Infra-Mirrors/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-07-07 20:02:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
3f7180fa99
BookStack/app/Auth/Permissions/PermissionsRepo.php

143 lines
4.2 KiB
PHP
Raw Normal View History

Re-structured the app code to be feature based rather than code type based
2018-09-25 11:30:50 +00:00
<?php namespace BookStack\Auth\Permissions;
Refactored some permission controls and increased testing for roles system
2016-03-02 22:35:01 +00:00
Re-structured the app code to be feature based rather than code type based
2018-09-25 11:30:50 +00:00
use BookStack\Auth\Role;
Fleshed out entity provided and optimized imports
2018-09-25 15:58:03 +00:00
use BookStack\Exceptions\PermissionsException;
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above.
2020-08-04 13:55:01 +00:00
use Exception;
use Illuminate\Database\Eloquent\Collection;
Updated to Laravel 5.8
2019-09-13 22:58:40 +00:00
use Illuminate\Support\Str;
Refactored some permission controls and increased testing for roles system
2016-03-02 22:35:01 +00:00
class PermissionsRepo
{
protected $permission;
protected $role;
Major permission naming refactor and database migration cleanup
2016-05-01 20:20:50 +00:00
protected $permissionService;
Refactored some permission controls and increased testing for roles system
2016-03-02 22:35:01 +00:00
Added hidden public role to fit with new permissions system
2016-05-01 18:36:53 +00:00
protected $systemRoles = ['admin', 'public'];
Refactored some permission controls and increased testing for roles system
2016-03-02 22:35:01 +00:00
/**
* PermissionsRepo constructor.
*/
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above.
2020-08-04 13:55:01 +00:00
public function __construct(RolePermission $permission, Role $role, PermissionService $permissionService)
Refactored some permission controls and increased testing for roles system
2016-03-02 22:35:01 +00:00
{
$this->permission = $permission;
$this->role = $role;
Major permission naming refactor and database migration cleanup
2016-05-01 20:20:50 +00:00
$this->permissionService = $permissionService;
Refactored some permission controls and increased testing for roles system
2016-03-02 22:35:01 +00:00
}
/**
* Get all the user roles from the system.
*/
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above.
2020-08-04 13:55:01 +00:00
public function getAllRoles(): Collection
Refactored some permission controls and increased testing for roles system
2016-03-02 22:35:01 +00:00
{
Started work on making the public role/user configurable Create a new 'public' guest user and made the public role visible on role setting screens.
2016-09-29 11:43:46 +00:00
return $this->role->all();
Refactored some permission controls and increased testing for roles system
2016-03-02 22:35:01 +00:00
}
/**
* Get all the roles except for the provided one.
*/
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above.
2020-08-04 13:55:01 +00:00
public function getAllRolesExcept(Role $role): Collection
Refactored some permission controls and increased testing for roles system
2016-03-02 22:35:01 +00:00
{
Started work on making the public role/user configurable Create a new 'public' guest user and made the public role visible on role setting screens.
2016-09-29 11:43:46 +00:00
return $this->role->where('id', '!=', $role->id)->get();
Refactored some permission controls and increased testing for roles system
2016-03-02 22:35:01 +00:00
}
/**
* Get a role via its ID.
*/
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above.
2020-08-04 13:55:01 +00:00
public function getRoleById($id): Role
Refactored some permission controls and increased testing for roles system
2016-03-02 22:35:01 +00:00
{
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above.
2020-08-04 13:55:01 +00:00
return $this->role->newQuery()->findOrFail($id);
Refactored some permission controls and increased testing for roles system
2016-03-02 22:35:01 +00:00
}
/**
* Save a new role into the system.
*/
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above.
2020-08-04 13:55:01 +00:00
public function saveNewRole(array $roleData): Role
Refactored some permission controls and increased testing for roles system
2016-03-02 22:35:01 +00:00
{
$role = $this->role->newInstance($roleData);
$role->save();
$permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];
$this->assignRolePermissions($role, $permissions);
Major permission naming refactor and database migration cleanup
2016-05-01 20:20:50 +00:00
$this->permissionService->buildJointPermissionForRole($role);
Refactored some permission controls and increased testing for roles system
2016-03-02 22:35:01 +00:00
return $role;
}
/**
* Updates an existing role.
Updated so permission effect admins more Asset permissions can now be configured for admins. joint_permissions will now effect admins more often. Made so shelves header link will hide if you have no bookshelves view permission.
2018-09-20 18:48:08 +00:00
* Ensure Admin role always have core permissions.
Refactored some permission controls and increased testing for roles system
2016-03-02 22:35:01 +00:00
*/
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above.
2020-08-04 13:55:01 +00:00
public function updateRole($roleId, array $roleData)
Refactored some permission controls and increased testing for roles system
2016-03-02 22:35:01 +00:00
{
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above.
