function showPermission($id)
{
$this->data['status'] = Session::has("status") ? Session::get("status") : FALSE;
$this->data['message'] = Session::has("message") ? Session::get("message") : "";
$this->data['id'] = $id;
// GET ALL PERMISSION
$permissions = Permission::where('group_id', $id)->get()->toArray();
$permissionMap = array();
// GET ALL MODULE
$moduleData = Modules::where('group_id', $id)->get()->toArray();
if (!empty($permissions)) {
foreach ($permissions as $permission) {
$permissionMap[$permission['module_id']][] = $permission;
}
}
if (!empty($moduleData)) {
$moduleData = array_column($moduleData, 'name', 'id');
}
// GET USER PERMISSION
$groupPermissions = Sentry::findGroupById($id)->getPermissions();
$this->data['permissionMap'] = $permissionMap;
$this->data['moduleData'] = $moduleData;
$this->data['groupPermissions'] = $groupPermissions;
if (Request::isMethod('post')) {
$this->postPermission($id, $this->data);
if ($this->data['status'] === TRUE) {
return Redirect::to($this->moduleURL . 'permission/' . $this->data['id']);
}
}
$this->layout->content = View::make('showPermission', $this->data);
}
public function run()
{
$admin = Role::where('name', '=', 'administrator')->first();
$perms = Permission::all();
$admin->perms()->sync(array_pluck($perms, 'id'));
$man = Role::where('name', '=', 'users manager')->first();
$perms = Permission::where('name', '=', 'manage_users')->orWhere('name', '=', 'delete_users')->get();
$man->perms()->sync(array_pluck($perms, 'id'));
$man = Role::where('name', '=', 'premium author')->first();
$perms = Permission::where('name', '=', 'manage_premium_casts')->orWhere('name', '=', 'manage_free_casts')->orWhere('name', '=', 'manage_series')->get();
$man->perms()->sync(array_pluck($perms, 'id'));
$man = Role::where('name', '=', 'author')->first();
$perms = Permission::where('name', '=', 'manage_free_casts')->orWhere('name', '=', 'manage_series')->get();
$man->perms()->sync(array_pluck($perms, 'id'));
$man = Role::where('name', '=', 'eraser')->first();
$perms = Permission::where('name', '=', 'delete_series')->orWhere('name', '=', 'delete_casts')->get();
$man->perms()->sync(array_pluck($perms, 'id'));
$man = Role::where('name', '=', 'premium user')->first();
$perms = Permission::where('name', '=', 'view_premium_casts')->orWhere('name', '=', 'view_free_casts')->get();
$man->perms()->sync(array_pluck($perms, 'id'));
$man = Role::where('name', '=', 'user')->first();
$perms = Permission::where('name', '=', 'view_free_casts')->get();
$man->perms()->sync(array_pluck($perms, 'id'));
$man = Role::where('name', '=', 'guest')->first();
$perms = Permission::where('name', '=', 'view_free_casts')->get();
$man->perms()->sync(array_pluck($perms, 'id'));
}
/**
* Check if a role has a specific permission based on the permission $key
*
* @param string $key
* @param int $role_id
* @return bool
*/
public static function has_permission($key, $role_id)
{
if (!isset(static::$permission[$key])) {
static::$permission[$key] = \Permission::where('permission', '=', $key)->first(array('id'));
}
$relation = (bool) static::where('role_id', '=', $role_id)->where('permission_id', '=', static::$permission[$key]->id)->first(array('id'));
return $relation;
}
public static function factory($id = null)
{
$instance = new Permission();
if (!empty($id)) {
