/**
* Shortcut to assign directly to a role name.
* @param $roleName string
* @return mixed
* @throws \Exception
*/
public function grantTo($roleName)
{
$role = Role::getByName($roleName);
if (!$role) {
throw new \Exception("'{$roleName}' not found, cannot assign permission");
}
return $role->grant($this);
}
/**
* Assign a role to a user.
* @param string|int|Role $role
* @return mixed
* @throws \Exception
*/
public function assignRole($role)
{
if (is_string($role)) {
$role = Role::getByName($role);
}
if (!$role || empty($role)) {
throw new \Exception('Role missing and cannot be assigned to user');
}
if ($this->hasRole($role)) {
return true;
}
return $this->roles()->attach($role);
}
/**
* Test basic user authorizations, with models.
* This should deal directly with the ModelPolicy class.
*/
public function test_basic_user_auth()
{
// User 2 has permission to do a couple things.
$user = User::find(2);
$this->assertTrue($user->hasRole(Role::getByName('Administrator')));
// The models we'll test.
$page = Page::find(1);
$this->assertTrue($user->can('view', $page));
$this->assertFalse($user->can('delete', $page));
// User model is a managed class. The user doesn't have the manage permission.
// So, They shouldn't be able to edit a user that doesn't belong to them.
$testUser = User::find(1);
$this->assertFalse($user->can('edit', $testUser));
// But they can edit themselves.
$this->assertTrue($user->can('edit', $user));
}
protected function grantAbilities()
{
$administrator = Role::getByName('Administrator');
$administrator->grantAbility('view', 'Birdmin\\Page');
echo "Granted permissions for 'Administrator' role.\n";
}
