bookstack/app/Auth/Permissions/PermissionsRepo.php

<?php namespace BookStack\Auth\Permissions;

use BookStack\Auth\Permissions;
use BookStack\Auth\Role;
use BookStack\Exceptions\PermissionsException;

class PermissionsRepo
{

    protected $permission;
    protected $role;
    protected $permissionService;

    protected $systemRoles = ['admin', 'public'];

    /**
     * PermissionsRepo constructor.
     * @param RolePermission $permission
     * @param Role $role
     * @param \BookStack\Auth\Permissions\PermissionService $permissionService
     */
    public function __construct(RolePermission $permission, Role $role, Permissions\PermissionService $permissionService)
    {
        $this->permission = $permission;
        $this->role = $role;
        $this->permissionService = $permissionService;
    }

    /**
     * Get all the user roles from the system.
     * @return \Illuminate\Database\Eloquent\Collection|static[]
     */
    public function getAllRoles()
    {
        return $this->role->all();
    }

    /**
     * Get all the roles except for the provided one.
     * @param Role $role
     * @return mixed
     */
    public function getAllRolesExcept(Role $role)
    {
        return $this->role->where('id', '!=', $role->id)->get();
    }

    /**
     * Get a role via its ID.
     * @param $id
     * @return mixed
     */
    public function getRoleById($id)
    {
        return $this->role->findOrFail($id);
    }

    /**
     * Save a new role into the system.
     * @param array $roleData
     * @return Role
     */
    public function saveNewRole($roleData)
    {
        $role = $this->role->newInstance($roleData);
        $role->name = str_replace(' ', '-', strtolower($roleData['display_name']));
        // Prevent duplicate names
        while ($this->role->where('name', '=', $role->name)->count() > 0) {
            $role->name .= strtolower(str_random(2));
        }
        $role->save();

        $permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];
        $this->assignRolePermissions($role, $permissions);
        $this->permissionService->buildJointPermissionForRole($role);
        return $role;
    }

    /**
     * Updates an existing role.
     * Ensure Admin role always have core permissions.
     * @param $roleId
     * @param $roleData
     * @throws PermissionsException
     */
    public function updateRole($roleId, $roleData)
    {
        $role = $this->role->findOrFail($roleId);

        $permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];
        if ($role->system_name === 'admin') {
            $permissions = array_merge($permissions, [
                'users-manage',
                'user-roles-manage',
                'restrictions-manage-all',
                'restrictions-manage-own',
                'settings-manage',
            ]);
        }

        $this->assignRolePermissions($role, $permissions);

        $role->fill($roleData);
        $role->save();
        $this->permissionService->buildJointPermissionForRole($role);
    }

    /**
     * Assign an list of permission names to an role.
     * @param Role $role
     * @param array $permissionNameArray
     */
    public function assignRolePermissions(Role $role, $permissionNameArray = [])
    {
        $permissions = [];
        $permissionNameArray = array_values($permissionNameArray);
        if ($permissionNameArray && count($permissionNameArray) > 0) {
            $permissions = $this->permission->whereIn('name', $permissionNameArray)->pluck('id')->toArray();
        }
        $role->permissions()->sync($permissions);
    }

    /**
     * Delete a role from the system.
     * Check it's not an admin role or set as default before deleting.
     * If an migration Role ID is specified the users assign to the current role
     * will be added to the role of the specified id.
     * @param $roleId
     * @param $migrateRoleId
     * @throws PermissionsException
     */
    public function deleteRole($roleId, $migrateRoleId)
    {
        $role = $this->role->findOrFail($roleId);

        // Prevent deleting admin role or default registration role.
        if ($role->system_name && in_array($role->system_name, $this->systemRoles)) {
            throw new PermissionsException(trans('errors.role_system_cannot_be_deleted'));
        } else if ($role->id == setting('registration-role')) {
            throw new PermissionsException(trans('errors.role_registration_default_cannot_delete'));
        }

        if ($migrateRoleId) {
            $newRole = $this->role->find($migrateRoleId);
            if ($newRole) {
                $users = $role->users->pluck('id')->toArray();
                $newRole->users()->sync($users);
            }
        }

        $this->permissionService->deleteJointPermissionsForRole($role);
        $role->delete();
    }
}
Re-structured the app code to be feature based rather than code type based 2018-09-25 19:30:50 +08:00			`<?php namespace BookStack\Auth\Permissions;`
Refactored some permission controls and increased testing for roles system 2016-03-03 06:35:01 +08:00
Re-structured the app code to be feature based rather than code type based 2018-09-25 19:30:50 +08:00			`use BookStack\Auth\Permissions;`
			`use BookStack\Auth\Role;`
Fleshed out entity provided and optimized imports 2018-09-25 23:58:03 +08:00			`use BookStack\Exceptions\PermissionsException;`
Refactored some permission controls and increased testing for roles system 2016-03-03 06:35:01 +08:00
			`class PermissionsRepo`
			`{`

