protected function checkRoleInheritance(User $user = null, $roleName)
{
//未登入直接不通過
if (!$user) {
return false;
}
//直接擁有該角色
if ($user->hasRole($roleName)) {
return true;
}
//檢查角色是否存在
$role = Role::where('name', $roleName)->first();
if (!$role) {
return false;
}
//檢查擁有的角色,是否繼承欲檢查之角色
$roleList = $user->roles;
foreach ($roleList as $roleItem) {
if (isset(static::$inheritance[$roleItem->name]) || array_key_exists($roleItem->name, static::$inheritance)) {
//繼承表有該角色
$roleInheritanceList = static::$inheritance[$roleItem->name];
if (is_array($roleInheritanceList)) {
foreach ($roleInheritanceList as $roleInheritance) {
if ($roleInheritance = $role->name) {
return true;
}
}
}
}
}
return false;
}
public function store(Request $request, $id = null)
{
if (isset($id)) {
if ($request->input('password')) {
$validator = Validator::make($request->only('username', 'email', 'password', 'password_confirmation'), $this->user->update_rules_with_password);
} else {
$validator = Validator::make($request->only('username', 'email', 'password', 'password_confirmation'), $this->user->update_rules);
}
} else {
$validator = Validator::make($request->only('username', 'email', 'password', 'password_confirmation'), $this->user->create_rules);
}
if ($validator->passes()) {
if (isset($id)) {
$user = $this->user->find($id);
} else {
$user = new User();
}
$user->username = $request->input('username');
$user->email = $request->input('email');
if ($request->input('password')) {
$user->password = Hash::make($request->input('password'));
}
$user->save();
$role = Role::where('role_name', 'admin')->first();
if ($request->input('admin')) {
$user->roles()->attach($role);
} else {
if ($user->hasRole('admin')) {
$user->roles()->detach($role);
}
}
return redirect()->to('users')->with(['success' => 'Saved ' . $user->username]);
} else {
return redirect()->back()->withInput()->withErrors($validator->messages());
}
}
public function show(User $user, Group $group)
{
return $user->hasRole('manager') && $user->organization->id === $group->organization->id;
}
public function pdf(User $user, Report $report)
{
return $user->hasRole('manager') && $user->id === $report->owner->id;
}
/**
* Determine if user is admin then bypass all checks
*
* @param \App\User $user
* @param \App\Model\Permission $permission
* @return bool
*/
public function before($user, $ability)
{
if ($user->hasRole('admin')) {
return true;
}
}
/**
* Remove the specified resource from storage.
*
* @param int $id
* @return \Illuminate\Http\Response
*/
public function destroy(User $user, $role_id)
{
if (!Auth::user()->can('administrate-permissions')) {
abort(401, "You can not edit user permissions");
}
$role = Role::where('id', '=', $role_id)->firstOrFail();
if (!$user->hasRole($role->name)) {
abort(403, "User doesn't have the role id of ({$role_id})");
}
$user->removeUserRole($role_id);
return $user;
}
public function authenticated($request, User $user)
{
if ($user->hasRole('customer')) {
$this->redirectTo = '/customer/';
}
return redirect()->intended($this->redirectPath());
}
