public static function updateRolePermissions(AclRole $role)
{
$group_resources = GroupResources::getGroupResources();
$perm_ids = [];
/* @var $perm \Volicon\Acl\AclPermission */
foreach ($role->permissions as $key => $perm) {
$permission_id = $group_resources->search($perm->resource);
$perm_ids[] = $permission_id;
$role->permissions[$key]->permission_id = $permission_id;
if ($permission_id === FALSE) {
throw new \Exception('Resource not exists: ' . $perm->resource);
}
}
$db_role_perm = RolePermission::where('role_id', '=', $role->role_id)->get()->keyBy('permission_id');
$db_perm_ids = $db_role_perm->lists('permission_id');
$perm_to_delete = array_diff($db_perm_ids, $perm_ids);
$perm_to_add = array_diff($perm_ids, $db_perm_ids);
if ($perm_to_delete) {
RolePermission::where('role_id', '=', $role->role_id)->whereIn('permission_id', $perm_to_delete)->delete();
}
foreach ($role->permissions as $perm) {
if (in_array($perm->permission_id, $perm_to_add)) {
RolePermission::create(['role_id' => $role->role_id, 'permission_id' => $perm->permission_id, 'values' => json_encode($perm->values), 'allowed' => $perm->allowed]);
} else {
RolePermission::where('role_id', '=', $role->role_id)->where('permission_id', '=', $perm->permission_id)->update(['values' => json_encode($perm->values), 'allowed' => $perm->allowed]);
}
}
}
public function getPermission($resource, array $ids = [])
{
if (!$this->_guard) {
return new AclPermission($resource, $ids, true);
}
if (in_array($resource, Config::get('acl::allways_allow_resources'))) {
return new AclPermission($resource, $ids, true);
}
$authUser = $this->getAuthUser();
if (!$authUser) {
return new AclPermission($resource, [], false);
}
$groupResource = GroupResources::getResourceGroup($resource);
if ($groupResource) {
$resource = $groupResource;
}
if (isset($authUser->permissions[$resource])) {
$permission = $authUser->getPermission($resource, $ids);
return $this->applyHook($permission, $ids);
}
$result = new AclPermission($resource);
foreach ($authUser->user_types as $type) {
if (isset($this->registersRoleProviders[$type])) {
$permission = $this->registersRoleProviders[$type]->getPermission($resource, $ids);
$result = $result->mergePermission($permission);
}
if ($result->isAllowAll()) {
break;
}
}
return $this->applyHook($result, $ids);
}
public function getRoles(array $roleIds = [], $resources = [])
{
$roles = Role::getRoles($roleIds, [$this->role_type], false);
$group_resources = GroupResources::getGroupResources();
$permissions = new Collection();
foreach ($group_resources as $resource) {
$permissions[] = $this->getPermission($resource);
}
foreach ($roles as &$role) {
$role->permissions = $permissions;
}
return $roles;
}
public static function getRoles(array $roleIds = [], $types = [], $resources = [])
{
if (self::$use_cache) {
$roles = Cache::rememberForever(self::$cache_key, function () {
$roles = static::with('users', 'permissions')->get();
$result = new Collection();
foreach ($roles as $role) {
$result[] = new AclRole($role);
}
$cache_prefix = Config::get('acl::cache_key', '_volicon_acl_');
Cache::forever($cache_prefix . '_last_role_update', new MicrotimeDate());
return $result;
});
/* @var $roles \Illuminate\Support\Collection */
$need_filter = count($roles) || count($types) || count($resources);
$roles = !$need_filter ? $roles : $roles->filter(function ($role) use($roleIds, $types, $resources) {
return !($roleIds && !in_array($role->role_id, $roleIds) || $types && !in_array($role->type, $types) || $resources && !array_intersect($role->permissions->lists('resource'), $resources));
});
return $roles;
}
$roles = static::with('users');
$roles->with(['permissions' => function ($query) use($resources) {
if (!$resources) {
return;
}
$groupResources = GroupResources::getGroupResources();
$resourcesIds = [];
foreach ($resources as $resource) {
$resourcesIds[] = $groupResources->search($resource);
}
$query->whereIn('permission_id', $resourcesIds);
}]);
if ($types) {
$roles->whereIn('type', $types);
}
if ($roleIds) {
$roles->whereIn('role_id', $roleIds);
}
$result = new Collection();
foreach ($roles->get() as $role) {
$result[] = new AclRole($role);
}
return $result;
}
protected function addSubResources($permissions)
{
$result = $permissions->keyBy('resource');
$sub_resources = [];
$dependent_resources = [];
