BookStack/app/Http/Controllers/PermissionController.php

<?php namespace BookStack\Http\Controllers;

use BookStack\Auth\Permissions\PermissionsRepo;
use BookStack\Exceptions\PermissionsException;
use Exception;
use Illuminate\Http\Request;
use Illuminate\Validation\ValidationException;

class PermissionController extends Controller
{

    protected $permissionsRepo;

    /**
     * PermissionController constructor.
     */
    public function __construct(PermissionsRepo $permissionsRepo)
    {
        $this->permissionsRepo = $permissionsRepo;
        parent::__construct();
    }

    /**
     * Show a listing of the roles in the system.
     */
    public function listRoles()
    {
        $this->checkPermission('user-roles-manage');
        $roles = $this->permissionsRepo->getAllRoles();
        return view('settings.roles.index', ['roles' => $roles]);
    }

    /**
     * Show the form to create a new role
     */
    public function createRole()
    {
        $this->checkPermission('user-roles-manage');
        return view('settings.roles.create');
    }

    /**
     * Store a new role in the system.
     */
    public function storeRole(Request $request)
    {
        $this->checkPermission('user-roles-manage');
        $this->validate($request, [
            'display_name' => 'required|min:3|max:180',
            'description' => 'max:180'
        ]);

        $this->permissionsRepo->saveNewRole($request->all());
        $this->showSuccessNotification(trans('settings.role_create_success'));
        return redirect('/settings/roles');
    }

    /**
     * Show the form for editing a user role.
     * @throws PermissionsException
     */
    public function editRole(string $id)
    {
        $this->checkPermission('user-roles-manage');
        $role = $this->permissionsRepo->getRoleById($id);
        if ($role->hidden) {
            throw new PermissionsException(trans('errors.role_cannot_be_edited'));
        }
        return view('settings.roles.edit', ['role' => $role]);
    }

    /**
     * Updates a user role.
     * @throws ValidationException
     */
    public function updateRole(Request $request, string $id)
    {
        $this->checkPermission('user-roles-manage');
        $this->validate($request, [
            'display_name' => 'required|min:3|max:180',
            'description' => 'max:180'
        ]);

        $this->permissionsRepo->updateRole($id, $request->all());
        $this->showSuccessNotification(trans('settings.role_update_success'));
        return redirect('/settings/roles');
    }

    /**
     * Show the view to delete a role.
     * Offers the chance to migrate users.
     */
    public function showDeleteRole(string $id)
    {
        $this->checkPermission('user-roles-manage');
        $role = $this->permissionsRepo->getRoleById($id);
        $roles = $this->permissionsRepo->getAllRolesExcept($role);
        $blankRole = $role->newInstance(['display_name' => trans('settings.role_delete_no_migration')]);
        $roles->prepend($blankRole);
        return view('settings.roles.delete', ['role' => $role, 'roles' => $roles]);
    }

    /**
     * Delete a role from the system,
     * Migrate from a previous role if set.
     * @throws Exception
     */
    public function deleteRole(Request $request, string $id)
    {
        $this->checkPermission('user-roles-manage');

        try {
            $this->permissionsRepo->deleteRole($id, $request->get('migrate_role_id'));
        } catch (PermissionsException $e) {
            $this->showErrorNotification($e->getMessage());
            return redirect()->back();
        }

        $this->showSuccessNotification(trans('settings.role_delete_success'));
        return redirect('/settings/roles');
    }
}
Refactored some permission controls and increased testing for roles system 2016-03-02 17:35:01 -05:00			`<?php namespace BookStack\Http\Controllers;`
Started work on exposing the role system as editable 2016-02-26 18:44:02 -05:00
Re-structured the app code to be feature based rather than code type based 2018-09-25 07:30:50 -04:00			`use BookStack\Auth\Permissions\PermissionsRepo;`
Fleshed out entity provided and optimized imports 2018-09-25 11:58:03 -04:00			`use BookStack\Exceptions\PermissionsException;`
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above. 2020-08-04 09:55:01 -04:00			`use Exception;`
Started work on exposing the role system as editable 2016-02-26 18:44:02 -05:00			`use Illuminate\Http\Request;`
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above. 2020-08-04 09:55:01 -04:00			`use Illuminate\Validation\ValidationException;`
Started work on exposing the role system as editable 2016-02-26 18:44:02 -05:00
			`class PermissionController extends Controller`
			`{`

