/** * Check Permissions * * @param \Illuminate\Http\Request $request * * @return Boolean True if permission check passes, false otherwise */ protected function checkPermissions($request) { $action = $request->route()->getAction(); // Check for additional permissions required $requiredPermisions = isset($action['permissions']) ? explode('|', $action['permissions']) : false; return $this->permissionChecker->hasPermission('user', null, $requiredPermisions); }
/** * @param string $moderationName * * @param string $contentName * @param int $contentId * * @return \Illuminate\View\View */ public function renderModerationButton($moderationName, $contentName, $contentId) { $moderation = $this->moderationRegistry->get($moderationName); if ($moderation && $this->permissionChecker->hasPermission('user', null, $moderation->getPermissionName())) { return view('partials.moderation.moderation_button', ['moderation' => $moderation, 'content_name' => $contentName, 'content_id' => $contentId]); } }
/** * @return bool */ public function authorize() { if ($this->getModeration()) { return $this->permissionChecker->hasPermission('user', null, $this->getModeration()->getPermissionName()); } return true; }
/** * Get all users active in the last x minutes * * @param int $minutes The number of minutes which are considered as "online time" * @param string $orderBy * @param string $orderDir * @param int $num The number of users to return. Set to 0 to get all users * * @return mixed */ public function online($minutes = 15, $orderBy = 'last_visit', $orderDir = 'desc', $num = 20) { // If the user visited the logout page as last he's not online anymore /** @var Builder $baseQuery */ $baseQuery = $this->userModel->where('last_visit', '>=', new \DateTime("{$minutes} minutes ago"))->where('last_page', '!=', 'auth/logout')->orderBy('users.' . $orderBy, $orderDir); // No need to add anymore if the user has permission to view anyone if (!$this->permissionChecker->hasPermission('user', null, 'canViewAllOnline')) { // First get the id of our setting $settingId = Setting::where('name', 'user.showonline')->first()->id; // Now join the correct setting_values row $baseQuery->leftJoin('setting_values', function ($join) use($settingId) { $join->on('setting_values.user_id', '=', 'users.id')->where('setting_values.setting_id', '=', $settingId); }); // Either the setting is true or not set... $baseQuery->where(function ($query) { $query->where('setting_values.value', true)->orWhereNull('setting_values.value'); // ... or we're querying our row at the moment if ($this->guard->check()) { $query->orWhere('users.id', '=', $this->guard->user()->id); } }); } if ($num > 0) { return $baseQuery->paginate($num, ['users.*']); } return $baseQuery->get(['users.*']); }
/** * Get the forum tree for the index, consisting of root forums (categories), and one level of descendants. * * @param bool $checkPermissions * * @return mixed */ public function getIndexTree($checkPermissions = true) { $unviewable = $this->permissionChecker->getUnviewableIdsForContent('forum'); // TODO: The caching decorator would also cache the relations here $baseQuery = $this->forumModel->where('parent_id', '=', null); if ($checkPermissions) { $baseQuery = $baseQuery->whereNotIn('id', $unviewable); } return $baseQuery->with(['children', 'children.lastPost', 'children.lastPost.topic', 'children.lastPostAuthor'])->get(); }
/** * @param array $postIds * * @return mixed */ public function getPostsByIds(array $postIds) { $unviewableForums = $this->permissionChecker->getUnviewableIdsForContent('forum'); return $this->postModel->whereIn('id', $postIds)->whereHas('topic', function ($query) use($unviewableForums) { $query->whereNotIn('forum_id', $unviewableForums); })->with(['author', 'topic'])->get(); }
/** * @return bool */ public function isOnline() { $minutes = $this->settings->get('wio.minutes', 15); // This user was logging out at last if ($this->wrappedObject->last_page == 'auth/logout') { return false; } // This user isn't online if (new \DateTime($this->wrappedObject->last_visit) < new \DateTime("{$minutes} minutes ago")) { return false; } // The user is online, now permissions // We're either testing our own account or have permissions to view everyone if ($this->permissionChecker->hasPermission('user', null, 'canViewAllOnline') || $this->guard->user()->id == $this->wrappedObject->id) { return true; } // Next we need to get the setting for this user // First get the id of our setting $settingId = Setting::where('name', 'user.showonline')->first()->id; // Now the value $settingValue = SettingValue::where('user_id', '=', $this->wrappedObject->id)->where('setting_id', '=', $settingId)->first(); // Either the value isn't set (good) or true (better), let's show this user as online if ($settingValue == null || $settingValue->value == true) { return true; } // Still here? Then the viewing user doesn't have the permissions and we show him as offline return false; }
