public function patchIndex(Role $role)
{
if (!$this->user->canAdminRoles() || !$this->user->canAdminPermissions()) {
return abort(403);
}
$input = Input::all();
$permissions = Permission::all();
$rolePermissions = [];
$nullPermissions = [];
foreach ($permissions as $permission) {
if ($this->user->can($permission->permission_id)) {
$nullPermissions[] = $permission->permission_id;
foreach ($input as $permission_id => $permission_value) {
$permission_id = str_replace("_", ".", $permission_id);
if ($permission->permission_id == $permission_id) {
switch ($permission_value) {
case "allow":
case "deny":
$rolePermissions[] = ['role_id' => $role->role_id, 'permission_id' => $permission_id, 'value' => $permission_value == "allow"];
break;
}
break;
}
}
}
}
RolePermission::where(['role_id' => $role->role_id])->whereIn('permission_id', $nullPermissions)->delete();
RolePermission::insert($rolePermissions);
return $this->view(static::VIEW_PERMISSIONS, ['role' => $role, 'permissions' => Permission::all()]);
}
public function run()
{
$this->command->info('Seeding permission to role associations.');
$permissions = Permission::get()->modelKeys();
// Insert default permissions.
foreach ($this->slugs() as $role_id => $slugs) {
foreach ($slugs as $slug_key => $slug_value) {
if (!is_numeric($slug_key) && (is_numeric($slug_value) || is_bool($slug_value))) {
$permission_id = $slug_key;
$permission_value = !!$slug_value;
} else {
$permission_id = $slug_value;
$permission_value = true;
}
if (in_array($permission_id, $permissions)) {
RolePermission::firstOrCreate(['role_id' => $role_id, 'permission_id' => $permission_id, 'value' => $permission_value]);
} else {
$this->command->error("Attempting to assign non-existant permission id `{$permission_id}` to role_id `{$role_id}`.");
}
}
}
// Give admin permissions.
if (count($permissions)) {
foreach ($permissions as $permission_id) {
$permission = RolePermission::firstOrNew(['role_id' => Role::ID_ADMIN, 'permission_id' => $permission_id]);
$permission->value = 1;
$permission->save();
}
}
}
/**
* Returns board uris with this permission.
*
* @param \App\Contracts\PermissionUser|null $user User roles must belong to. Defaults to null.
* @param bool $anonymous Determines if we should allow generic, unassigned roles. Defaults true.
* @return Collection of \App\Board->board_uri strings
*/
public function getBoardsWithPermissions(PermissionUser $user = null, $anonymous = true)
{
// Identify roles which affect this user.
// Sometimes we will only want direct assignments.
// This includes null user_id assignments for anonymouse users.
$userRoles = UserRole::select('role_id')->where(function ($query) use($user, $anonymous) {
if ($anonymous) {
$query->whereNull('user_id');
}
if ($user instanceof PermissionUser && !$user->isAnonymous()) {
$query->orWhere('user_id', $user->user_id);
} else {
if (!$anonymous) {
$query->where(\DB::raw('0'), '1');
}
}
})->get()->pluck('role_id');
if (!$userRoles) {
return collect();
}
$inheritRoles = Role::select('role_id', 'inherit_id')->whereIn('role_id', $userRoles)->get()->pluck('inherit_id')->filter(function ($item) {
return !is_null($item);
});
// Identify roles which use this permission,
// or which borrow inherited roles.
$validRoles = RolePermission::select('role_id', 'permission_id')->where(function ($query) use($userRoles, $inheritRoles) {
$query->orWhereIn('role_id', $userRoles);
if ($inheritRoles) {
$query->orWhereIn('role_id', $inheritRoles);
}
})->where('permission_id', $this->permission_id)->get()->pluck('role_id');
if (!$validRoles) {
return collect();
}
// Find the intersection of roles we have and roles we want.
$intersectIdents = collect($userRoles)->intersect(collect($validRoles));
$inheritIdents = collect($inheritRoles)->intersect(collect($validRoles));
$intersectRoles = collect();
if ($intersectIdents) {
// These are only roles which are directly assigned to us with
// this permission.
$intersectRoles = collect(Role::select('role_id', 'board_uri')->whereIn('role_id', $intersectIdents)->get()->pluck('board_uri'));
}
if ($inheritIdents) {
$intersectRoles = collect(Role::select('role_id', 'board_uri')->whereIn('inherit_id', $inheritIdents)->whereIn('role_id', $userRoles)->get()->pluck('board_uri'))->merge($intersectRoles);
}
return $intersectRoles;
}
public function run()
{
$this->command->info('Seeding permission to role associations.');
// Insert default permissions.
foreach ($this->slugs() as $slug) {
RolePermission::firstOrCreate(['role_id' => $slug['role_id'], 'permission_id' => $slug['permission_id'], 'value' => $slug['value']]);
}
// Give admin permissions.
$permissions = Permission::get();
if (count($permissions)) {
foreach ($permissions as $permission) {
$permission = RolePermission::firstOrNew(['role_id' => Role::$ROLE_ADMIN, 'permission_id' => $permission->permission_id]);
$permission->value = 1;
$permission->save();
}
}
}
public function run()
{
$this->command->info('Seeding permission to role associations.');
RolePermission::truncate();
$permissions = Permission::get()->modelKeys();
// Insert default permissions.
foreach ($this->slugs() as $role_id => $slugs) {
foreach ($slugs as $slug_key => $slug_value) {
if (!is_numeric($slug_key) && (is_numeric($slug_value) || is_bool($slug_value))) {
$permission_id = $slug_key;
$permission_value = !!$slug_value;
} else {
$permission_id = $slug_value;
$permission_value = true;
}
if (in_array($permission_id, $permissions)) {
(new RolePermission(['role_id' => $role_id, 'permission_id' => $permission_id, 'value' => $permission_value]))->save();
} else {
$this->command->error("Attempting to assign non-existant permission id `{$permission_id}` to role_id `{$role_id}`.");
}
}
}
// Give admin permissions.
if (count($permissions)) {
$role = Role::find(Role::ID_ADMIN);
$role->permissions()->detach();
$attachments = [];
foreach ($permissions as $permission_id) {
$attachments[] = ['permission_id' => $permission_id, 'value' => 1];
}
$role->permissions()->attach($attachments);
}
}
public function __construct($user)
{
foreach (RolePermission::where('profileid', $user->getAttribute("profileid"))->get() as $value) {
$this->roles[$value->getAttribute("action")] = $value->getAttribute("permission");
}
}
