BookStack/app/Auth/Role.php

<?php

namespace BookStack\Auth;

use BookStack\Auth\Permissions\EntityPermission;
use BookStack\Auth\Permissions\JointPermission;
use BookStack\Auth\Permissions\RolePermission;
use BookStack\Interfaces\Loggable;
use BookStack\Model;
use Illuminate\Database\Eloquent\Collection;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Relations\BelongsToMany;
use Illuminate\Database\Eloquent\Relations\HasMany;

/**
 * Class Role.
 *
 * @property int        $id
 * @property string     $display_name
 * @property string     $description
 * @property string     $external_auth_id
 * @property string     $system_name
 * @property bool       $mfa_enforced
 * @property Collection $users
 */
class Role extends Model implements Loggable
{
    use HasFactory;

    protected $fillable = ['display_name', 'description', 'external_auth_id', 'mfa_enforced'];

    protected $hidden = ['pivot'];

    protected $casts = [
        'mfa_enforced' => 'boolean',
    ];

    /**
     * The roles that belong to the role.
     */
    public function users(): BelongsToMany
    {
        return $this->belongsToMany(User::class)->orderBy('name', 'asc');
    }

    /**
     * Get all related JointPermissions.
     */
    public function jointPermissions(): HasMany
    {
        return $this->hasMany(JointPermission::class);
    }

    /**
     * The RolePermissions that belong to the role.
     */
    public function permissions(): BelongsToMany
    {
        return $this->belongsToMany(RolePermission::class, 'permission_role', 'role_id', 'permission_id');
    }

    /**
     * Get the entity permissions assigned to this role.
     */
    public function entityPermissions(): HasMany
    {
        return $this->hasMany(EntityPermission::class);
    }

    /**
     * Check if this role has a permission.
     */
    public function hasPermission(string $permissionName): bool
    {
        $permissions = $this->getRelationValue('permissions');
        foreach ($permissions as $permission) {
            if ($permission->getRawAttribute('name') === $permissionName) {
                return true;
            }
        }

        return false;
    }

    /**
     * Add a permission to this role.
     */
    public function attachPermission(RolePermission $permission)
    {
        $this->permissions()->attach($permission->id);
    }

    /**
     * Detach a single permission from this role.
     */
    public function detachPermission(RolePermission $permission)
    {
        $this->permissions()->detach([$permission->id]);
    }

    /**
     * Get the role of the specified display name.
     */
    public static function getRole(string $displayName): ?self
    {
        return static::query()->where('display_name', '=', $displayName)->first();
    }

    /**
     * Get the role object for the specified system role.
     */
    public static function getSystemRole(string $systemName): ?self
    {
        static $cache = [];

        if (!isset($cache[$systemName])) {
            $cache[$systemName] = static::query()->where('system_name', '=', $systemName)->first();
        }

        return $cache[$systemName];
    }

    /**
     * {@inheritdoc}
     */
    public function logDescriptor(): string
    {
        return "({$this->id}) {$this->display_name}";
    }
}
Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00			`<?php`