$instance->where('id', $id)->get();
}
return $instance;
}
function permission($module, $action)
{
$CI =& get_instance();
$permission = new Permission();
$perm = $permission->where("user_type_id = " . $CI->session->userdata('user_type') . " and module = '" . $module . "'")->get();
if ($perm->{$action}) {
return TRUE;
} else {
return FALSE;
}
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
Schema::table('c_m_p', function (Blueprint $table) {
$table->dropForeign('c_m_p_cjenovnik_id_foreign');
$table->dropForeign('c_m_p_mjera_id_foreign');
$table->dropForeign('c_m_p_predmet_id_foreign');
});
Schema::drop('c_m_p');
Schema::drop('cjenovnici');
Permission::where('ime', 'in', array(Permission::PERMISSION_VIEW_CJENOVNIK, Permission::PERMISSION_MANAGE_CJENOVNIK, Permission::PERMISSION_REMOVE_CJENOVNIK))->delete();
}
public function run()
{
$admin = new Role();
$admin->name = 'Admin';
$admin->save();
$managePages = Permission::where('name', '=', 'manage_pages')->first();
$manageUsers = Permission::where('name', '=', 'manage_users')->first();
$manageSermons = Permission::where('name', '=', 'manage_sermons')->first();
$admin->perms()->sync(array($managePages->id, $manageUsers->id, $manageSermons->id));
$member = new Role();
$member->name = 'Member';
$member->save();
}
public function checkRoute()
{
if (App::environment() == 'dev') {
return true;
}
$route = Route::currentRouteName();
$user_id = Auth::id();
$permission_object = Permission::where('route', '=', $route)->first();
$permission_id = $permission_object->id;
$count = $users = DB::table('permission_user')->where('permission_id', '=', $permission_id)->where('user_id', '=', $user_id)->count();
if ($count > 0) {
return true;
} else {
return false;
}
}
public function removePermission()
{
$user_id = Input::get("user");
$permission_id = Input::get("permission");
$user = User::find($user_id);
$permission = PermissionDefinition::find($permission_id);
if ($user) {
if ($permission) {
Permission::where(['permission_id' => $permission_id, 'user_id' => $user_id])->delete();
return Redirect::to('/dashboard/storyteller/manage/permissions');
} else {
return Response::json(['success' => false, 'message' => 'Invalid permission definition.']);
}
} else {
return Response::json(['success' => false, 'message' => 'Invalid user.']);
}
}
public function run()
{
//DB::table('assigned_roles')->delete();
//DB::table('roles')->delete();
$admin = Role::create(array('name' => 'admin'));
$student = Role::create(array('name' => 'student'));
$teacher = Role::create(array('name' => 'teacher'));
$permisos = Permission::all();
foreach ($permisos as $permiso) {
$admin->attachPermission($permiso);
}
$permiso = Permission::where('name', '=', 'crear_examen')->get()->first();
$teacher->attachPermission($permiso);
$permiso = Permission::where('name', '=', 'eliminar_examen')->get()->first();
$teacher->attachPermission($permiso);
$permiso = Permission::where('name', '=', 'modificar_examen')->get()->first();
$teacher->attachPermission($permiso);
$permiso = Permission::where('name', '=', 'realizar_examen')->get()->first();
$student->attachPermission($permiso);
$permiso = Permission::where('name', '=', 'ver_resultado_examen')->get()->first();
$student->attachPermission($permiso);
}
/**
* Update the specified resource in storage.