			`protected $permission;`
			`protected $role;`
Major permission naming refactor and database migration cleanup 2016-05-02 04:20:50 +08:00			`protected $permissionService;`
Refactored some permission controls and increased testing for roles system 2016-03-03 06:35:01 +08:00
Added hidden public role to fit with new permissions system 2016-05-02 02:36:53 +08:00			`protected $systemRoles = ['admin', 'public'];`

Refactored some permission controls and increased testing for roles system 2016-03-03 06:35:01 +08:00			`/**`
			`* PermissionsRepo constructor.`
Major permission naming refactor and database migration cleanup 2016-05-02 04:20:50 +08:00			`* @param RolePermission $permission`
Rolled out new permissions system throughout application 2016-04-24 23:54:20 +08:00			`* @param Role $role`
Re-structured the app code to be feature based rather than code type based 2018-09-25 19:30:50 +08:00			`* @param \BookStack\Auth\Permissions\PermissionService $permissionService`
Refactored some permission controls and increased testing for roles system 2016-03-03 06:35:01 +08:00			`*/`
Re-structured the app code to be feature based rather than code type based 2018-09-25 19:30:50 +08:00			`public function __construct(RolePermission $permission, Role $role, Permissions\PermissionService $permissionService)`
Refactored some permission controls and increased testing for roles system 2016-03-03 06:35:01 +08:00			`{`
			`$this->permission = $permission;`
			`$this->role = $role;`
Major permission naming refactor and database migration cleanup 2016-05-02 04:20:50 +08:00			`$this->permissionService = $permissionService;`
Refactored some permission controls and increased testing for roles system 2016-03-03 06:35:01 +08:00			`}`

			`/**`
			`* Get all the user roles from the system.`
			`* @return \Illuminate\Database\Eloquent\Collection\|static[]`
			`*/`
			`public function getAllRoles()`
			`{`
Started work on making the public role/user configurable Create a new 'public' guest user and made the public role visible on role setting screens. 2016-09-29 19:43:46 +08:00			`return $this->role->all();`
Refactored some permission controls and increased testing for roles system 2016-03-03 06:35:01 +08:00			`}`

			`/**`
			`* Get all the roles except for the provided one.`
			`* @param Role $role`
			`* @return mixed`
			`*/`
			`public function getAllRolesExcept(Role $role)`
			`{`
Started work on making the public role/user configurable Create a new 'public' guest user and made the public role visible on role setting screens. 2016-09-29 19:43:46 +08:00			`return $this->role->where('id', '!=', $role->id)->get();`
Refactored some permission controls and increased testing for roles system 2016-03-03 06:35:01 +08:00			`}`

			`/**`
			`* Get a role via its ID.`
			`* @param $id`
			`* @return mixed`
			`*/`
			`public function getRoleById($id)`
			`{`
			`return $this->role->findOrFail($id);`
			`}`

			`/**`
			`* Save a new role into the system.`
			`* @param array $roleData`
			`* @return Role`
			`*/`
			`public function saveNewRole($roleData)`
			`{`
			`$role = $this->role->newInstance($roleData);`
			`$role->name = str_replace(' ', '-', strtolower($roleData['display_name']));`
			`// Prevent duplicate names`
			`while ($this->role->where('name', '=', $role->name)->count() > 0) {`
			`$role->name .= strtolower(str_random(2));`
			`}`
			`$role->save();`

			`$permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];`
			`$this->assignRolePermissions($role, $permissions);`
Major permission naming refactor and database migration cleanup 2016-05-02 04:20:50 +08:00			`$this->permissionService->buildJointPermissionForRole($role);`
Refactored some permission controls and increased testing for roles system 2016-03-03 06:35:01 +08:00			`return $role;`
			`}`

