             if (!in_array($depth, $value->limitationValues)) {
                 return false;
             }