/** * So here's the deal with permissions... Suppose we have code * like the following: * * @if( $user->hasPermission('edit', 'Employee') ) * <li><a href="/editEmployees">Edit Employees</a></li> * @endif * * Now suppose a user can edit a SUBSET of employees... We still * want to display this button, but within this button we need * to limit the employees shown. So we need two different actions: * * can you edit ANYTHING? * what can you edit? * * To prevent "what can you edit" from returning the entire * database in the event that you actually can edit everything, * it needs to somehow be condensed. Maybe a query string? * * * */ public function hasPermission($action, $model) { // First, is $model an instance? If so, get the class name if (is_string($model)) { $modelName = $model; $modelInstance = null; } else { $modelName = get_class($model); $modelInstance = $model; } // Now get ALL permissions for this action on this model $permissions = Permission::where(function ($query) use($action) { $query->orWhere('action', $action)->orWhere('action', 'all'); })->where(function ($query) use($modelName) { $query->orWhere('model', 'like', $modelName)->orWhere('model', '*'); })->get(); // Now see if we have a matching role // To start, see if we have a previously cached list of roles: if ($this->roleParents == null) { // We start with a list of this user's roles... $this->roleParents = $this->roles; // Then we iteratively get all parents foreach ($this->roleParents as $role) { if ($role->parent != null) { $this->roleParents->add($role->parent); } } } if ($this->roleChildren == null) { // We start with a list of this user's roles... $this->roleChildren = $this->roles; // Then we need to recursively get all children $children = new Collection(); foreach ($this->roles as $role) { $this->roleChildren = $this->roleChildren->merge($this->getAllChildren($role)); } $this->roleChildren = $this->roleChildren->unique(); } foreach ($permissions as $permission) { if ($permission->role_id == 0 || $this->roleParents->contains($permission->role) || $this->roleChildren->contains($permission->role) && $permission->trickle) { // So the user has a role that can perform the action on this model if ($modelInstance == null) { // If we're looking at the model as a whole, we good return true; } else { // If we're looking at a specific model, we need to check the domain $domain = json_decode($permission->domain); if (is_array($domain)) { if ($this->confirmDomain($domain, $modelInstance)) { return true; } } else { return true; } } } } // Failed to find a valid permission return false; }
private function sortByLikes(Collection $collection, Collection $orderArray) { $sorted = new Collection(); $orderArray->each(function ($orderElem) use($collection, $sorted) { if ($collection->contains($orderElem->likeable_id)) { $sorted->push($collection->find($orderElem->likeable_id)); } }); return $sorted; }
/** * Get all permissions as collection. * * @return \Illuminate\Database\Eloquent\Collection */ public function getPermissions() { if (!$this->permissions) { $rolePermissions = $this->rolePermissions()->get(); $userPermissions = $this->userPermissions()->get(); $deniedPermissions = new Collection(); foreach ($userPermissions as $key => $permission) { if (!$permission->pivot->granted && $rolePermissions->contains($permission)) { $deniedPermissions->push($permission); } } $permissions = $rolePermissions->merge($userPermissions); $this->permissions = $permissions->filter(function ($permission) use($deniedPermissions) { return !$deniedPermissions->contains($permission); }); } return $this->permissions; }
/** * Check if token is available * * @param string $tokenName * * @return bool */ public function __isset($tokenName) { return (bool) $this->tokens->contains($tokenName); }
public function permissions() { $permissions = new Collection(); foreach ($this->roles as $role) { foreach ($role->permissions as $permission) { if (!$permissions->contains('id', $permission->id)) { $permissions->add($permission); } } } return $permissions; }