* PUT /roles/{id}
*
* @param int $id
* @return Response
*/
public function update($id)
{
$role = Role::findOrFail($id);
if ($role) {
$perms = Input::get('perms');
$permsToAttach = [];
if (Input::has('perms')) {
foreach ($perms as $key => $value) {
$perm = Permission::where('id', '=', $key)->first();
if ($perm) {
array_push($permsToAttach, $perm->id);
}
}
}
$role->perms()->sync($permsToAttach);
if (Input::has('display_name')) {
$role->display_name = Input::get('display_name');
}
$role->save();
return Redirect::to('admin/roles')->with(['roles-notice' => 'Role has been updated']);
}
return Redirect::to('admin/roles')->with(['roles-notice' => 'Error updating role']);
}
public function run()
{
$roles = [['name' => 'Administrator', 'weight' => 3], ['name' => 'Moderator', 'weight' => 2], ['name' => 'User', 'weight' => 1]];
$permissions = [['weight' => '1', 'node' => 'quote.editor', 'description' => 'The ability to use the editor'], ['weight' => '1', 'node' => 'quote.edit', 'description' => 'The ability to edit an existing quote'], ['weight' => '2', 'node' => 'quote.edit.others', 'description' => 'The ability to edit an existing quote that isn\'t yours'], ['weight' => '1', 'node' => 'quote.new', 'description' => 'The ability to create a new quote'], ['weight' => '2', 'node' => 'quote.approve', 'description' => 'The ability to approve a quote'], ['weight' => '2', 'node' => 'quote.deny', 'description' => 'The ability to deny a quote'], ['weight' => '1', 'node' => 'quote.upvote', 'description' => 'The ability to upvote a quote'], ['weight' => '1', 'node' => 'quote.downvote', 'description' => 'The ability to downvote a quote'], ['weight' => '1', 'node' => 'quote.favorite', 'description' => 'The ability to create favorites'], ['weight' => '1', 'node' => 'user.preferences', 'description' => 'The ability to access user preferences'], ['weight' => '3', 'node' => 'site.preferences', 'description' => 'The ability to access site preferences']];
foreach ($permissions as $permission) {
$perm = Permission::firstOrNew(['node' => $permission['node']]);
$perm->description = $permission['description'];
$perm->save();
}
foreach ($roles as $r) {
$this->command->info('Adding permissions to ' . $r['name']);
$role = Role::where('name', $r['name'])->first();
foreach ($permissions as $p) {
if ($p['weight'] <= $r['weight']) {
$this->command->info('Giving ' . $r['name'] . ' the ' . $p['node'] . ' node');
$permission = Permission::where('node', $p['node'])->first();
if (!$role->permissions->contains($permission->id)) {
$role->permissions()->attach($permission);
}
}
}
}
}
function permission($module, $action, $id = null)
{
$CI =& get_instance();
$foo = new Permission();
if ($id) {
$foobar = $foo->where("user_type_id", $id)->where("module", $module)->get(1);
if ($foobar->{$action}) {
return TRUE;
} else {
return FALSE;
}
} else {
if (user()->fd_admin == 1) {
return TRUE;
} else {
$foobar = $foo->where("user_type_id", user()->user_type_id)->where("module", $module)->get(1);
if ($foobar->{$action}) {
return TRUE;
} else {
return FALSE;
}
}
}
}
/**
* Remove the specified resource from storage.
*
* @param int $id
* @return Response
*/
public function destroy($id)
{
if (ACL::checkUserPermission('permission.delete') == false) {
return Redirect::action('dashboard');
}
$permission = Permission::where('id', $id)->find($id);
if (!empty($permission)) {
$permission->delete();
$messageType = 'success';
$message = 'Permission delete success';
} else {
$messageType = 'error';
$message = 'Permission delete failed';
}
return Redirect::action('settings.permission')->with($messageType, $message);
}
public function getPermission()
{
$this->getUser();
$this->permission = Permission::where('name', 'TestPermission')->first();
}
public function destroyRbacRules()
{
$permissions = $this->getPermissionsArray();
$members = GroupMember::where('group_id', '=', $this->id)->get();
