/**
* Create a new user instance after a valid registration.
*
* @param array $data
*
* @return User
*/
protected function create(array $data)
{
$user = User::create(['name' => $data['name'], 'email' => $data['email'], 'password' => bcrypt($data['password'])]);
$user->roles()->attach(Role::where('role_slug', '=', 'user')->pluck('id'), ['is_display' => true]);
return $user;
}
/**
* Checks whether the specified user has the specified permission
*
* @param string $content
* @param int $contentID
* @param array|string $permission
* @param User $user
*
* @return bool
*
* @throws PermissionInvalidContentException
* @throws PermissionImplementInterfaceException
*/
public function hasPermission($content, $contentID, $permission, User $user = null)
{
$concreteClass = $this->classModel->getClass($content);
if ($concreteClass == null) {
throw new PermissionInvalidContentException($content);
}
if (!$concreteClass instanceof PermissionInterface) {
throw new PermissionImplementInterfaceException($content);
}
if ($user == null) {
$user = app('auth.driver')->user();
}
// Handle the array case
if (is_array($permission)) {
foreach ($permission as $perm) {
$hasPermission = $this->hasPermission($content, $contentID, $perm, $user);
// No need to check more permissions
if (!$hasPermission) {
return false;
}
}
return true;
}
// We already calculated the permissions for this user, no need to recheck all roles
if (isset($this->permissions[$content][$contentID][$user->getKey()][$permission])) {
return $this->permissions[$content][$contentID][$user->getKey()][$permission];
}
// Handle special cases where no role has been set
$roles = $user->roles;
if ($roles->count() == 0) {
if ($user->exists) {
// User saved? Something is wrong, attach the registered role
$registeredRole = Role::where('role_slug', '=', 'user')->first();
$user->roles()->attach($registeredRole->id, ['is_display' => 1]);
$roles = [$registeredRole];
} else {
// Guest
if ($this->guestRole == null) {
$this->guestRole = Role::where('role_slug', '=', 'guest')->first();
}
$roles = [$this->guestRole];
}
}
// Assume "No" by default
$isAllowed = false;
foreach ($roles as $role) {
$hasPermission = $this->getPermissionForRole($role, $permission, $content, $contentID);
// If we never want to grant the permission we can skip all other roles. But don't forget to cache it
if ($hasPermission == PermissionChecker::NEVER) {
$isAllowed = false;
break;
} elseif ($hasPermission == PermissionChecker::YES) {
$isAllowed = true;
}
}
// No parent? No need to do anything else here
if ($concreteClass instanceof InheritPermissionInterface && $concreteClass::find($contentID)->getParent() != null) {
// If we have a positive permission but need to check parents for negative values do so here
if ($isAllowed && in_array($permission, $concreteClass::getNegativeParentOverrides())) {
$isAllowed = $this->hasPermission($content, $concreteClass::find($contentID)->getParent()->getContentId(), $permission, $user);
}
// Do the same for negative permissions with parent positives
if (!$isAllowed && in_array($permission, $concreteClass::getPositiveParentOverrides())) {
$isAllowed = $this->hasPermission($content, $concreteClass::find($contentID)->getParent()->getContentId(), $permission, $user);
}
}
// Don't forget to cache the permission for this call
$this->permissions[$content][$contentID][$user->getKey()][$permission] = $isAllowed;
return $isAllowed;
}
/**
* @return Role
*/
public function displayRole()
{
if ($this->displayRole == null) {
// Do we have a guest?
if ($this->id <= 0) {
$this->displayRole = Role::where('role_slug', 'guest')->first();
} else {
$this->displayRole = $this->roles->whereLoose('pivot.is_display', true)->first();
}
}
return $this->displayRole;
}
