mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-07-17 08:42:23 +00:00
ffd6a1002e
Also updates show roles on permission view to just those with permissions applied. Fixes rounded borders for lone permission rows. Moves "Everyone Else" handling from role to new class.
129 lines
3.2 KiB
PHP
129 lines
3.2 KiB
PHP
<?php
|
|
|
|
namespace BookStack\Auth;
|
|
|
|
use BookStack\Auth\Permissions\EntityPermission;
|
|
use BookStack\Auth\Permissions\JointPermission;
|
|
use BookStack\Auth\Permissions\RolePermission;
|
|
use BookStack\Interfaces\Loggable;
|
|
use BookStack\Model;
|
|
use Illuminate\Database\Eloquent\Collection;
|
|
use Illuminate\Database\Eloquent\Factories\HasFactory;
|
|
use Illuminate\Database\Eloquent\Relations\BelongsToMany;
|
|
use Illuminate\Database\Eloquent\Relations\HasMany;
|
|
|
|
/**
|
|
* Class Role.
|
|
*
|
|
* @property int $id
|
|
* @property string $display_name
|
|
* @property string $description
|
|
* @property string $external_auth_id
|
|
* @property string $system_name
|
|
* @property bool $mfa_enforced
|
|
* @property Collection $users
|
|
*/
|
|
class Role extends Model implements Loggable
|
|
{
|
|
use HasFactory;
|
|
|
|
protected $fillable = ['display_name', 'description', 'external_auth_id'];
|
|
|
|
protected $hidden = ['pivot'];
|
|
|
|
/**
|
|
* The roles that belong to the role.
|
|
*/
|
|
public function users(): BelongsToMany
|
|
{
|
|
return $this->belongsToMany(User::class)->orderBy('name', 'asc');
|
|
}
|
|
|
|
/**
|
|
* Get all related JointPermissions.
|
|
*/
|
|
public function jointPermissions(): HasMany
|
|
{
|
|
return $this->hasMany(JointPermission::class);
|
|
}
|
|
|
|
/**
|
|
* The RolePermissions that belong to the role.
|
|
*/
|
|
public function permissions(): BelongsToMany
|
|
{
|
|
return $this->belongsToMany(RolePermission::class, 'permission_role', 'role_id', 'permission_id');
|
|
}
|
|
|
|
/**
|
|
* Get the entity permissions assigned to this role.
|
|
*/
|
|
public function entityPermissions(): HasMany
|
|
{
|
|
return $this->hasMany(EntityPermission::class);
|
|
}
|
|
|
|
/**
|
|
* Check if this role has a permission.
|
|
*/
|
|
public function hasPermission(string $permissionName): bool
|
|
{
|
|
$permissions = $this->getRelationValue('permissions');
|
|
foreach ($permissions as $permission) {
|
|
if ($permission->getRawAttribute('name') === $permissionName) {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Add a permission to this role.
|
|
*/
|
|
public function attachPermission(RolePermission $permission)
|
|
{
|
|
$this->permissions()->attach($permission->id);
|
|
}
|
|
|
|
/**
|
|
* Detach a single permission from this role.
|
|
*/
|
|
public function detachPermission(RolePermission $permission)
|
|
{
|
|
$this->permissions()->detach([$permission->id]);
|
|
}
|
|
|
|
/**
|
|
* Get the role of the specified display name.
|
|
*/
|
|
public static function getRole(string $displayName): ?self
|
|
{
|
|
return static::query()->where('display_name', '=', $displayName)->first();
|
|
}
|
|
|
|
/**
|
|
* Get the role object for the specified system role.
|
|
*/
|
|
public static function getSystemRole(string $systemName): ?self
|
|
{
|
|
return static::query()->where('system_name', '=', $systemName)->first();
|
|
}
|
|
|
|
/**
|
|
* Get all visible roles.
|
|
*/
|
|
public static function visible(): Collection
|
|
{
|
|
return static::query()->where('hidden', '=', false)->orderBy('name')->get();
|
|
}
|
|
|
|
/**
|
|
* {@inheritdoc}
|
|
*/
|
|
public function logDescriptor(): string
|
|
{
|
|
return "({$this->id}) {$this->display_name}";
|
|
}
|
|
}
|