$roles = Role::where('name', '=', "group_{$this->id}_owner")->orWhere('name', '=', "group_{$this->id}_editor")->orWhere('name', '=', "group_{$this->id}_staff")->get();
foreach ($roles as $role) {
foreach ($members as $member) {
$user = User::where('id', '=', $member->user_id)->first();
$user->detachRole($role);
}
if ($role instanceof Role) {
$role->delete();
}
}
foreach ($permissions as $permData) {
$perm = Permission::where('name', '=', $permData['name'])->first();
if ($perm instanceof Permission) {
$perm->delete();
}
}
}
public static function getControllerPermission($controller_id, $controllerAction)
{
$perm = Permission::where(function ($query) use($controllerAction, $controller_id) {
$query->where('controller_type', '=', $controllerAction)->where(function ($query) use($controller_id) {
$query->where('controller_id', '=', $controller_id)->orWhere('controller_id', '=', '*');
});
})->orderBy('controller_id', 'desc')->get();
return $perm;
}
public function updateRole()
{
$prevURL = Request::header('referer');
if (!Request::isMethod('post')) {
return App::abort(404);
}
if (Input::has('id')) {
try {
$role = Role::findorFail((int) Input::get('id'));
} catch (Illuminate\Database\Eloquent\ModelNotFoundException $e) {
return App::abort(404);
}
$create = false;
$message = 'has been updated successful';
} else {
$create = true;
$role = new Role();
$message = 'has been added successful';
}
$role->name = Input::has('name') ? Input::get('name') : '';
$pass = $role->valid();
if ($pass->passes()) {
Permission::generatePermission();
$role->save();
if (Input::has('permission')) {
$arrAssignedPermission = [];
$arrPermission = Input::get('permission');
foreach ($arrPermission as $controller => $permission) {
foreach ($permission as $action => $type) {
$currentPerrmission = Permission::select('id')->where('name', 'like', "%{$controller}_{$action}_%")->where('name', '<>', "{$controller}_{$action}_{$type}")->get();
if (!$currentPerrmission->isEmpty()) {
$arrId = [];
foreach ($currentPerrmission as $id) {
$arrId[] = $id->id;
}
DB::table('permission_role')->where('role_id', $role->id)->whereIn('permission_id', $arrId)->delete();
unset($currentPerrmission, $arrId);
}
if ($type != 'none') {
$permission_id = Permission::where('name', "{$controller}_{$action}_{$type}")->pluck('id');
if (is_null($permission_id)) {
continue;
}
$arrAssignedPermission[] = $permission_id;
}
}
}
if (!empty($arrAssignedPermission)) {
$role->perms()->sync($arrAssignedPermission);
}
Cache::tags('menu', 'frontend')->flush();
Cache::tags('menu', 'backend')->flush();
}
if (Input::has('continue')) {
if ($create) {
$prevURL = URL . '/admin/roles/edit-role/' . $role->id;
}
return Redirect::to($prevURL)->with('flash_success', "<b>{$role->name}</b> {$message}.");
}
return Redirect::to(URL . '/admin/roles')->with(['flash_success' => "{$role->name} {$message}."]);
}
return Redirect::to($prevURL)->with(['flash_error' => $pass->messages()->all()])->withInput();
}
public static function byName($permName)
{
return Permission::where('name', $permName)->firstOrFail();
}
public function getItemPermissions(ItemContract $item)
{
// TODO: Implement getItemPermissions() method.
return Permission::where('item_type', $item->getType())->where('item_id', $item->getId())->get();
}
public function save($id)
{
if ($_POST) {
$variable = new Permission();
$variable->where("user_type_id", $id)->get()->delete_all();
// permission เว็บไซต์หลัก
$module = new Module();
$module->where("main", 1)->order_by("extra", "DESC")->order_by("id", "ASC")->get();
foreach ($module as $key => $value) {
if (!empty($_POST[$value->module . "_view"]) || !empty($_POST[$value->module . "_create"]) || !empty($_POST[$value->module . "_delete"]) || !empty($_POST[$value->module . "_extra"])) {
$foo = new Permission();
$foo->user_type_id = $id;
$foo->module = $value->module;