			`/**`
			`* Updates an existing role.`
Updated so permission effect admins more Asset permissions can now be configured for admins. joint_permissions will now effect admins more often. Made so shelves header link will hide if you have no bookshelves view permission. 2018-09-21 02:48:08 +08:00			`* Ensure Admin role always have core permissions.`
Refactored some permission controls and increased testing for roles system 2016-03-03 06:35:01 +08:00			`* @param $roleId`
			`* @param $roleData`
Added hidden public role to fit with new permissions system 2016-05-02 02:36:53 +08:00			`* @throws PermissionsException`
Refactored some permission controls and increased testing for roles system 2016-03-03 06:35:01 +08:00			`*/`
			`public function updateRole($roleId, $roleData)`
			`{`
			`$role = $this->role->findOrFail($roleId);`
Added hidden public role to fit with new permissions system 2016-05-02 02:36:53 +08:00
Refactored some permission controls and increased testing for roles system 2016-03-03 06:35:01 +08:00			`$permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];`
Fixed role 'manage own permissions' permission 2017-01-22 20:16:02 +08:00			`if ($role->system_name === 'admin') {`
Updated so permission effect admins more Asset permissions can now be configured for admins. joint_permissions will now effect admins more often. Made so shelves header link will hide if you have no bookshelves view permission. 2018-09-21 02:48:08 +08:00			`$permissions = array_merge($permissions, [`
			`'users-manage',`
			`'user-roles-manage',`
			`'restrictions-manage-all',`
			`'restrictions-manage-own',`
			`'settings-manage',`
			`]);`
Refactored some permission controls and increased testing for roles system 2016-03-03 06:35:01 +08:00			`}`

Updated so permission effect admins more Asset permissions can now be configured for admins. joint_permissions will now effect admins more often. Made so shelves header link will hide if you have no bookshelves view permission. 2018-09-21 02:48:08 +08:00			`$this->assignRolePermissions($role, $permissions);`

Refactored some permission controls and increased testing for roles system 2016-03-03 06:35:01 +08:00			`$role->fill($roleData);`
			`$role->save();`
Major permission naming refactor and database migration cleanup 2016-05-02 04:20:50 +08:00			`$this->permissionService->buildJointPermissionForRole($role);`
Refactored some permission controls and increased testing for roles system 2016-03-03 06:35:01 +08:00			`}`

			`/**`
			`* Assign an list of permission names to an role.`
			`* @param Role $role`
			`* @param array $permissionNameArray`
			`*/`
			`public function assignRolePermissions(Role $role, $permissionNameArray = [])`
			`{`
			`$permissions = [];`
Added a whole load of permission & role tests 2016-03-05 20:09:09 +08:00			`$permissionNameArray = array_values($permissionNameArray);`
Refactored some permission controls and increased testing for roles system 2016-03-03 06:35:01 +08:00			`if ($permissionNameArray && count($permissionNameArray) > 0) {`
			`$permissions = $this->permission->whereIn('name', $permissionNameArray)->pluck('id')->toArray();`
			`}`
			`$role->permissions()->sync($permissions);`
			`}`

			`/**`
			`* Delete a role from the system.`
			`* Check it's not an admin role or set as default before deleting.`
			`* If an migration Role ID is specified the users assign to the current role`
			`* will be added to the role of the specified id.`
			`* @param $roleId`
			`* @param $migrateRoleId`
			`* @throws PermissionsException`
			`*/`
			`public function deleteRole($roleId, $migrateRoleId)`
			`{`
			`$role = $this->role->findOrFail($roleId);`

			`// Prevent deleting admin role or default registration role.`
Added hidden public role to fit with new permissions system 2016-05-02 02:36:53 +08:00			`if ($role->system_name && in_array($role->system_name, $this->systemRoles)) {`
Extracted text from logic files 2016-12-05 00:51:39 +08:00			`throw new PermissionsException(trans('errors.role_system_cannot_be_deleted'));`
Added settings helper and formatted code in some files 2016-03-06 20:55:08 +08:00			`} else if ($role->id == setting('registration-role')) {`
Extracted text from logic files 2016-12-05 00:51:39 +08:00			`throw new PermissionsException(trans('errors.role_registration_default_cannot_delete'));`
Refactored some permission controls and increased testing for roles system 2016-03-03 06:35:01 +08:00			`}`

			`if ($migrateRoleId) {`
			`$newRole = $this->role->find($migrateRoleId);`
			`if ($newRole) {`
			`$users = $role->users->pluck('id')->toArray();`
			`$newRole->users()->sync($users);`
			`}`
			`}`

Major permission naming refactor and database migration cleanup 2016-05-02 04:20:50 +08:00			`$this->permissionService->deleteJointPermissionsForRole($role);`
Refactored some permission controls and increased testing for roles system 2016-03-03 06:35:01 +08:00			`$role->delete();`
			`}`
Set /app PHP code to PSR-2 standard Also adde draw.io to attribution list. Closes #649 2018-01-29 00:58:52 +08:00			`}`