			`namespace BookStack\Auth;`
Re-structured the app code to be feature based rather than code type based 2018-09-25 11:30:50 +00:00
Added proper entity permission removal on role deletion Added test to cover. 2022-10-07 12:12:33 +00:00			`use BookStack\Auth\Permissions\EntityPermission;`
Re-structured the app code to be feature based rather than code type based 2018-09-25 11:30:50 +00:00			`use BookStack\Auth\Permissions\JointPermission;`
Updated auth pages to new design, Removed public layout 2019-02-03 17:34:15 +00:00			`use BookStack\Auth\Permissions\RolePermission;`
Implemented user, api_tokem & role activity logging Also refactored some role content, primarily updating the permission controller to be RoleController since it only dealt with roles. 2020-11-20 18:53:01 +00:00			`use BookStack\Interfaces\Loggable;`
Re-structured the app code to be feature based rather than code type based 2018-09-25 11:30:50 +00:00			`use BookStack\Model;`
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above. 2020-08-04 13:55:01 +00:00			`use Illuminate\Database\Eloquent\Collection;`
Laravel 8 shift squash & merge (#3029) * Temporarily moved back config path * Apply Laravel coding style * Shift exception handler * Shift HTTP kernel and middleware * Shift service providers * Convert options array to fluent methods * Shift to class based routes * Shift console routes * Ignore temporary framework files * Shift to class based factories * Namespace seeders * Shift PSR-4 autoloading * Shift config files * Default config files * Shift Laravel dependencies * Shift return type of base TestCase methods * Shift cleanup * Applied stylci style changes * Reverted config files location * Applied manual changes to Laravel 8 shift Co-authored-by: Shift <shift@laravelshift.com> 2021-10-30 20:29:59 +00:00			`use Illuminate\Database\Eloquent\Factories\HasFactory;`
Cleaned up some user/image areas of the app Further cleanup of docblocks and standardisation of repos. 2020-12-08 23:46:38 +00:00			`use Illuminate\Database\Eloquent\Relations\BelongsToMany;`
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above. 2020-08-04 13:55:01 +00:00			`use Illuminate\Database\Eloquent\Relations\HasMany;`
Added permission system 2015-08-29 14:03:42 +00:00
Appeased codeclimate by extracting out external_auth_id group matching 2019-11-16 15:24:09 +00:00			`/**`
Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00			`* Class Role.`
			`*`
Applied styleci style changes 2021-09-18 20:21:44 +00:00			`* @property int $id`
			`* @property string $display_name`
			`* @property string $description`
			`* @property string $external_auth_id`
			`* @property string $system_name`
			`* @property bool $mfa_enforced`
Converted AuthTest away from BrowserKit Moved some user managment tests out to more relevant classess along the way. Found some tweaks to make for email confirmation routing as part of this. 2021-09-17 22:44:54 +00:00			`* @property Collection $users`
Appeased codeclimate by extracting out external_auth_id group matching 2019-11-16 15:24:09 +00:00			`*/`
Implemented user, api_tokem & role activity logging Also refactored some role content, primarily updating the permission controller to be RoleController since it only dealt with roles. 2020-11-20 18:53:01 +00:00			`class Role extends Model implements Loggable`
Added permission system 2015-08-29 14:03:42 +00:00			`{`
Laravel 8 shift squash & merge (#3029) * Temporarily moved back config path * Apply Laravel coding style * Shift exception handler * Shift HTTP kernel and middleware * Shift service providers * Convert options array to fluent methods * Shift to class based routes * Shift console routes * Ignore temporary framework files * Shift to class based factories * Namespace seeders * Shift PSR-4 autoloading * Shift config files * Default config files * Shift Laravel dependencies * Shift return type of base TestCase methods * Shift cleanup * Applied stylci style changes * Reverted config files location * Applied manual changes to Laravel 8 shift Co-authored-by: Shift <shift@laravelshift.com> 2021-10-30 20:29:59 +00:00			`use HasFactory;`

Aded roles API controller methods Altered & updated permissions repo, and existing connected RoleController to suit. Also extracts in-app success notifications to auto activity system. Tweaked tests where required. 2023-02-18 18:36:34 +00:00			`protected $fillable = ['display_name', 'description', 'external_auth_id', 'mfa_enforced'];`
Started social registration 2015-09-05 16:42:05 +00:00
Refactored existing user API work - Updated routes to use new format. - Changed how hidden fields are exposed to be more flexible to different use-cases. - Updated properties available on read/list results. - Started adding testing coverage. - Removed old unused UserRepo 'getAllUsers' function. Related to #2701, Progression of #2734 2022-02-03 12:33:26 +00:00			`protected $hidden = ['pivot'];`

Added role API responses & requests Also applied other slight tweaks and comment updates based upon manual endpoint testing. 2023-02-19 15:58:29 +00:00			`protected $casts = [`
			`'mfa_enforced' => 'boolean',`
			`];`

