From fa937816458d4c1d8b8f9146d0bb45df8cc14871 Mon Sep 17 00:00:00 2001
From: Luke Towers <luke@luketowers.ca>
Date: Tue, 15 Oct 2019 17:37:59 -0600
Subject: [PATCH] Added ability to filter down the permissions presented by the
 PermissionEditor

You can now specify an array of "availablePermissions" to the PermissionEditor FormWidget that it will use to further down the list of permissions that are up for managment by the current user.
---
 .../backend/formwidgets/PermissionEditor.php  | 22 ++++++++++++++-----
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/modules/backend/formwidgets/PermissionEditor.php b/modules/backend/formwidgets/PermissionEditor.php
index 72842a811..be7c81acb 100644
--- a/modules/backend/formwidgets/PermissionEditor.php
+++ b/modules/backend/formwidgets/PermissionEditor.php
@@ -23,6 +23,10 @@ use BackendAuth;
  *      1: Explicitly allow the permission
  *      -1: Explicitly deny the permission
  *
+ * Available permissions can be defined in the form of an array of permission codes to allow:
+ * NOTE: Users are still not allowed to modify permissions that they themselves do not have access to
+ *     availablePermissions: ['some.author.permission', 'some.other.permission', 'etc.some.system.permission']
+ *
  * @package october\backend
  * @author Alexey Bobkov, Samuel Georges
  */
@@ -35,13 +39,19 @@ class PermissionEditor extends FormWidgetBase
      */
     public $mode = 'radio';
 
+    /**
+     * @var array Permission codes to allow to be interacted with through this widget
+     */
+    public $availablePermissions;
+
     /**
      * @inheritDoc
      */
     public function init()
     {
         $this->fillFromConfig([
-            'mode'
+            'mode',
+            'availablePermissions',
         ]);
 
         $this->user = BackendAuth::getUser();
@@ -137,13 +147,13 @@ class PermissionEditor extends FormWidgetBase
     {
         $permissions = BackendAuth::listTabbedPermissions();
 
-        if ($this->user->isSuperUser()) {
-            return $permissions;
-        }
-
         foreach ($permissions as $tab => $permissionsArray) {
             foreach ($permissionsArray as $index => $permission) {
-                if (!$this->user->hasAccess($permission->code)) {
+                if (!$this->user->hasAccess($permission->code) ||
+                    (
+                        is_array($this->availablePermissions) &&
+                        !in_array($permission->code, $this->availablePermissions)
+                    )) {
                     unset($permissionsArray[$index]);
                 }
             }