Refactored some permission controls and increased testing for roles system 2016-03-02 17:35:01 -05:00			`protected $permissionsRepo;`
Started work on exposing the role system as editable 2016-02-26 18:44:02 -05:00
			`/**`
			`* PermissionController constructor.`
			`*/`
Refactored some permission controls and increased testing for roles system 2016-03-02 17:35:01 -05:00			`public function __construct(PermissionsRepo $permissionsRepo)`
Started work on exposing the role system as editable 2016-02-26 18:44:02 -05:00			`{`
Refactored some permission controls and increased testing for roles system 2016-03-02 17:35:01 -05:00			`$this->permissionsRepo = $permissionsRepo;`
Started work on exposing the role system as editable 2016-02-26 18:44:02 -05:00			`parent::__construct();`
			`}`

			`/**`
			`* Show a listing of the roles in the system.`
			`*/`
			`public function listRoles()`
			`{`
Finished initial implementation of custom role system 2016-02-27 14:24:42 -05:00			`$this->checkPermission('user-roles-manage');`
Refactored some permission controls and increased testing for roles system 2016-03-02 17:35:01 -05:00			`$roles = $this->permissionsRepo->getAllRoles();`
Updated auth pages to new design, Removed public layout 2019-02-03 12:34:15 -05:00			`return view('settings.roles.index', ['roles' => $roles]);`
Started work on exposing the role system as editable 2016-02-26 18:44:02 -05:00			`}`

Finished initial implementation of custom role system 2016-02-27 14:24:42 -05:00			`/**`
			`* Show the form to create a new role`
			`*/`
			`public function createRole()`
			`{`
			`$this->checkPermission('user-roles-manage');`
Updated auth pages to new design, Removed public layout 2019-02-03 12:34:15 -05:00			`return view('settings.roles.create');`
Finished initial implementation of custom role system 2016-02-27 14:24:42 -05:00			`}`

			`/**`
			`* Store a new role in the system.`
			`*/`
			`public function storeRole(Request $request)`
			`{`
			`$this->checkPermission('user-roles-manage');`
			`$this->validate($request, [`
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above. 2020-08-04 09:55:01 -04:00			`'display_name' => 'required\|min:3\|max:180',`
			`'description' => 'max:180'`
Finished initial implementation of custom role system 2016-02-27 14:24:42 -05:00			`]);`

Refactored some permission controls and increased testing for roles system 2016-03-02 17:35:01 -05:00			`$this->permissionsRepo->saveNewRole($request->all());`
Entity Repo & Controller Refactor (#1690) * Started mass-refactoring of the current entity repos * Rewrote book tree logic - Now does two simple queries instead of one really complex one. - Extracted logic into its own class. - Remove model-level akward union field listing. - Logic now more readable than being large separate query and compilation functions. * Extracted and split book sort logic * Finished up Book controller/repo organisation * Refactored bookshelves controllers and repo parts * Fixed issues found via phpunit * Refactored Chapter controller * Updated Chapter export controller * Started Page controller/repo refactor * Refactored another chunk of PageController * Completed initial pagecontroller refactor pass * Fixed tests and continued reduction of old repos * Removed old page remove and further reduced entity repo * Removed old entity repo, split out page controller * Ran phpcbf and split out some page content methods * Tidied up some EntityProvider elements * Fixed issued caused by viewservice change 2019-10-05 07:55:01 -04:00			`$this->showSuccessNotification(trans('settings.role_create_success'));`
Finished initial implementation of custom role system 2016-02-27 14:24:42 -05:00			`return redirect('/settings/roles');`
			`}`