2020-08-04 13:55:01 +00:00
/** @var Role $role */
$role = $this->role->newQuery()->findOrFail($roleId);
Added hidden public role to fit with new permissions system
2016-05-01 18:36:53 +00:00
Refactored some permission controls and increased testing for roles system
2016-03-02 22:35:01 +00:00
$permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];
Fixed role 'manage own permissions' permission
2017-01-22 12:16:02 +00:00
if ($role->system_name === 'admin') {
Updated so permission effect admins more Asset permissions can now be configured for admins. joint_permissions will now effect admins more often. Made so shelves header link will hide if you have no bookshelves view permission.
2018-09-20 18:48:08 +00:00
$permissions = array_merge($permissions, [
'users-manage',
'user-roles-manage',
'restrictions-manage-all',
'restrictions-manage-own',
'settings-manage',
]);
Refactored some permission controls and increased testing for roles system
2016-03-02 22:35:01 +00:00
}
Updated so permission effect admins more Asset permissions can now be configured for admins. joint_permissions will now effect admins more often. Made so shelves header link will hide if you have no bookshelves view permission.
2018-09-20 18:48:08 +00:00
$this->assignRolePermissions($role, $permissions);
Refactored some permission controls and increased testing for roles system
2016-03-02 22:35:01 +00:00
$role->fill($roleData);
$role->save();
Major permission naming refactor and database migration cleanup
2016-05-01 20:20:50 +00:00
$this->permissionService->buildJointPermissionForRole($role);
Refactored some permission controls and increased testing for roles system
2016-03-02 22:35:01 +00:00
}
/**
* Assign an list of permission names to an role.
*/
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above.
2020-08-04 13:55:01 +00:00
public function assignRolePermissions(Role $role, array $permissionNameArray = [])
Refactored some permission controls and increased testing for roles system
2016-03-02 22:35:01 +00:00
{
$permissions = [];
Added a whole load of permission & role tests
2016-03-05 12:09:09 +00:00
$permissionNameArray = array_values($permissionNameArray);
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above.
2020-08-04 13:55:01 +00:00
if ($permissionNameArray) {
$permissions = $this->permission->newQuery()
->whereIn('name', $permissionNameArray)
->pluck('id')
->toArray();
Refactored some permission controls and increased testing for roles system
2016-03-02 22:35:01 +00:00
}
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above.
2020-08-04 13:55:01 +00:00
Refactored some permission controls and increased testing for roles system
2016-03-02 22:35:01 +00:00
$role->permissions()->sync($permissions);
}
/**
* Delete a role from the system.
* Check it's not an admin role or set as default before deleting.
* If an migration Role ID is specified the users assign to the current role
* will be added to the role of the specified id.
* @throws PermissionsException
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above.
2020-08-04 13:55:01 +00:00
* @throws Exception
Refactored some permission controls and increased testing for roles system
2016-03-02 22:35:01 +00:00
*/
public function deleteRole($roleId, $migrateRoleId)
{
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above.
2020-08-04 13:55:01 +00:00
/** @var Role $role */
$role = $this->role->newQuery()->findOrFail($roleId);
Refactored some permission controls and increased testing for roles system
2016-03-02 22:35:01 +00:00
// Prevent deleting admin role or default registration role.
Added hidden public role to fit with new permissions system
2016-05-01 18:36:53 +00:00
if ($role->system_name && in_array($role->system_name, $this->systemRoles)) {
Extracted text from logic files
2016-12-04 16:51:39 +00:00
throw new PermissionsException(trans('errors.role_system_cannot_be_deleted'));
Extracted some methods into a BookRepo
2019-09-15 22:28:23 +00:00
} else if ($role->id === intval(setting('registration-role'))) {
Extracted text from logic files
2016-12-04 16:51:39 +00:00
throw new PermissionsException(trans('errors.role_registration_default_cannot_delete'));
Refactored some permission controls and increased testing for roles system
2016-03-02 22:35:01 +00:00
}
if ($migrateRoleId) {
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above.
2020-08-04 13:55:01 +00:00
$newRole = $this->role->newQuery()->find($migrateRoleId);
Refactored some permission controls and increased testing for roles system
2016-03-02 22:35:01 +00:00
if ($newRole) {
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above.
2020-08-04 13:55:01 +00:00
$users = $role->users()->pluck('id')->toArray();
Refactored some permission controls and increased testing for roles system
2016-03-02 22:35:01 +00:00
$newRole->users()->sync($users);
}
}
Major permission naming refactor and database migration cleanup
2016-05-01 20:20:50 +00:00
$this->permissionService->deleteJointPermissionsForRole($role);
Refactored some permission controls and increased testing for roles system
2016-03-02 22:35:01 +00:00
$role->delete();
}
Set /app PHP code to PSR-2 standard Also adde draw.io to attribution list. Closes #649
2018-01-28 16:58:52 +00:00
}
Reference in New Issue Copy Permalink