$group_resources = Config::get('acl::group_resources', []);
$dependent_group_resources = GroupResources::getDependentGroupsResources();
foreach ($permissions as $permission) {
$resource = $permission['resource'];
if (!isset($group_resources[$resource])) {
continue;
}
$config_permission_options = $group_resources[$resource];
$permission_options = isset($config_permission_options['@options']) ? $config_permission_options['@options'] : [];
if (!isset($permission_options['depend'])) {
$permission_options['depend'] = [];
}
if (!isset($permission_options['sub_resource'])) {
$permission_options['sub_resource'] = false;
}
if ($permission_options['sub_resource']) {
$sub_resources[] = $resource;
} else {
if (count($permission_options['depend'])) {
$dependent_resources = array_merge($dependent_resources, $dependent_group_resources[$permission->resource]);
}
}
}
foreach ($sub_resources as $resource) {
if (!in_array($resource, $dependent_resources) && !count($result[$resource]['values'])) {
unset($result[$resource]);
}
}
foreach ($dependent_resources as $resource) {
if (!isset($result[$resource])) {
$result[$resource] = ['resource' => $resource, 'values' => [], 'allowed' => true];
}
}
return $result->values()->toArray();
}
public function __construct($resource, $values = [], $allowed = null)
{
$data = [];
$default_permission = Config::get("acl::config.default_permission");
if (is_array($resource)) {
$resource = (object) $resource;
}
if (is_object($resource)) {
/* @var $resource AclPermission */
if (!(isset($resource->resource) || isset($resource->permission_id))) {
throw new InvalidArgumentException('permission must include resource');
}
if (!isset($resource->resource)) {
$group_resources = GroupResources::getGroupResources();
if (!isset($group_resources[$resource->permission_id])) {
throw new InvalidArgumentException('permission id do not have resource: ' . $resource->permission_id);
}
$data['resource'] = $group_resources[$resource->permission_id];
} else {
$data['resource'] = $resource->resource;
}
if (isset($resource->values)) {
if (is_array($resource->values)) {
$data['values'] = $resource->values;
} else {
if (is_string($resource->values)) {
$data['values'] = json_decode($resource->values);
}
}
}
$data['allowed'] = !isset($resource->allowed) || is_null($resource->allowed) ? $default_permission : (bool) $resource->allowed;
} else {
$data['resource'] = $resource;
$data['values'] = $values;
$data['allowed'] = is_null($allowed) || !is_bool($allowed) ? $default_permission : $allowed;
}
parent::__construct($data);
}
public function getPermission($resource, array $ids = [])
{
if (in_array($resource, Config::get('acl::allways_allow_resources'))) {
return new AclPermission($resource, $ids, true);
}
$groupResource = GroupResources::getResourceGroup($resource);
if ($groupResource) {
$resource = $groupResource;
}
$result = new AclPermission($resource);
if ($ids) {
$result = $result->newSubPermission($ids);
}
$result = AclFacade::applyHook($result, $ids, $this);
$aclUser = $this;
if (!isset($this->permissions)) {
$aclUser = self::findWithPermissions($this->getKey());
}
if (isset($aclUser->permissions[$resource])) {
$result = $aclUser->permissions[$resource];
if ($ids) {
$result = $result->newSubPermission($ids);
}
}
return $result;
}
protected function updateResorces(&$db_resources_map, &$config_resources)
{
$db_resources = array_keys($db_resources_map);
$config_resources = array_keys($config_resources);
// delete group resources that are not in config
$not_in_config_resources = array_diff($db_resources, $config_resources);
if (count($not_in_config_resources)) {
GroupResources::whereIn('resource', $not_in_config_resources)->delete();
}
// delete role permissions then are not in config
$deleted_permission_ids = array();
foreach ($not_in_config_resources as $deleted_resource) {
$deleted_permission_ids[] = $db_resources_map[$deleted_resource];
}
if (count($deleted_permission_ids)) {
RolePermission::whereIn('permission_id', $deleted_permission_ids)->delete();
}
// add the new resources
$new_resources = array_diff($config_resources, $db_resources);
\Eloquent::unguard();
foreach ($new_resources as $resource) {
GroupResources::create(array('resource' => $resource));
}
\Eloquent::reguard();
GroupResources::refreshGroupResources();
}