2021-06-26 11:23:15 -04:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace BookStack\Auth;
|
2018-09-25 07:30:50 -04:00
|
|
|
|
2022-10-07 08:12:33 -04:00
|
|
|
use BookStack\Auth\Permissions\EntityPermission;
|
2018-09-25 07:30:50 -04:00
|
|
|
use BookStack\Auth\Permissions\JointPermission;
|
2019-02-03 12:34:15 -05:00
|
|
|
use BookStack\Auth\Permissions\RolePermission;
|
2020-11-20 13:53:01 -05:00
|
|
|
use BookStack\Interfaces\Loggable;
|
2018-09-25 07:30:50 -04:00
|
|
|
use BookStack\Model;
|
2020-08-04 09:55:01 -04:00
|
|
|
use Illuminate\Database\Eloquent\Collection;
|
2021-10-30 16:29:59 -04:00
|
|
|
use Illuminate\Database\Eloquent\Factories\HasFactory;
|
2020-12-08 18:46:38 -05:00
|
|
|
use Illuminate\Database\Eloquent\Relations\BelongsToMany;
|
2020-08-04 09:55:01 -04:00
|
|
|
use Illuminate\Database\Eloquent\Relations\HasMany;
|
2015-08-29 10:03:42 -04:00
|
|
|
|
2019-11-16 10:24:09 -05:00
|
|
|
/**
|
2021-06-26 11:23:15 -04:00
|
|
|
* Class Role.
|
|
|
|
*
|
2021-09-18 16:21:44 -04:00
|
|
|
* @property int $id
|
|
|
|
* @property string $display_name
|
|
|
|
* @property string $description
|
|
|
|
* @property string $external_auth_id
|
|
|
|
* @property string $system_name
|
|
|
|
* @property bool $mfa_enforced
|
2021-09-17 18:44:54 -04:00
|
|
|
* @property Collection $users
|
2019-11-16 10:24:09 -05:00
|
|
|
*/
|
2020-11-20 13:53:01 -05:00
|
|
|
class Role extends Model implements Loggable
|
2015-08-29 10:03:42 -04:00
|
|
|
{
|
2021-10-30 16:29:59 -04:00
|
|
|
use HasFactory;
|
|
|
|
|
2018-07-15 14:34:42 -04:00
|
|
|
protected $fillable = ['display_name', 'description', 'external_auth_id'];
|
2015-09-05 12:42:05 -04:00
|
|
|
|
2022-02-03 07:33:26 -05:00
|
|
|
protected $hidden = ['pivot'];
|
|
|
|
|
2015-08-29 10:03:42 -04:00
|
|
|
/**
|
|
|
|
* The roles that belong to the role.
|
|
|
|
*/
|
2020-12-08 18:46:38 -05:00
|
|
|
public function users(): BelongsToMany
|
2015-08-29 10:03:42 -04:00
|
|
|
{
|
2019-02-03 12:34:15 -05:00
|
|
|
return $this->belongsToMany(User::class)->orderBy('name', 'asc');
|
2015-08-29 10:03:42 -04:00
|
|
|
}
|
|
|
|
|
2016-04-24 11:54:20 -04:00
|
|
|
/**
|
2016-05-01 16:20:50 -04:00
|
|
|
* Get all related JointPermissions.
|
2016-04-24 11:54:20 -04:00
|
|
|
*/
|
2020-08-04 09:55:01 -04:00
|
|
|
public function jointPermissions(): HasMany
|
2016-04-24 11:54:20 -04:00
|
|
|
{
|
2016-05-01 16:20:50 -04:00
|
|
|
return $this->hasMany(JointPermission::class);
|
2016-04-24 11:54:20 -04:00
|
|
|
}
|
|
|
|
|
2015-08-29 10:03:42 -04:00
|
|
|
/**
|
2016-05-01 16:20:50 -04:00
|
|
|
* The RolePermissions that belong to the role.
|
2015-08-29 10:03:42 -04:00
|
|
|
*/
|
2020-12-08 18:46:38 -05:00
|
|
|
public function permissions(): BelongsToMany
|
2015-08-29 10:03:42 -04:00
|
|
|
{
|
2019-02-03 12:34:15 -05:00
|
|
|
return $this->belongsToMany(RolePermission::class, 'permission_role', 'role_id', 'permission_id');
|
2015-08-29 10:03:42 -04:00
|
|
|
}
|
|
|
|
|
2022-10-07 08:12:33 -04:00
|
|
|
/**
|
|
|
|
* Get the entity permissions assigned to this role.
|
|
|
|
*/
|
|
|
|
public function entityPermissions(): HasMany
|
|
|
|
{
|
|
|
|
return $this->hasMany(EntityPermission::class);
|
|
|
|
}
|
|
|
|
|
2016-02-27 14:24:42 -05:00
|
|
|
/**
|
|
|
|
* Check if this role has a permission.