$foo->views = @$_POST[$value->module . "_view"] ? 1 : 0;
$foo->create = @$_POST[$value->module . "_create"] ? 1 : 0;
$foo->delete = @$_POST[$value->module . "_delete"] ? 1 : 0;
$foo->extra = @$_POST[$value->module . "_extra"] ? 1 : 0;
$foo->save();
}
}
// permission ประเภทข่าวของเว็บไซต์หลัก
$content = new Content_Group();
$content->order_by("title", "ASC")->get();
foreach ($content as $key => $value) {
if (!empty($_POST["content_" . $value->id . "_view"]) || !empty($_POST["content_" . $value->id . "_create"]) || !empty($_POST["content_" . $value->id . "_delete"])) {
$foo = new Permission();
$foo->user_type_id = $id;
$foo->module = "content_" . $value->id;
$foo->views = @$_POST["content_" . $value->id . "_view"] ? 1 : 0;
$foo->create = @$_POST["content_" . $value->id . "_create"] ? 1 : 0;
$foo->delete = @$_POST["content_" . $value->id . "_delete"] ? 1 : 0;
$foo->save();
}
}
// check ถ้ามีการเลือกของ intranet
if (@$_POST["intranet"]) {
$module = new Module();
$module->where("intranet", 1)->order_by("extra", "DESC")->order_by("id", "ASC")->get();
foreach ($module as $num => $row) {
if (!empty($_POST["int_" . $row->module . "_view"]) || !empty($_POST["int_" . $row->module . "_create"]) || !empty($_POST["int_" . $row->module . "_delete"]) || !empty($_POST["int_" . $row->module . "_extra"])) {
$intranet = new Permission();
$intranet->user_type_id = $id;
$intranet->module = "int_" . $row->module;
$intranet->views = @$_POST["int_" . $row->module . "_view"] ? 1 : 0;
$intranet->create = @$_POST["int_" . $row->module . "_create"] ? 1 : 0;
$intranet->delete = @$_POST["int_" . $row->module . "_delete"] ? 1 : 0;
$intranet->extra = @$_POST["int_" . $row->module . "_extra"] ? 1 : 0;
$intranet->save();
}
}
}
// check ถ้ามีการเลือกของเว็บหน่วยงาน
if (@$_POST["department"]) {
$module = new Module();
$module->where("department", 1)->order_by("extra", "DESC")->order_by("id", "ASC")->get();
foreach ($_POST["department"] as $key => $value) {
foreach ($module as $num => $row) {
if (!empty($_POST["d" . $value . "_" . $row->module . "_view"]) || !empty($_POST["d" . $value . "_" . $row->module . "_create"]) || !empty($_POST["d" . $value . "_" . $row->module . "_delete"]) || !empty($_POST["d" . $value . "_" . $row->module . "_extra"])) {
$department = new Permission();
$department->user_type_id = $id;
$department->module = "d" . $value . "_" . $row->module;
$department->views = @$_POST["d" . $value . "_" . $row->module . "_view"] ? 1 : 0;
$department->create = @$_POST["d" . $value . "_" . $row->module . "_create"] ? 1 : 0;
$department->delete = @$_POST["d" . $value . "_" . $row->module . "_delete"] ? 1 : 0;
$department->extra = @$_POST["d" . $value . "_" . $row->module . "_extra"] ? 1 : 0;
$department->save();
}
}
}
}
if (!empty($_POST['requests_view'])) {
$module = new Module();
$module->where('request', 1)->order_by('extra', 'desc')->order_by('id', 'asc')->get();
foreach ($module as $num => $row) {
$request = new Permission();
$request->user_type_id = $id;
$request->module = $row->module;
$request->views = @$_POST[$row->module . "_view"] ? 1 : 0;
$request->create = @$_POST[$row->module . "_create"] ? 1 : 0;
$request->delete = @$_POST[$row->module . "_delete"] ? 1 : 0;
$request->extra = @$_POST[$row->module . "_extra"] ? 1 : 0;
$request->save();
}
}
}
redirect("admin/settings/permissions");
}
/**
* get the Filemanager
*
* @return Response
*/
public function postPermission()
{
$role = Role::find(Input::get('role_id'));
if (!empty($role)) {
// Validate the inputs
$validator = Validator::make(Input::all(), Config::get('validator.admin.permission'));
// Check if the form validates with success
if ($validator->passes()) {
//[id] => name
$resources = Cachr::getCache('DB_AdminResourceName');
//Set allowed resources
foreach (Input::except(array('role_id', '_token')) as $resource_id) {
//['resource_id'] => [id]
