webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-07-28 17:02:04 +03:00
Code Activity

Added hidden public role to fit with new permissions system

Browse Source
This commit is contained in:
Dan Brown
2016-05-01 19:36:53 +01:00
parent 59367b3417
commit 05666efda9
14 changed files with 166 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/Http/Controllers/PermissionController.php
View File

@ -63,11 +63,13 @@ class PermissionController extends Controller
* Show the form for editing a user role.
* @param $id
* @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
* @throws PermissionsException
*/
public function editRole($id)
{
$this->checkPermission('user-roles-manage');
$role = $this->permissionsRepo->getRoleById($id);
if ($role->hidden) throw new PermissionsException('This role cannot be edited');
return view('settings/roles/edit', ['role' => $role]);
}

6
app/Http/Controllers/UserController.php
View File

@ -49,7 +49,8 @@ class UserController extends Controller
{
$this->checkPermission('users-manage');
$authMethod = config('auth.method');
return view('users/create', ['authMethod' => $authMethod]);
$roles = $this->userRepo->getAssignableRoles();
return view('users/create', ['authMethod' => $authMethod, 'roles' => $roles]);
}
/**
@ -117,7 +118,8 @@ class UserController extends Controller
$user = $this->user->findOrFail($id);
$activeSocialDrivers = $socialAuthService->getActiveDrivers();
$this->setPageTitle('User Profile');
return view('users/edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers, 'authMethod' => $authMethod]);
$roles = $this->userRepo->getAssignableRoles();
return view('users/edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers, 'authMethod' => $authMethod, 'roles' => $roles]);
}
/**

14
app/Repos/PermissionsRepo.php
View File

@ -14,6 +14,8 @@ class PermissionsRepo
protected $role;
protected $restrictionService;
protected $systemRoles = ['admin', 'public'];
/**
* PermissionsRepo constructor.
* @param Permission $permission
@ -33,7 +35,7 @@ class PermissionsRepo
*/
public function getAllRoles()
{
return $this->role->all();
return $this->role->where('hidden', '=', false)->get();
}
/**
@ -43,7 +45,7 @@ class PermissionsRepo
*/
public function getAllRolesExcept(Role $role)
{
return $this->role->where('id', '!=', $role->id)->get();
return $this->role->where('id', '!=', $role->id)->where('hidden', '=', false)->get();
}
/**
@ -82,10 +84,14 @@ class PermissionsRepo
* Ensure Admin role always has all permissions.
* @param $roleId
* @param $roleData
* @throws PermissionsException
*/
public function updateRole($roleId, $roleData)
{
$role = $this->role->findOrFail($roleId);
if ($role->hidden) throw new PermissionsException("Cannot update a hidden role");
$permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];
$this->assignRolePermissions($role, $permissions);
@ -128,8 +134,8 @@ class PermissionsRepo
$role = $this->role->findOrFail($roleId);
// Prevent deleting admin role or default registration role.
if ($role->name === 'admin') {
throw new PermissionsException('The admin role cannot be deleted');
if ($role->system_name && in_array($role->system_name, $this->systemRoles)) {
throw new PermissionsException('This role is a system role and cannot be deleted');
} else if ($role->id == setting('registration-role')) {
throw new PermissionsException('This role cannot be deleted while set as the default registration role.');
}

11
app/Repos/UserRepo.php
View File

@ -168,6 +168,15 @@ class UserRepo
];
}
/**
* Get the roles in the system that are assignable to a user.
* @return mixed
*/
public function getAssignableRoles()
{
return $this->role->visible();
}
/**
* Get all the roles which can be given restricted access to
* other entities in the system.
@ -175,7 +184,7 @@ class UserRepo
*/
public function getRestrictableRoles()
{
return $this->role->where('name', '!=', 'admin')->get();
return $this->role->where('hidden', '=', false)->where('system_name', '=', '')->get();
}
}

20
app/Role.php
View File

@ -72,4 +72,24 @@ class Role extends Model
{
return static::where('name', '=', $roleName)->first();
}
/**
* Get the role object for the specified system role.
* @param $roleName
* @return mixed
*/
public static function getSystemRole($roleName)
{
return static::where('system_name', '=', $roleName)->first();
}
/**
* GEt all visible roles
* @return mixed
*/
public static function visible()
{
return static::where('hidden', '=', false)->orderBy('name')->get();
}
}

35
app/Services/RestrictionService.php
View File

@ -35,9 +35,10 @@ class RestrictionService
public function __construct(EntityPermission $entityPermission, Book $book, Chapter $chapter, Page $page, Role $role)
{
$this->currentUser = auth()->user();
if ($this->currentUser === null) $this->currentUser = new User(['id' => 0]);
$this->userRoles = $this->currentUser ? $this->currentUser->roles->pluck('id') : [];
$this->isAdmin = $this->currentUser ? $this->currentUser->hasRole('admin') : false;
$userSet = $this->currentUser !== null;
$this->userRoles = false;
$this->isAdmin = $userSet ? $this->currentUser->hasRole('admin') : false;
if (!$userSet) $this->currentUser = new User();
$this->entityPermission = $entityPermission;
$this->role = $role;
@ -46,6 +47,28 @@ class RestrictionService
$this->page = $page;
}
/**
* Get the roles for the current user;
* @return array|bool
*/
protected function getRoles()
{
if ($this->userRoles !== false) return $this->userRoles;
$roles = [];
if (auth()->guest()) {
$roles[] = $this->role->getSystemRole('public')->id;
return $roles;
}
foreach ($this->currentUser->roles as $role) {
$roles[] = $role->id;
}
return $roles;
}
/**
* Re-generate all entity permission from scratch.
*/
@ -346,7 +369,7 @@ class RestrictionService
{
return $query->where(function ($parentQuery) {
$parentQuery->whereHas('permissions', function ($permissionQuery) {
$permissionQuery->whereIn('role_id', $this->userRoles)
$permissionQuery->whereIn('role_id', $this->getRoles())
->where('action', '=', $this->currentAction)
->where(function ($query) {
$query->where('has_permission', '=', true)
@ -428,7 +451,7 @@ class RestrictionService
->whereRaw('entity_permissions.entity_id=' . $tableDetails['tableName'] . '.' . $tableDetails['entityIdColumn'])
->whereRaw('entity_permissions.entity_type=' . $tableDetails['tableName'] . '.' . $tableDetails['entityTypeColumn'])
->where('action', '=', $this->currentAction)
->whereIn('role_id', $this->userRoles)
->whereIn('role_id', $this->getRoles())
->where(function ($query) {
$query->where('has_permission', '=', true)->orWhere(function ($query) {
$query->where('has_permission_own', '=', true)
@ -460,7 +483,7 @@ class RestrictionService
->whereRaw('entity_permissions.entity_id=' . $tableDetails['tableName'] . '.' . $tableDetails['entityIdColumn'])
->where('entity_type', '=', 'Bookstack\\Page')
->where('action', '=', $this->currentAction)
->whereIn('role_id', $this->userRoles)
->whereIn('role_id', $this->getRoles())
->where(function ($query) {
$query->where('has_permission', '=', true)->orWhere(function ($query) {
$query->where('has_permission_own', '=', true)

1
app/helpers.php
View File

@ -39,7 +39,6 @@ if (!function_exists('versioned_asset')) {
*/
function userCan($permission, \BookStack\Ownable $ownable = null)
{
if (!auth()->check()) return false;
if ($ownable === null) {
return auth()->user() && auth()->user()->can($permission);
}