/**
* Assign a role to a user.
* @param string|int|Role $role
* @return mixed
* @throws \Exception
*/
public function assignRole($role)
{
if (is_string($role)) {
$role = Role::getByName($role);
}
if (!$role || empty($role)) {
throw new \Exception('Role missing and cannot be assigned to user');
}
if ($this->hasRole($role)) {
return true;
}
return $this->roles()->attach($role);
}
/**
* Installs the basic environment.
* Includes super user and basic role assignment.
*
* @return void
*/
public function run()
{
$user = User::create(['first_name' => 'Mike', 'last_name' => 'Adamczyk', 'email' => '*****@*****.**', 'password' => Hash::make('password'), 'position' => 'Web Developer', 'affiliation' => 'Brightstar Corporation', 'website' => 'http://bom.us']);
// Sample user.
$admin = User::create(['first_name' => 'Robin', 'last_name' => 'Bird', 'email' => '*****@*****.**', 'password' => Hash::make('password')]);
$roles = [['name' => 'Super User', 'description' => 'Provides full access to the application.'], ['name' => 'Administrator', 'description' => 'Provides non-system content and object management.'], ['name' => 'Editor', 'description' => 'Provides non-system content-management access.']];
foreach ($roles as $data) {
$role = Role::create($data);
}
// Assign the role to the admin user.
$user->assignRole('Super User');
$admin->assignRole('Administrator');
}
/**
* Test basic user authorizations, with models.
* This should deal directly with the ModelPolicy class.
*/
public function test_basic_user_auth()
{
// User 2 has permission to do a couple things.
$user = User::find(2);
$this->assertTrue($user->hasRole(Role::getByName('Administrator')));
// The models we'll test.
$page = Page::find(1);
$this->assertTrue($user->can('view', $page));
$this->assertFalse($user->can('delete', $page));
// User model is a managed class. The user doesn't have the manage permission.
// So, They shouldn't be able to edit a user that doesn't belong to them.
$testUser = User::find(1);
$this->assertFalse($user->can('edit', $testUser));
// But they can edit themselves.
$this->assertTrue($user->can('edit', $user));
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
Role::blueprint()->dropSchema();
}
protected function grantAbilities()
{
$administrator = Role::getByName('Administrator');
$administrator->grantAbility('view', 'Birdmin\\Page');
echo "Granted permissions for 'Administrator' role.\n";
}
/**
* Return a role by name.
* @param $name string
* @return mixed
*/
public static function getByName($name)
{
return Role::where('name', $name)->first();
}
/**
* Deny this permission to the given role.
* @param Role $role
* @return PermissionCollection|null
*/
public function deny(Role $role)
{
return $role->deny($this);
}