Added permission system 2015-08-29 14:03:42 +00:00			`/**`
			`* The roles that belong to the role.`
			`*/`
Cleaned up some user/image areas of the app Further cleanup of docblocks and standardisation of repos. 2020-12-08 23:46:38 +00:00			`public function users(): BelongsToMany`
Added permission system 2015-08-29 14:03:42 +00:00			`{`
Updated auth pages to new design, Removed public layout 2019-02-03 17:34:15 +00:00			`return $this->belongsToMany(User::class)->orderBy('name', 'asc');`
Added permission system 2015-08-29 14:03:42 +00:00			`}`

Rolled out new permissions system throughout application 2016-04-24 15:54:20 +00:00			`/**`
Major permission naming refactor and database migration cleanup 2016-05-01 20:20:50 +00:00			`* Get all related JointPermissions.`
Rolled out new permissions system throughout application 2016-04-24 15:54:20 +00:00			`*/`
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above. 2020-08-04 13:55:01 +00:00			`public function jointPermissions(): HasMany`
Rolled out new permissions system throughout application 2016-04-24 15:54:20 +00:00			`{`
Major permission naming refactor and database migration cleanup 2016-05-01 20:20:50 +00:00			`return $this->hasMany(JointPermission::class);`
Rolled out new permissions system throughout application 2016-04-24 15:54:20 +00:00			`}`

Added permission system 2015-08-29 14:03:42 +00:00			`/**`
Major permission naming refactor and database migration cleanup 2016-05-01 20:20:50 +00:00			`* The RolePermissions that belong to the role.`
Added permission system 2015-08-29 14:03:42 +00:00			`*/`
Cleaned up some user/image areas of the app Further cleanup of docblocks and standardisation of repos. 2020-12-08 23:46:38 +00:00			`public function permissions(): BelongsToMany`
Added permission system 2015-08-29 14:03:42 +00:00			`{`
Updated auth pages to new design, Removed public layout 2019-02-03 17:34:15 +00:00			`return $this->belongsToMany(RolePermission::class, 'permission_role', 'role_id', 'permission_id');`
Added permission system 2015-08-29 14:03:42 +00:00			`}`

Added proper entity permission removal on role deletion Added test to cover. 2022-10-07 12:12:33 +00:00			`/**`
			`* Get the entity permissions assigned to this role.`
			`*/`
			`public function entityPermissions(): HasMany`
			`{`
			`return $this->hasMany(EntityPermission::class);`
			`}`

Finished initial implementation of custom role system 2016-02-27 19:24:42 +00:00			`/**`
			`* Check if this role has a permission.`
			`*/`
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above. 2020-08-04 13:55:01 +00:00			`public function hasPermission(string $permissionName): bool`
Finished initial implementation of custom role system 2016-02-27 19:24:42 +00:00			`{`
Improved permission regen performance by factor of 4 Worked around slower eloquent access to speed up permission generation. 2016-04-30 16:16:06 +00:00			`$permissions = $this->getRelationValue('permissions');`
			`foreach ($permissions as $permission) {`
Set /app PHP code to PSR-2 standard Also adde draw.io to attribution list. Closes #649 2018-01-28 16:58:52 +00:00			`if ($permission->getRawAttribute('name') === $permissionName) {`
			`return true;`
			`}`
Improved permission regen performance by factor of 4 Worked around slower eloquent access to speed up permission generation. 2016-04-30 16:16:06 +00:00			`}`
Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00
Improved permission regen performance by factor of 4 Worked around slower eloquent access to speed up permission generation. 2016-04-30 16:16:06 +00:00			`return false;`
Finished initial implementation of custom role system 2016-02-27 19:24:42 +00:00			`}`

Added permission system 2015-08-29 14:03:42 +00:00			`/**`
			`* Add a permission to this role.`
			`*/`
Updated auth pages to new design, Removed public layout 2019-02-03 17:34:15 +00:00			`public function attachPermission(RolePermission $permission)`
Added permission system 2015-08-29 14:03:42 +00:00			`{`
			`$this->permissions()->attach($permission->id);`
			`}`

