Skip to content

fix(manager): scope trash and deleted counts to listable contexts#16938

Open
Ibochkarev wants to merge 2 commits intomodxcms:3.xfrom
Ibochkarev:fix/trash-listable-contexts
Open

fix(manager): scope trash and deleted counts to listable contexts#16938
Ibochkarev wants to merge 2 commits intomodxcms:3.xfrom
Ibochkarev:fix/trash-listable-contexts

Conversation

@Ibochkarev
Copy link
Copy Markdown
Collaborator

@Ibochkarev Ibochkarev commented Mar 28, 2026
edited
Loading

What does it do?

  • Introduces modX::isContextListableByCurrentUser(string $contextKey): bool and modX::countDeletedResourcesInListableContexts(): int, aligned with the resource tree rule (context list policy via modContext::checkPolicy('list')).
  • Applies that rule across trash-related processors (Trash/GetList, Trash/Purge, Trash/Restore), EmptyRecycleBin, and the manager toolbar deleted-resource counter (GetToolbar).
  • Replaces fragile getContext()-only checks and removed TODOs in trash listing with the shared helper; tightens purge permission logging (save_ok / delete_ok).
  • Adds PHPUnit coverage in modXTest for the new APIs and for consistency between the single-query counter and a per-context sum.

Why is it needed?

Users who cannot list a context in the manager should not see deleted-resource counts, trash rows, or be able to purge/restore/empty the bin for resources in contexts they are not allowed to list—reducing information disclosure and keeping behavior consistent with the resource tree.

How to test

  • Run the model tests, e.g. modXTest (or the project’s usual PHPUnit entry for _build/test).
  • In the manager, as a user with access to only some contexts: confirm the trash grid, purge/restore/empty actions, and the deleted-resources toolbar count only reflect listable contexts.

Related issue(s)/PR(s)

Resolves #13491

@Ibochkarev
fix(manager): scope trash and deleted counts to listable contexts
180d4fc 
Add isContextListableByCurrentUser() and countDeletedResourcesInListableContexts()
on modX. Use the same rule as the resource tree (context list policy) for trash
processors, empty recycle bin, toolbar counter, purge/restore logging and flow.

Includes PHPUnit coverage for the new helpers.
@Ibochkarev
refactor(modX): improve code readability with consistent spacing
b00ae37
@Ibochkarev Ibochkarev marked this pull request as ready for review March 28, 2026 05:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@opengeek opengeek Awaiting requested review from opengeek opengeek is a code owner

@Mark-H Mark-H Awaiting requested review from Mark-H Mark-H is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Purge does not respect access policy #modxbughunt

1 participant

@Ibochkarev