function can($permission) { // WARNING: skip permissions check, for use in development mode ONLY if (env('SKIP_PERMISSION_CHECK')) { return true; } if (auth()->check()) { if (!auth()->user()->hasPermission($permission)) { abort(403, 'Access denied'); } } else { // check if permission is given to anonymous users $role = \App\Models\User\RoleModel::whereName('anonymous')->first(); if (!$role) { // anonymous role doesn't exist yet ! abort(403, 'Access denied'); } else { $permission = \App\Models\User\PermissionModel::whereName($permission)->first(); // anonymous role doesn't have this permission sadly if (!$permission or !$role->permissions()->find([$permission->id])->count()) { abort(403, 'Access denied'); } } } return true; }
public function postPermission() { can('user.manage'); $role = RoleModel::find(request()->input()['role_id']); $permission = PermissionModel::find(request()->input()['permission_id']); if ($role->permissions()->find([$permission->id])->count()) { $save = false; } else { $save = true; } $role->givePermissionTo($permission, $save); return redirect('/role/permission'); }
/** * Grant the given permission to a role. * * @param Permission $permission * * @return mixed */ public function givePermissionTo($permission, $save = true) { // if passed a permission name, get the permission model if (is_string($permission)) { $permission = PermissionModel::whereName($permission)->first(); if (!$permission) { return false; } } // if role already has the permission, return true. if ($save and $this->permissions()->find([$permission->id])->count()) { return $permission; } if ($save) { // assign the permission to this role return $this->permissions()->save($permission); } else { return $this->permissions()->detach($permission); } }