[ taoItems_actions_ItemContent::class => [ 'viewAsset' => [ TaoItemsRoles::ITEM_CLASS_NAVIGATOR => ActionAccessControl::DENY, ], 'previewAsset' => [ TaoItemsRoles::ITEM_CLASS_NAVIGATOR => ActionAccessControl::DENY, ], 'downloadAsset' => [ TaoItemsRoles::ITEM_CLASS_NAVIGATOR => ActionAccessControl::DENY, ], 'uploadAsset' => [ TaoItemsRoles::ITEM_CLASS_NAVIGATOR => ActionAccessControl::DENY, ], 'deleteAsset' => [ TaoItemsRoles::ITEM_CLASS_NAVIGATOR => ActionAccessControl::DENY, ], ], ], ]; private const REVOKE_CONFIG = [ SetRolesAccess::CONFIG_PERMISSIONS => [ taoItems_actions_ItemContent::class => [ 'files' => [ TaoItemsRoles::ITEM_CLASS_NAVIGATOR => ActionAccessControl::DENY, ], 'delete' => [ TaoItemsRoles::ITEM_CLASS_NAVIGATOR => ActionAccessControl::DENY, ], 'upload' => [ TaoItemsRoles::ITEM_CLASS_NAVIGATOR => ActionAccessControl::DENY, ], ], ], ]; public function getDescription(): string { return 'Configure asset permissions for Item Content creator role.'; } public function up(Schema $schema): void { OntologyUpdater::syncModels(); $setRolesAccess = $this->propagate(new SetRolesAccess()); $setRolesAccess([ '--' . SetRolesAccess::OPTION_REVOKE, '--' . SetRolesAccess::OPTION_CONFIG, self::REVOKE_CONFIG, ]); $setRolesAccess = $this->propagate(new SetRolesAccess()); $setRolesAccess([ '--' . SetRolesAccess::OPTION_CONFIG, self::CONFIG, ]); } public function down(Schema $schema): void { $setRolesAccess = $this->propagate(new SetRolesAccess()); $setRolesAccess([ '--' . SetRolesAccess::OPTION_REVOKE, '--' . SetRolesAccess::OPTION_CONFIG, self::CONFIG, ]); $setRolesAccess = $this->propagate(new SetRolesAccess()); $setRolesAccess([ '--' . SetRolesAccess::OPTION_CONFIG, self::REVOKE_CONFIG, ]); } }