[ TaoAssetRoles::ASSET_RESOURCE_CREATOR => [ ['ext' => 'taoMediaManager', 'mod' => 'SharedStimulus', 'act' => 'create'], ['ext' => 'taoItems', 'mod' => 'ItemContent', 'act' => 'fileExists'], ['ext' => 'taoItems', 'mod' => 'ItemContent', 'act' => 'upload'], ], TaoAssetRoles::ASSET_IMPORTER => [ ['ext' => 'taoMediaManager', 'mod' => 'MediaImport', 'act' => 'index'], ], TaoAssetRoles::ASSET_DELETER => [ ['ext' => 'taoMediaManager', 'mod' => 'MediaManager', 'act' => 'deleteResource'], ['ext' => 'taoMediaManager', 'mod' => 'MediaManager', 'act' => 'moveInstance'], ['ext' => 'taoItems', 'mod' => 'ItemContent', 'act' => 'delete'], ], ], SetRolesAccess::CONFIG_PERMISSIONS => [ MediaManager::class => [ 'isPreviewEnabled' => [ TaoAssetRoles::ASSET_VIEWER => ActionAccessControl::DENY, TaoAssetRoles::ASSET_PREVIEWER => ActionAccessControl::READ, ], ], MediaImport::class => [ 'editMedia' => [ TaoAssetRoles::ASSET_VIEWER => ActionAccessControl::READ, TaoAssetRoles::ASSET_CONTENT_CREATOR => ActionAccessControl::WRITE, ], ], taoItems_actions_ItemContent::class => [ 'delete' => [ TaoAssetRoles::ASSET_CLASS_NAVIGATOR => ActionAccessControl::DENY, TaoAssetRoles::ASSET_DELETER => ActionAccessControl::WRITE, ], 'upload' => [ TaoAssetRoles::ASSET_CLASS_NAVIGATOR => ActionAccessControl::DENY, TaoAssetRoles::ASSET_RESOURCE_CREATOR => ActionAccessControl::WRITE, ], ], ], ]; public function getDescription(): string { return 'Create new asset management roles and assign permissions to them'; } public function up(Schema $schema): void { OntologyUpdater::syncModels(); $setRolesAccess = $this->propagate(new SetRolesAccess()); $setRolesAccess([ '--' . SetRolesAccess::OPTION_CONFIG, self::CONFIG, ]); } public function down(Schema $schema): void { $setRolesAccess = $this->propagate(new SetRolesAccess()); $setRolesAccess([ '--' . SetRolesAccess::OPTION_REVOKE, '--' . SetRolesAccess::OPTION_CONFIG, self::CONFIG, ]); } }