[ taoItems_actions_ItemContent::class => [ 'viewAsset' => [ TaoAssetRoles::ASSET_CLASS_NAVIGATOR => ActionAccessControl::DENY, TaoAssetRoles::ASSET_VIEWER => ActionAccessControl::READ, ], ], ], ]; private const REVOKE_CONFIG = [ SetRolesAccess::CONFIG_PERMISSIONS => [ taoItems_actions_ItemContent::class => [ 'files' => [ TaoAssetRoles::ASSET_CLASS_NAVIGATOR => ActionAccessControl::DENY, TaoAssetRoles::ASSET_PREVIEWER => ActionAccessControl::READ, ], 'delete' => [ TaoAssetRoles::ASSET_CLASS_NAVIGATOR => ActionAccessControl::DENY, TaoAssetRoles::ASSET_DELETER => ActionAccessControl::WRITE, ], 'upload' => [ TaoAssetRoles::ASSET_CLASS_NAVIGATOR => ActionAccessControl::DENY, TaoAssetRoles::ASSET_RESOURCE_CREATOR => ActionAccessControl::WRITE, ], ], ], ]; public function getDescription(): string { return 'Configure Asset Content Creator role and remove old permissions.'; } public function up(Schema $schema): void { OntologyUpdater::syncModels(); $setRolesAccess = $this->propagate(new SetRolesAccess()); $setRolesAccess([ '--' . SetRolesAccess::OPTION_REVOKE, '--' . SetRolesAccess::OPTION_CONFIG, self::REVOKE_CONFIG, ]); $setRolesAccess = $this->propagate(new SetRolesAccess()); $setRolesAccess([ '--' . SetRolesAccess::OPTION_CONFIG, self::CONFIG, ]); } public function down(Schema $schema): void { $setRolesAccess = $this->propagate(new SetRolesAccess()); $setRolesAccess([ '--' . SetRolesAccess::OPTION_REVOKE, '--' . SetRolesAccess::OPTION_CONFIG, self::CONFIG, ]); $setRolesAccess = $this->propagate(new SetRolesAccess()); $setRolesAccess([ '--' . SetRolesAccess::OPTION_CONFIG, self::REVOKE_CONFIG, ]); } }