/** * @param int $num * * @return mixed */ public function getNewest($num = 20) { $unviewableForums = $this->permissionChecker->getUnviewableIdsForContent('forum'); return $this->topicModel->orderBy('last_post_id', 'desc')->with(['lastPost', 'forum', 'lastPost.author'])->whereNotIn('forum_id', $unviewableForums)->take($num)->get(); }
/** * @return array */ public function rules() { $unviewableForums = implode(',', $this->permissionChecker->getUnviewableIdsForContent('forum')); return ['content' => 'required', 'title' => 'required', 'forum_id' => "required|exists:forums,id|not_in:{$unviewableForums}"]; }
/** * Filters a forum collection by the "canView" permission * * @param Collection $forums * * @return Collection */ private function filterUnviewableForums(Collection $forums) { return $forums->filter(function (Forum $forum) { return $this->permissionChecker->hasPermission('forum', $forum->getContentId(), $forum::getViewablePermission(), $this->guard->user()); }); }
/** * @param PermissionChecker $permissionChecker * @param SearchRequest $searchRequest * * @return \Illuminate\Http\RedirectResponse */ public function makeSearch(PermissionChecker $permissionChecker, SearchRequest $searchRequest) { if ($searchRequest->result != 'posts') { $searchRequest->result = 'topics'; } if ($searchRequest->result == 'topics') { $query = Topic::with(['firstPost']); $query->leftJoin('posts', 'topics.first_post_id', '=', 'posts.id'); $query->where(function ($query) use(&$searchRequest) { $query->where(function ($query) use(&$searchRequest) { $query->where('topics.title', 'like', '%' . $searchRequest->keyword . '%'); $query->orWhere('posts.content', 'like', '%' . $searchRequest->keyword . '%'); }); }); } else { $query = Post::with(['topic']); $query->leftJoin('topics', 'posts.topic_id', '=', 'topics.id'); $query->where('posts.content', 'like', '%' . $searchRequest->keyword . '%'); } if ($searchRequest->author) { $query->leftJoin('users', 'posts.user_id', '=', 'users.id'); $query->where(function ($query) use(&$searchRequest) { if ($searchRequest->matchusername) { $query->where('users.name', $searchRequest->author); $query->orWhere('posts.username', $searchRequest->author); } else { $query->where('users.name', 'like', '%' . $searchRequest->author . '%'); $query->orWhere('posts.username', 'like', '%' . $searchRequest->author . '%'); } }); } if ($searchRequest->topic_replies_type) { switch ($searchRequest->topic_replies_type) { case 'atmost': $query->where('topics.num_posts', '<=', $searchRequest->topic_replies); break; case 'atleast': $query->where('topics.num_posts', '>=', $searchRequest->topic_replies); break; case 'exactly': default: $query->where('topics.num_posts', $searchRequest->topic_replies); break; } } if ($searchRequest->post_date) { $postDateType = '>='; if ($searchRequest->post_date_type == 'older') { $postDateType = '<='; } switch ($searchRequest->post_date) { case 'yesterday': $postDate = '-1 day'; break; case 'oneweek': $postDate = '-1 week'; break; case 'twoweek': $postDate = '-2 weeks'; break; case 'onemonth': $postDate = '-1 month'; break; case 'threemonth': $postDate = '-3 months'; break; case 'sixmonth': $postDate = '-3 months'; break; case 'oneyear': $postDate = '-1 year'; break; default: $postDate = ''; break; } if ($postDate) { $query->where($searchRequest->result . '.created_at', $postDateType, new \DateTime('today ' . $postDate)); } } if (is_array($searchRequest->forums) && (!empty($searchRequest->forums) || !in_array('-1', $searchRequest->forums))) { $query->whereIn('topics.forum_id', $searchRequest->forums); } // Forum permissions need to be checked $unviewableForums = $permissionChecker->getUnviewableIdsForContent('forum'); if (!empty($unviewableForums)) { $query->whereNotIn('topics.forum_id', $unviewableForums); } if (!$searchRequest->sortby) { $searchRequest->sortby = 'postdate'; $searchRequest->sorttype = 'asc'; } if (!$searchRequest->sorttype) { $searchRequest->sorttype = 'asc'; } $topics = []; $posts = []; $results = $query->get(); if ($searchRequest->result == 'topics') { foreach ($results as $result) { $topics[] = $result->id; $posts[] = $result->firstPost->id; } } else { foreach ($results as $result) { $topics[] = $result->topic->id; $posts[] = $result->id; } } $searchlog = $this->searchRepository->create(['topics' => implode(',', $topics), 'posts' => implode(',', $posts), 'keywords' => $searchRequest->keyword, 'as_topics' => $searchRequest->result == 'topics']); return redirect()->route('search.results', ['id' => $searchlog->id, 'orderBy' => $searchRequest->sortby, 'orderDir' => $searchRequest->sorttype]); }