/** * Run the database seeds. * * @return void */ public function run() { DB::transaction(function () { // create admin user $root = factory(App\User::class)->create(['name' => 'Administrator', 'email' => '*****@*****.**', 'password' => bcrypt('123456'), 'username' => 'admin', 'location' => 'Da Nang', 'country' => 'Viet Nam', 'biography' => 'Dev', 'occupation' => 'Dev', 'website' => 'greenglobal.vn', 'image' => 'avatar.jpg']); // create default roles $admin = new Role(); $admin->name = 'admin'; $admin->display_name = 'Administrator'; $admin->description = 'User is allowed to manage all system.'; $admin->active = 1; $admin->save(); // create default guest roles $guest = new Role(); $guest->name = 'guest'; $guest->display_name = 'Guest'; $guest->description = 'User are not logged in.'; $guest->active = 1; $guest->save(); // attach roles $root->attachRole($admin); // create root permission $admin = new NodePermission(); $admin->name = 'Root'; $admin->display_name = 'Root permission'; $admin->description = 'The root.'; $admin->save(); // create all permission to admin $root = new PermissionRole(); $root->permission_id = 1; $root->role_id = 1; $root->status = 1; $root->save(); }); }
public function can($permissions, $arguments = []) { // Get param $userId = Auth::user()->id; // Get roles $listRole = (new RoleUser())->getUserRole($userId); if (empty($listRole) || empty($permissions)) { return false; } if (!is_array($permissions)) { $permissions = [$permissions]; } // Get list permissions id $listPermissions = NodePermission::whereIn('name', $permissions)->lists('id'); // Get permission status $rolePerm = PermissionRole::whereIn('role_id', $listRole)->whereIn('permission_id', $listPermissions)->get(); if (!$rolePerm->count()) { return false; } foreach ($rolePerm as $perm) { if ($perm->status == 1) { return true; } } return false; }
public function testHasManyPermission() { // assign new roles with name $modify = factory(Role::class)->create(['name' => 'modify', 'active' => 1]); $editor = factory(Role::class)->create(['name' => 'editor', 'active' => 1]); $user = factory(App\User::class)->create(['password' => bcrypt('123456')]); $credentials = ['email' => $user->email, 'password' => '123456']; $token = JWTAuth::attempt($credentials); // add roles to user $user->attachRole($modify); $user->attachRole($editor); // Post permission tree NodePermission::model()->tree('[{"id":2, "name":"2"},{"id":3, "name":"3","children":[{"id":4, "name":"4","children":[{"id":5, "name":"5"},{"id":6, "name":"6"}]}]},{"id":7, "name":"7"}]'); // add route to permission PermissionRoute::setRoutePermissionsRoles(2, '/password', 'PATCH'); PermissionRoute::setRoutePermissionsRoles(2, '/blog/{id}', 'POST'); // set permissons PermissionRole::create(['permission_id' => 2, 'role_id' => $modify->id, 'status' => 0]); PermissionRole::create(['permission_id' => 2, 'role_id' => $editor->id, 'status' => 0]); $res = $this->call('POST', '/blog/1', [], [], [], ['HTTP_Authorization' => "Bearer {$token}"]); $this->assertEquals(403, $res->getStatusCode()); // set permissons PermissionRole::create(['permission_id' => 2, 'role_id' => $modify->id, 'status' => 1]); PermissionRole::create(['permission_id' => 2, 'role_id' => $editor->id, 'status' => 0]); $res = $this->call('POST', '/blog/1', [], [], [], ['HTTP_Authorization' => "Bearer {$token}"]); $this->assertEquals(200, $res->getStatusCode()); // set permissons PermissionRole::create(['permission_id' => 2, 'role_id' => $modify->id, 'status' => 0]); PermissionRole::create(['permission_id' => 2, 'role_id' => $editor->id, 'status' => 1]); $res = $this->call('POST', '/blog/1', [], [], [], ['HTTP_Authorization' => "Bearer {$token}"]); $this->assertEquals(200, $res->getStatusCode()); }
/** * List permission of role * * @param user id * @return json */ public function rolePerm($roleId) { $role = new PermissionRole(); $tree = parent::where('id', '=', $this->getRootNode()->id)->first()->getDescendants()->toHierarchy(); // Get list permission with status $permissions = $role->getRolePermission($roleId, $tree->toArray()); return $permissions; }
/** * Check role is have all permission action * * @param Request * @return Response */ public function checkAllPerm($id = null) { if (!Role::find($id)) { return response()->json(null, 404); } $permissionRoot = PermissionRole::where(['role_id' => $id, 'permission_id' => 1])->first(); if (!empty($permissionRoot) && $permissionRoot->status == 1) { $isAll = true; } else { $isAll = false; } $roles = ['id' => (int) $id, 'type' => 'permissions', 'isAll' => $isAll]; return response()->json(arrayView('gcl.gclusers::nodePermission/read', ['node' => $roles]), 200); }
public function testCanPermissionAndHasRole() { $this->withoutMiddleware(); $user = factory(App\User::class)->create(['password' => bcrypt('123456')]); $credentials = ['email' => $user->email, 'password' => '123456']; $token = JWTAuth::attempt($credentials); $editor = factory(Role::class)->create(['name' => 'editor', 'active' => 1]); $partner = factory(Role::class)->create(['name' => 'partner', 'active' => 1]); // add role to user $user->attachRole($editor); $this->assertEquals(true, $user->hasRole('editor')); $this->assertEquals(false, $user->hasRole('admin')); $this->assertEquals(false, $user->can('delete-user')); $this->assertEquals(false, $user->can(['delete-user', 'create-user'])); // Add permission NodePermission::model()->tree('[{"id":2, "name":"2"},{"id":3, "name":"delete-user","children":[{"id":4, "name":"create-post","children":[{"id":5, "name":"5"},{"id":6, "name":"6"}]}]},{"id":7, "name":"7"}]'); PermissionRole::create(['permission_id' => 3, 'role_id' => $editor->id, 'status' => 1]); $this->assertEquals(true, $user->can('delete-user')); $this->assertEquals(true, $user->can(['delete-user', 'create-user'])); $this->assertEquals(false, $user->can('create-post')); $user->attachRole($partner); PermissionRole::create(['permission_id' => 4, 'role_id' => $partner->id, 'status' => 1]); $this->assertEquals(true, $user->can('create-post')); $this->assertEquals(true, $user->can(['create-post', 'delete-post'])); $this->assertEquals(true, $user->can(['create-post', 'delete-post', 'delete-user'])); }
/** * Check guest roles have a permission * * @param $route * @return boolean */ public static function isAllowGuest(array $route = []) { // Get param $route_method = $route['route_method']; $route_name = $route['route_name']; // Get roles $guestRole = Role::where('name', 'guest')->lists('id'); if (!$guestRole->count()) { return false; } // Get permission $permissions = parent::where(['route_method' => $route_method, 'route_name' => $route_name])->lists('permission_id')->toArray(); if (empty($permissions)) { return false; } // Get permission status $rolePerm = PermissionRole::whereIn('role_id', $guestRole)->whereIn('permission_id', $permissions)->get(); if (!$rolePerm->count()) { return false; } foreach ($rolePerm as $perm) { if ($perm->status == 1) { return true; } } return false; }