Started work on exposing the role system as editable 2016-02-26 18:44:02 -05:00			`/**`
			`* Show the form for editing a user role.`
Added hidden public role to fit with new permissions system 2016-05-01 14:36:53 -04:00			`* @throws PermissionsException`
Started work on exposing the role system as editable 2016-02-26 18:44:02 -05:00			`*/`
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above. 2020-08-04 09:55:01 -04:00			`public function editRole(string $id)`
Started work on exposing the role system as editable 2016-02-26 18:44:02 -05:00			`{`
Finished initial implementation of custom role system 2016-02-27 14:24:42 -05:00			`$this->checkPermission('user-roles-manage');`
Refactored some permission controls and increased testing for roles system 2016-03-02 17:35:01 -05:00			`$role = $this->permissionsRepo->getRoleById($id);`
Set /app PHP code to PSR-2 standard Also adde draw.io to attribution list. Closes #649 2018-01-28 11:58:52 -05:00			`if ($role->hidden) {`
			`throw new PermissionsException(trans('errors.role_cannot_be_edited'));`
			`}`
Updated auth pages to new design, Removed public layout 2019-02-03 12:34:15 -05:00			`return view('settings.roles.edit', ['role' => $role]);`
Started work on exposing the role system as editable 2016-02-26 18:44:02 -05:00			`}`
Finished initial implementation of custom role system 2016-02-27 14:24:42 -05:00
			`/**`
			`* Updates a user role.`
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above. 2020-08-04 09:55:01 -04:00			`* @throws ValidationException`
Finished initial implementation of custom role system 2016-02-27 14:24:42 -05:00			`*/`
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above. 2020-08-04 09:55:01 -04:00			`public function updateRole(Request $request, string $id)`
Finished initial implementation of custom role system 2016-02-27 14:24:42 -05:00			`{`
			`$this->checkPermission('user-roles-manage');`
			`$this->validate($request, [`
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above. 2020-08-04 09:55:01 -04:00			`'display_name' => 'required\|min:3\|max:180',`
			`'description' => 'max:180'`
Finished initial implementation of custom role system 2016-02-27 14:24:42 -05:00			`]);`

Refactored some permission controls and increased testing for roles system 2016-03-02 17:35:01 -05:00			`$this->permissionsRepo->updateRole($id, $request->all());`
Entity Repo & Controller Refactor (#1690) * Started mass-refactoring of the current entity repos * Rewrote book tree logic - Now does two simple queries instead of one really complex one. - Extracted logic into its own class. - Remove model-level akward union field listing. - Logic now more readable than being large separate query and compilation functions. * Extracted and split book sort logic * Finished up Book controller/repo organisation * Refactored bookshelves controllers and repo parts * Fixed issues found via phpunit * Refactored Chapter controller * Updated Chapter export controller * Started Page controller/repo refactor * Refactored another chunk of PageController * Completed initial pagecontroller refactor pass * Fixed tests and continued reduction of old repos * Removed old page remove and further reduced entity repo * Removed old entity repo, split out page controller * Ran phpcbf and split out some page content methods * Tidied up some EntityProvider elements * Fixed issued caused by viewservice change 2019-10-05 07:55:01 -04:00			`$this->showSuccessNotification(trans('settings.role_update_success'));`
Finished initial implementation of custom role system 2016-02-27 14:24:42 -05:00			`return redirect('/settings/roles');`
			`}`

