/**
* So here's the deal with permissions... Suppose we have code
* like the following:
*
* @if( $user->hasPermission('edit', 'Employee') )
* <li><a href="/editEmployees">Edit Employees</a></li>
* @endif
*
* Now suppose a user can edit a SUBSET of employees... We still
* want to display this button, but within this button we need
* to limit the employees shown. So we need two different actions:
*
* can you edit ANYTHING?
* what can you edit?
*
* To prevent "what can you edit" from returning the entire
* database in the event that you actually can edit everything,
* it needs to somehow be condensed. Maybe a query string?
*
*
*
*/
public function hasPermission($action, $model)
{
// First, is $model an instance? If so, get the class name
if (is_string($model)) {
$modelName = $model;
$modelInstance = null;
} else {
$modelName = get_class($model);
$modelInstance = $model;
}
// Now get ALL permissions for this action on this model
$permissions = Permission::where(function ($query) use($action) {
$query->orWhere('action', $action)->orWhere('action', 'all');
})->where(function ($query) use($modelName) {
$query->orWhere('model', 'like', $modelName)->orWhere('model', '*');
})->get();
// Now see if we have a matching role
// To start, see if we have a previously cached list of roles:
if ($this->roleParents == null) {
// We start with a list of this user's roles...
$this->roleParents = $this->roles;
// Then we iteratively get all parents
foreach ($this->roleParents as $role) {
if ($role->parent != null) {
$this->roleParents->add($role->parent);
}
}
}
if ($this->roleChildren == null) {
// We start with a list of this user's roles...
$this->roleChildren = $this->roles;
// Then we need to recursively get all children
$children = new Collection();
foreach ($this->roles as $role) {
$this->roleChildren = $this->roleChildren->merge($this->getAllChildren($role));
}
$this->roleChildren = $this->roleChildren->unique();
}
foreach ($permissions as $permission) {
if ($permission->role_id == 0 || $this->roleParents->contains($permission->role) || $this->roleChildren->contains($permission->role) && $permission->trickle) {
// So the user has a role that can perform the action on this model
if ($modelInstance == null) {
// If we're looking at the model as a whole, we good
return true;
} else {
// If we're looking at a specific model, we need to check the domain
$domain = json_decode($permission->domain);
if (is_array($domain)) {
if ($this->confirmDomain($domain, $modelInstance)) {
return true;
}
} else {
return true;
}
}
}
}
// Failed to find a valid permission
return false;
}
private function sortByLikes(Collection $collection, Collection $orderArray)
{
$sorted = new Collection();
$orderArray->each(function ($orderElem) use($collection, $sorted) {
if ($collection->contains($orderElem->likeable_id)) {
$sorted->push($collection->find($orderElem->likeable_id));
}
});
return $sorted;
}
/**
* Get all permissions as collection.
*
* @return \Illuminate\Database\Eloquent\Collection
*/
public function getPermissions()
{
if (!$this->permissions) {
$rolePermissions = $this->rolePermissions()->get();
$userPermissions = $this->userPermissions()->get();
$deniedPermissions = new Collection();
foreach ($userPermissions as $key => $permission) {
if (!$permission->pivot->granted && $rolePermissions->contains($permission)) {
$deniedPermissions->push($permission);
}
}
$permissions = $rolePermissions->merge($userPermissions);
$this->permissions = $permissions->filter(function ($permission) use($deniedPermissions) {
return !$deniedPermissions->contains($permission);
});
}
return $this->permissions;
}
/**
* Check if token is available
*
* @param string $tokenName
*
* @return bool
*/
public function __isset($tokenName)
{
return (bool) $this->tokens->contains($tokenName);
}
public function permissions()
{
$permissions = new Collection();
foreach ($this->roles as $role) {
foreach ($role->permissions as $permission) {
if (!$permissions->contains('id', $permission->id)) {
$permissions->add($permission);
}
}
}
return $permissions;
}
