Started creation of intermediate permission table
This commit is contained in:
Dan Brown
parent
043cdeafb3
commit
ea287ebf86
|
|
@ -0,0 +1,28 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace BookStack;
|
||||||
|
|
||||||
|
use Illuminate\Database\Eloquent\Model;
|
||||||
|
|
||||||
|
class EntityPermission extends Model
|
||||||
|
{
|
||||||
|
public $timestamps = false;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the role that this points to.
|
||||||
|
* @return \Illuminate\Database\Eloquent\Relations\BelongsTo
|
||||||
|
*/
|
||||||
|
public function role()
|
||||||
|
{
|
||||||
|
return $this->belongsTo(Role::class);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the entity this points to.
|
||||||
|
* @return \Illuminate\Database\Eloquent\Relations\MorphOne
|
||||||
|
*/
|
||||||
|
public function entity()
|
||||||
|
{
|
||||||
|
return $this->morphOne(Entity::class, 'entity');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -1,6 +1,13 @@
|
||||||
<?php namespace BookStack\Services;
|
<?php namespace BookStack\Services;
|
||||||
|
|
||||||
|
use BookStack\Book;
|
||||||
|
use BookStack\Chapter;
|
||||||
use BookStack\Entity;
|
use BookStack\Entity;
|
||||||
|
use BookStack\EntityPermission;
|
||||||
|
use BookStack\Page;
|
||||||
|
use BookStack\Permission;
|
||||||
|
use BookStack\Role;
|
||||||
|
use Illuminate\Database\Eloquent\Collection;
|
||||||
|
|
||||||
class RestrictionService
|
class RestrictionService
|
||||||
{
|
{
|
||||||
|
|
@ -10,14 +17,84 @@ class RestrictionService
|
||||||
protected $currentAction;
|
protected $currentAction;
|
||||||
protected $currentUser;
|
protected $currentUser;
|
||||||
|
|
||||||
|
public $book;
|
||||||
|
public $chapter;
|
||||||
|
public $page;
|
||||||
|
|
||||||
|
protected $entityPermission;
|
||||||
|
protected $role;
|
||||||
|
protected $permission;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* RestrictionService constructor.
|
* RestrictionService constructor.
|
||||||
|
* @param EntityPermission $entityPermission
|
||||||
|
* @param Book $book
|
||||||
|
* @param Chapter $chapter
|
||||||
|
* @param Page $page
|
||||||
|
* @param Role $role
|
||||||
|
* @param Permission $permission
|
||||||
*/
|
*/
|
||||||
public function __construct()
|
public function __construct(EntityPermission $entityPermission, Book $book, Chapter $chapter, Page $page, Role $role, Permission $permission)
|
||||||
{
|
{
|
||||||
$this->currentUser = auth()->user();
|
$this->currentUser = auth()->user();
|
||||||
$this->userRoles = $this->currentUser ? $this->currentUser->roles->pluck('id') : [];
|
$this->userRoles = $this->currentUser ? $this->currentUser->roles->pluck('id') : [];
|
||||||
$this->isAdmin = $this->currentUser ? $this->currentUser->hasRole('admin') : false;
|
$this->isAdmin = $this->currentUser ? $this->currentUser->hasRole('admin') : false;
|
||||||
|
|
||||||
|
$this->entityPermission = $entityPermission;
|
||||||
|
$this->role = $role;
|
||||||
|
$this->permission = $permission;
|
||||||
|
$this->book = $book;
|
||||||
|
$this->chapter = $chapter;
|
||||||
|
$this->page = $page;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Re-generate all entity permission from scratch.
|
||||||
|
*/
|
||||||
|
public function buildEntityPermissions()
|
||||||
|
{
|
||||||
|
$this->entityPermission->truncate();
|
||||||
|
|
||||||
|
// Get all roles (Should be the most limited dimension)
|
||||||
|
$roles = $this->role->load('permissions')->all();
|
||||||
|
|
||||||
|
// Chunk through all books
|
||||||
|
$this->book->chunk(500, function ($books) use ($roles) {
|
||||||
|
$this->createManyEntityPermissions($books, $roles);
|
||||||
|
});
|
||||||
|
|
||||||
|
// Chunk through all chapters
|
||||||
|
$this->chapter->chunk(500, function ($books) use ($roles) {
|
||||||
|
$this->createManyEntityPermissions($books, $roles);
|
||||||
|
});
|
||||||
|
|
||||||
|
// Chunk through all pages
|
||||||
|
$this->page->chunk(500, function ($books) use ($roles) {
|
||||||
|
$this->createManyEntityPermissions($books, $roles);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create & Save entity permissions for many entities and permissions.
|
||||||
|
* @param Collection $entities
|
||||||
|
* @param Collection $roles
|
||||||
|
*/
|
||||||
|
protected function createManyEntityPermissions($entities, $roles)
|
||||||
|
{
|
||||||
|
$entityPermissions = [];
|
||||||
|
foreach ($entities as $entity) {
|
||||||
|
foreach ($roles as $role) {
|
||||||
|
$entityPermissions[] = $this->createEntityPermission($entity, $role);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
$this->entityPermission->insert($entityPermissions);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
protected function createEntityPermissionData(Entity $entity, Role $role)
|
||||||
|
{
|
||||||
|
// TODO - Check the permission values and return an EntityPermission
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,34 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
use Illuminate\Database\Schema\Blueprint;
|
||||||
|
use Illuminate\Database\Migrations\Migration;
|
||||||
|
|
||||||
|
class CreateEntityPermissionsTable extends Migration
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Run the migrations.
|
||||||
|
*
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function up()
|
||||||
|
{
|
||||||
|
Schema::create('entity_permissions', function (Blueprint $table) {
|
||||||
|
$table->increments('id');
|
||||||
|
$table->integer('role_id');
|
||||||
|
$table->string('entity_type');
|
||||||
|
$table->integer('entity_id');
|
||||||
|
$table->string('action');
|
||||||
|
$table->boolean('has_permission')->default(false);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Reverse the migrations.
|
||||||
|
*
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function down()
|
||||||
|
{
|
||||||
|
Schema::drop('entity_permissions');
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue