function can($permission)
{
// WARNING: skip permissions check, for use in development mode ONLY
if (env('SKIP_PERMISSION_CHECK')) {
return true;
}
if (auth()->check()) {
if (!auth()->user()->hasPermission($permission)) {
abort(403, 'Access denied');
}
} else {
// check if permission is given to anonymous users
$role = \App\Models\User\RoleModel::whereName('anonymous')->first();
if (!$role) {
// anonymous role doesn't exist yet !
abort(403, 'Access denied');
} else {
$permission = \App\Models\User\PermissionModel::whereName($permission)->first();
// anonymous role doesn't have this permission sadly
if (!$permission or !$role->permissions()->find([$permission->id])->count()) {
abort(403, 'Access denied');
}
}
}
return true;
}
public function postPermission()
{
can('user.manage');
$role = RoleModel::find(request()->input()['role_id']);
$permission = PermissionModel::find(request()->input()['permission_id']);
if ($role->permissions()->find([$permission->id])->count()) {
$save = false;
} else {
$save = true;
}
$role->givePermissionTo($permission, $save);
return redirect('/role/permission');
}
/**
* Grant the given permission to a role.
*
* @param Permission $permission
*
* @return mixed
*/
public function givePermissionTo($permission, $save = true)
{
// if passed a permission name, get the permission model
if (is_string($permission)) {
$permission = PermissionModel::whereName($permission)->first();
if (!$permission) {
return false;
}
}
// if role already has the permission, return true.
if ($save and $this->permissions()->find([$permission->id])->count()) {
return $permission;
}
if ($save) {
// assign the permission to this role
return $this->permissions()->save($permission);
} else {
return $this->permissions()->detach($permission);
}
}