			`/**`
			`* Show the view to delete a role.`
			`* Offers the chance to migrate users.`
			`*/`
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above. 2020-08-04 09:55:01 -04:00			`public function showDeleteRole(string $id)`
Finished initial implementation of custom role system 2016-02-27 14:24:42 -05:00			`{`
			`$this->checkPermission('user-roles-manage');`
Refactored some permission controls and increased testing for roles system 2016-03-02 17:35:01 -05:00			`$role = $this->permissionsRepo->getRoleById($id);`
			`$roles = $this->permissionsRepo->getAllRolesExcept($role);`
Extracted text from logic files 2016-12-04 11:51:39 -05:00			`$blankRole = $role->newInstance(['display_name' => trans('settings.role_delete_no_migration')]);`
Finished initial implementation of custom role system 2016-02-27 14:24:42 -05:00			`$roles->prepend($blankRole);`
Updated auth pages to new design, Removed public layout 2019-02-03 12:34:15 -05:00			`return view('settings.roles.delete', ['role' => $role, 'roles' => $roles]);`
Finished initial implementation of custom role system 2016-02-27 14:24:42 -05:00			`}`

			`/**`
			`* Delete a role from the system,`
			`* Migrate from a previous role if set.`
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above. 2020-08-04 09:55:01 -04:00			`* @throws Exception`
Finished initial implementation of custom role system 2016-02-27 14:24:42 -05:00			`*/`
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above. 2020-08-04 09:55:01 -04:00			`public function deleteRole(Request $request, string $id)`
Finished initial implementation of custom role system 2016-02-27 14:24:42 -05:00			`{`
			`$this->checkPermission('user-roles-manage');`

Refactored some permission controls and increased testing for roles system 2016-03-02 17:35:01 -05:00			`try {`
			`$this->permissionsRepo->deleteRole($id, $request->get('migrate_role_id'));`
			`} catch (PermissionsException $e) {`
Entity Repo & Controller Refactor (#1690) * Started mass-refactoring of the current entity repos * Rewrote book tree logic - Now does two simple queries instead of one really complex one. - Extracted logic into its own class. - Remove model-level akward union field listing. - Logic now more readable than being large separate query and compilation functions. * Extracted and split book sort logic * Finished up Book controller/repo organisation * Refactored bookshelves controllers and repo parts * Fixed issues found via phpunit * Refactored Chapter controller * Updated Chapter export controller * Started Page controller/repo refactor * Refactored another chunk of PageController * Completed initial pagecontroller refactor pass * Fixed tests and continued reduction of old repos * Removed old page remove and further reduced entity repo * Removed old entity repo, split out page controller * Ran phpcbf and split out some page content methods * Tidied up some EntityProvider elements * Fixed issued caused by viewservice change 2019-10-05 07:55:01 -04:00			`$this->showErrorNotification($e->getMessage());`
Finished initial implementation of custom role system 2016-02-27 14:24:42 -05:00			`return redirect()->back();`
			`}`

Entity Repo & Controller Refactor (#1690) * Started mass-refactoring of the current entity repos * Rewrote book tree logic - Now does two simple queries instead of one really complex one. - Extracted logic into its own class. - Remove model-level akward union field listing. - Logic now more readable than being large separate query and compilation functions. * Extracted and split book sort logic * Finished up Book controller/repo organisation * Refactored bookshelves controllers and repo parts * Fixed issues found via phpunit * Refactored Chapter controller * Updated Chapter export controller * Started Page controller/repo refactor * Refactored another chunk of PageController * Completed initial pagecontroller refactor pass * Fixed tests and continued reduction of old repos * Removed old page remove and further reduced entity repo * Removed old entity repo, split out page controller * Ran phpcbf and split out some page content methods * Tidied up some EntityProvider elements * Fixed issued caused by viewservice change 2019-10-05 07:55:01 -04:00			`$this->showSuccessNotification(trans('settings.role_delete_success'));`
Finished initial implementation of custom role system 2016-02-27 14:24:42 -05:00			`return redirect('/settings/roles');`
			`}`
Started work on exposing the role system as editable 2016-02-26 18:44:02 -05:00			`}`