Internal: Fixtures: default new settings_current to access_url_locked=1 - refs #6207

Author: christianbeeznest

src/CoreBundle/DataFixtures/SettingsCurrentFixtures.php

@@ -13,20 +13,78 @@
 
 class SettingsCurrentFixtures extends Fixture implements FixtureGroupInterface
 {
+ /**
+ * Settings candidates that must be locked at URL-level (access_url_locked = 1),
+ * based on the task list.
+ */
+ private const ACCESS_URL_LOCKED_YES = [
+ 'permissions_for_new_directories',
+ 'permissions_for_new_files',
+ 'course_creation_form_set_extra_fields_mandatory',
+ 'access_url_specific_files',
+ 'cron_remind_course_finished_activate',
+ 'cron_remind_course_expiration_frequency',
+ 'cron_remind_course_expiration_activate',
+ 'donotlistcampus',
+ 'server_type',
+ 'chamilo_database_version',
+ 'unoconv_binaries',
+ 'session_admin_access_to_all_users_on_all_urls',
+ 'split_users_upload_directory',
+ 'multiple_url_hide_disabled_settings',
+ 'login_is_email',
+ 'proxy_settings',
+ 'login_max_attempt_before_blocking_account',
+ 'permanently_remove_deleted_files',
+ 'allow_use_sub_language',
+ ];
+
+ /**
+ * Settings candidates explicitly mentioned as "no" in the task list.
+ * We set them to access_url_locked = 0, but only for this candidate list.
+ */
+ private const ACCESS_URL_LOCKED_NO = [
+ 'drh_allow_access_to_all_students',
+ 'ticket_allow_category_edition',
+ 'max_anonymous_users',
+ 'enable_x_sendfile_headers',
+ 'mailer_dsn',
+ 'allow_send_message_to_all_platform_users',
+ 'message_max_upload_filesize',
+ 'use_custom_pages',
+ 'security_strict_transport',
+ 'security_content_policy',
+ 'security_content_policy_report_only',
+ 'security_public_key_pins',
+ 'security_public_key_pins_report_only',
+ 'security_x_frame_options',
+ 'security_xss_protection',
+ 'security_x_content_type_options',
+ 'security_referrer_policy',
+ 'security_session_cookie_samesite_none',
+ 'allow_session_admins_to_manage_all_sessions',
+ 'prevent_session_admins_to_manage_all_users',
+ 'session_admins_edit_courses_content',
+ 'assignment_base_course_teacher_access_to_all_session',
+ ];
+
  public static function getGroups(): array
  {
  return ['settings-update'];
  }
 
  public function load(ObjectManager $manager): void
  {
+ $repo = $manager->getRepository(SettingsCurrent::class);
+
  $existingSettings = $this->flattenConfigurationSettings(self::getExistingSettings());
  $newConfigurationSettings = $this->flattenConfigurationSettings(self::getNewConfigurationSettings());
 
  $allConfigurations = array_merge($existingSettings, $newConfigurationSettings);
 
+ // Keep current behavior: update title/comment from configuration arrays.
  foreach ($allConfigurations as $settingData) {
- $setting = $manager->getRepository(SettingsCurrent::class)->findOneBy(['variable' => $settingData['name']]);
+ $setting = $repo->findOneBy(['variable' => $settingData['name']]);
 
  if (!$setting) {
  continue;
@@ -38,6 +96,34 @@ public function load(ObjectManager $manager): void
  $manager->persist($setting);
  }
 
+ // Reset all task candidates to access_url_locked = 0 (deterministic baseline).
+ $candidates = array_values(array_unique(array_merge(
+ self::ACCESS_URL_LOCKED_YES,
+ self::ACCESS_URL_LOCKED_NO
+ )));
+
+ /** @var SettingsCurrent[] $candidateSettings */
+ $candidateSettings = $repo->findBy(['variable' => $candidates]);
+
+ // Index by variable to avoid extra queries.
+ $byVariable = [];
+ foreach ($candidateSettings as $setting) {
+ $byVariable[$setting->getVariable()] = $setting;
+
+ $setting->setAccessUrlLocked(0);
+ $manager->persist($setting);
+ }
+
+ // Apply access_url_locked = 1 for the explicit YES list.
+ foreach (self::ACCESS_URL_LOCKED_YES as $variable) {
+ if (!isset($byVariable[$variable])) {
+ continue;
+ }
+
+ $byVariable[$variable]->setAccessUrlLocked(1);
+ $manager->persist($byVariable[$variable]);
+ }
+
  $manager->flush();
  }