Fixed and cleaned some permisison/role based components 2016-04-09 11:37:58 +00:00			`/**`
			`* Detach a single permission from this role.`
			`*/`
Updated auth pages to new design, Removed public layout 2019-02-03 17:34:15 +00:00			`public function detachPermission(RolePermission $permission)`
Fixed and cleaned some permisison/role based components 2016-04-09 11:37:58 +00:00			`{`
Added testing coverage to API token auth 2019-12-30 19:42:46 +00:00			`$this->permissions()->detach([$permission->id]);`
Fixed and cleaned some permisison/role based components 2016-04-09 11:37:58 +00:00			`}`

Added more tests to increase test coverage 2016-01-02 14:48:35 +00:00			`/**`
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above. 2020-08-04 13:55:01 +00:00			`* Get the role of the specified display name.`
Added more tests to increase test coverage 2016-01-02 14:48:35 +00:00			`*/`
Laravel 7.x Shift (#3011) * Apply Laravel coding style * Shift bindings * Shift core files * Shift to Throwable * Add laravel/ui dependency * Shift Eloquent methods * Shift config files * Shift Laravel dependencies * Shift cleanup * Shift test config and references * Applied styleci changes * Applied fixes post shift to laravel 7 Co-authored-by: Shift <shift@laravelshift.com> 2021-10-26 21:04:18 +00:00			`public static function getRole(string $displayName): ?self`
Added more tests to increase test coverage 2016-01-02 14:48:35 +00:00			`{`
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above. 2020-08-04 13:55:01 +00:00			`return static::query()->where('display_name', '=', $displayName)->first();`
Started social registration 2015-09-05 16:42:05 +00:00			`}`
Added hidden public role to fit with new permissions system 2016-05-01 18:36:53 +00:00
			`/**`
			`* Get the role object for the specified system role.`
			`*/`
Laravel 7.x Shift (#3011) * Apply Laravel coding style * Shift bindings * Shift core files * Shift to Throwable * Add laravel/ui dependency * Shift Eloquent methods * Shift config files * Shift Laravel dependencies * Shift cleanup * Shift test config and references * Applied styleci changes * Applied fixes post shift to laravel 7 Co-authored-by: Shift <shift@laravelshift.com> 2021-10-26 21:04:18 +00:00			`public static function getSystemRole(string $systemName): ?self`
Added hidden public role to fit with new permissions system 2016-05-01 18:36:53 +00:00			`{`
Added caching to the loading of system roles Admin system role was being loaded for each permission check performed. This caches the fetching for the request lifetime. 2023-02-23 23:01:03 +00:00			`static $cache = [];`

			`if (!isset($cache[$systemName])) {`
			`$cache[$systemName] = static::query()->where('system_name', '=', $systemName)->first();`
			`}`

			`return $cache[$systemName];`
Added hidden public role to fit with new permissions system 2016-05-01 18:36:53 +00:00			`}`

Implemented user, api_tokem & role activity logging Also refactored some role content, primarily updating the permission controller to be RoleController since it only dealt with roles. 2020-11-20 18:53:01 +00:00			`/**`
Laravel 7.x Shift (#3011) * Apply Laravel coding style * Shift bindings * Shift core files * Shift to Throwable * Add laravel/ui dependency * Shift Eloquent methods * Shift config files * Shift Laravel dependencies * Shift cleanup * Shift test config and references * Applied styleci changes * Applied fixes post shift to laravel 7 Co-authored-by: Shift <shift@laravelshift.com> 2021-10-26 21:04:18 +00:00			`* {@inheritdoc}`
Implemented user, api_tokem & role activity logging Also refactored some role content, primarily updating the permission controller to be RoleController since it only dealt with roles. 2020-11-20 18:53:01 +00:00			`*/`
			`public function logDescriptor(): string`
			`{`
			`return "({$this->id}) {$this->display_name}";`
			`}`
Added permission system 2015-08-29 14:03:42 +00:00			`}`