public function __construct(AuthorableInterface $authorable, $resources = array()) { if (empty($resources)) { // revoking all privileges of an admin $privileges = Privilege::where('admin_id', $authorable->identifier())->get(); $this->revoke($privileges); return true; } $privileges = Privilege::where('admin_id', $authorable->identifier())->whereIn('resource_id', $resources)->get(); $this->revoke($privileges); return true; }
/** * Create a new Access instance. * * @todo Implement sending all privileges of an admin when no resources specified * * @param Agency\Cms\Authority\Contracts\AuthorableInterface $authorable * @param array $resources */ public function __construct(AuthorableInterface $authorable, Collection $resources) { $query = Privilege::with('role')->orderBy('resource_id'); foreach ($resources as $resource) { if (!$resource instanceof PrivilegableInterface) { throw new InvalidResourceTypeException('must implement PrivilegableInterface'); } $query->orWhere(function ($q) use($authorable, $resource) { $q->where('admin_id', $authorable->identifier()); $q->where('resource_id', $resource->identifier()); $q->where('resource_type', get_class($resource)); }); } $privileges = $query->get(); // dd(\DB::getQueryLog()); $this->accessible['resources'] = $this->getAccessibleResources($privileges); }
/** * Grant a role for an AuthorableInterface over a resource. * * @todo Improve to accept authorization for multiple resources. * * @param string $role_alias The role to grant * @param Agency\Cms\Authority\Contracts\PrivilegableInterface $resource * @return Agency\Cms\Authority\Entities\Privilege */ public function grant($role_alias, PrivilegableInterface $resource) { // find role by alias $role = Role::where('alias', $role_alias)->first(); if (!$role) { throw new Exceptions\RoleNotFoundException($role_alias); } $role_id = $role->id; $admin_id = $this->authorable->identifier(); // try finding privilege on that resource $privilege_found = Privilege::where('admin_id', $admin_id)->where('resource_id', $resource->identifier())->where('resource_type', get_class($resource))->first(); if ($privilege_found) { // the privilege exists already, update it $privilege_found->fill(compact('admin_id', 'role_id')); $privilege_found->save(); return $privilege_found; } return $resource->privileges()->create(['admin_id' => $admin_id, 'role_id' => $role->id]); }
/** * Validate access to a resource through premissions * * @param string $permission_alias * @param string $resource * @return boolean */ public function validate($permission_alias, $resource) { // verify permission alias $permission = Permission::where('alias', $permission_alias)->first(); if (!$permission) { throw new Exceptions\PermissionNotFoundException($permission_alias); } $admin_id = $this->authorable->identifier(); $resource_type = get_class($resource); $privilege = Privilege::where('admin_id', $admin_id)->where('resource_type', $resource_type)->first(); if (!$privilege) { // user has no privilege to access this resource return false; } // privilege exists, we check to see // whether the role has the requested permission /** * @todo Improve this by finding the Role with * its id and that the permission id * exists for that role using whereHas. * Finding that role confirms the validation. */ $role = Role::findOrFail($privilege->role_id); $permissions = $role->permissions()->get(); if (!count($permissions) > 0) { // this role has no permissions set return false; } $permissions = $permissions->toArray(); $permission_found = array_filter($permissions, function ($permission) use($permission_alias) { return $permission['alias'] == $permission_alias; }); // there should be only one match. // otherwise something must have gone wrong somewhere if (count($permission_found) === 1) { return true; } return false; }
public function __construct(AuthorableInterface $authorable, $resources) { $resource_types = $this->extractResourceTypes($resources); $previous = Privilege::where('admin_id', $authorable->identifier())->whereIn('resource_type', $resource_types)->delete(); }