|
|
|
|
*/
|
2020-08-04 09:55:01 -04:00
|
|
|
public function hasPermission(string $permissionName): bool
|
2016-02-27 14:24:42 -05:00
|
|
|
{
|
2016-04-30 12:16:06 -04:00
|
|
|
$permissions = $this->getRelationValue('permissions');
|
|
|
|
foreach ($permissions as $permission) {
|
2018-01-28 11:58:52 -05:00
|
|
|
if ($permission->getRawAttribute('name') === $permissionName) {
|
|
|
|
return true;
|
|
|
|
}
|
2016-04-30 12:16:06 -04:00
|
|
|
}
|
2021-06-26 11:23:15 -04:00
|
|
|
|
2016-04-30 12:16:06 -04:00
|
|
|
return false;
|
2016-02-27 14:24:42 -05:00
|
|
|
}
|
|
|
|
|
2015-08-29 10:03:42 -04:00
|
|
|
/**
|
|
|
|
* Add a permission to this role.
|
|
|
|
*/
|
2019-02-03 12:34:15 -05:00
|
|
|
public function attachPermission(RolePermission $permission)
|
2015-08-29 10:03:42 -04:00
|
|
|
{
|
|
|
|
$this->permissions()->attach($permission->id);
|
|
|
|
}
|
|
|
|
|
2016-04-09 07:37:58 -04:00
|
|
|
/**
|
|
|
|
* Detach a single permission from this role.
|
|
|
|
*/
|
2019-02-03 12:34:15 -05:00
|
|
|
public function detachPermission(RolePermission $permission)
|
2016-04-09 07:37:58 -04:00
|
|
|
{
|
2019-12-30 14:42:46 -05:00
|
|
|
$this->permissions()->detach([$permission->id]);
|
2016-04-09 07:37:58 -04:00
|
|
|
}
|
|
|
|
|
2016-01-02 09:48:35 -05:00
|
|
|
/**
|
2020-08-04 09:55:01 -04:00
|
|
|
* Get the role of the specified display name.
|
2016-01-02 09:48:35 -05:00
|
|
|
*/
|
2021-10-26 17:04:18 -04:00
|
|
|
public static function getRole(string $displayName): ?self
|
2016-01-02 09:48:35 -05:00
|
|
|
{
|
2020-08-04 09:55:01 -04:00
|
|
|
return static::query()->where('display_name', '=', $displayName)->first();
|
2015-09-05 12:42:05 -04:00
|
|
|
}
|
2016-05-01 14:36:53 -04:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Get the role object for the specified system role.
|
|
|
|
*/
|
2021-10-26 17:04:18 -04:00
|
|
|
public static function getSystemRole(string $systemName): ?self
|
2016-05-01 14:36:53 -04:00
|
|
|
{
|
2020-08-04 09:55:01 -04:00
|
|
|
return static::query()->where('system_name', '=', $systemName)->first();
|
2016-05-01 14:36:53 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2021-06-04 17:36:30 -04:00
|
|
|
* Get all visible roles.
|
2016-05-01 14:36:53 -04:00
|
|
|
*/
|
2020-08-04 09:55:01 -04:00
|
|
|
public static function visible(): Collection
|
2016-05-01 14:36:53 -04:00
|
|
|
{
|
2019-10-05 07:55:01 -04:00
|
|
|
return static::query()->where('hidden', '=', false)->orderBy('name')->get();
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Get the roles that can be restricted.
|
|
|
|
*/
|
2020-08-04 09:55:01 -04:00
|
|
|
public static function restrictable(): Collection
|
2019-10-05 07:55:01 -04:00
|
|
|
{
|
2021-06-04 17:36:30 -04:00
|
|
|
return static::query()
|
|
|
|
->where('system_name', '!=', 'admin')
|
|
|
|
->orderBy('display_name', 'asc')
|
|
|
|
->get();
|
2016-05-01 14:36:53 -04:00
|
|
|
}
|
2020-11-20 13:53:01 -05:00
|
|
|
|
2022-10-02 13:09:48 -04:00
|
|
|
/**
|
|
|
|
* Get a role to represent the case of 'Everyone else' in the system.
|
|
|
|
* Used within the interface since the default-fallback for permissions uses role_id=0.
|
|
|
|
*/
|
|
|
|
public static function getEveryoneElseRole(): self
|
|
|
|
{
|
|
|
|
return (new static())->forceFill([
|
|
|
|
'id' => 0,
|
|
|
|
'display_name' => 'Everyone Else',
|
|
|
|
'description' => 'Set permissions for all roles not specifically overridden.'
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
2020-11-20 13:53:01 -05:00
|
|
|
/**
|
2021-10-26 17:04:18 -04:00
|
|
|
* {@inheritdoc}
|
2020-11-20 13:53:01 -05:00
|
|
|
*/
|
|
|
|
public function logDescriptor(): string
|
|
|
|
{
|
|
|
|
return "({$this->id}) {$this->display_name}";
|
|
|
|
}
|
2015-08-29 10:03:42 -04:00
|
|
|
}
|