Log::info('allowed resource : ' . $resource_id);
unset($resources[$resource_id]);
$permission = Permission::where('role_id', '=', $role->id)->where('resource_id', '=', $resource_id)->first();
if (!empty($permission)) {
$permission->type = 'allow';
if (!$permission->save()) {
return Redirect::to('admin/role_permission')->with('error_permissions', Lang::get('admin.permission_save_error'));
}
}
}
//Set deny resources
foreach ($resources as $k => $resource) {
$permissions = Permission::where('role_id', '=', $role->id)->where('resource_id', '=', $k)->get();
Log::info('denied resource : ' . $k);
foreach ($permissions as $permission) {
if (!empty($permission)) {
$permission->type = 'deny';
if (!$permission->save()) {
return Redirect::to('admin/role_permission')->with('error_permissions', Lang::get('admin.permission_save_error'));
}
}
}
}
//track user
parent::track('update', 'Permission', $role->id);
return Redirect::to('admin/role_permission')->with('success_permissions', Lang::get('admin.permission_save_success'));
}
return Redirect::to('/admin/role_permission')->withInput()->withErrors($validator);
}
return Redirect::to('/admin/role_permission')->with('error_permissions', Lang::get('admin.role_not_found'));
}
function render()
{
$listModuleFile = array();
$listIgnores = array('.', '..', '.DS_Store', '.svn');
$primaryArray = array('Create', 'Read', 'Edit', 'Delete');
$listFiles = array_diff(scandir($this->modulePath), $listIgnores);
// GET LIST FILE IN FOLDER
if (!empty($listFiles)) {
foreach ($listFiles as $file) {
$fileName = ucwords(str_replace("_", " ", $file));
$fileSlug = str_replace("_", "-", $file);
$listModuleFile[$fileSlug] = $fileName;
}
}
// GET LIST FILE IN DATABASE
$listModuleStore = Modules::get()->toArray();
$listModuleStore = array_column($listModuleStore, 'name', 'slug');
// NEW MODULE
$diffInsert = array_diff($listModuleFile, $listModuleStore);
$insertData = array();
if (!empty($diffInsert)) {
foreach ($diffInsert as $k => $v) {
$mA = explode("-", $k);
$suffix = last($mA);
if ($suffix == 'manager') {
$count = count($mA);
$preSuffix = $mA[$count - 2];
$suffix = $preSuffix . "_" . $suffix;
}
$groupString = "group_" . $suffix . "_id";
$group = 0;
if (Config::has("backend.{$groupString}")) {
$group = Config::get("backend.{$groupString}");
}
$insertData = array('slug' => $k, 'name' => $v, 'group_id' => $group, 'status' => 1);
if ($item = Modules::create($insertData)) {
if ($item->save()) {
// // Insert Menu
// $menuInsert = array(
// 'status' => 0,
// 'name' => $item->name,
// 'module_id' => $item->id,
// 'slug' => $item->slug.'/show-list',
// );
// Menus::create($menuInsert);
// Create Primary Permission
foreach ($primaryArray as $p) {
$primaryInsert = array('name' => $item->name . " " . $p, 'slug' => $item->slug . "-" . strtolower($p), 'module_id' => $item->id, 'group_id' => $group, 'action' => strtolower($p));
Permission::create($primaryInsert);
}
}
}
}
}
// REMOVE MODULE
$diffRemove = array_diff($listModuleStore, $listModuleFile);
if (!empty($diffRemove)) {
foreach ($diffRemove as $k => $v) {
$item = Modules::where(array('slug' => $k, 'name' => $v))->first();
$deleteID = $item->id;
if ($item->delete()) {
// Menus::where('module_id', $deleteID)->delete();
Permission::where('module_id', $deleteID)->delete();
}
}
}
}
function render()
{
$listModuleFile = array();
$listIgnores = array('dashboard', 'home', 'chat', 'search', '.', '..', '.DS_Store', '.svn');
$primaryArray = array('Create', 'Read', 'Edit', 'Delete');
$listFiles = array_diff(scandir($this->modulePath), $listIgnores);
// GET LIST FILE IN FOLDER
if (!empty($listFiles)) {
foreach ($listFiles as $file) {
$file = str_replace("_backend", "", $file);
$fileName = ucwords(str_replace("_", " ", $file));
$fileSlug = str_replace("_", "-", $file);
$listModuleFile[$fileSlug] = $fileName;
}
}
// GET LIST FILE IN DATABASE
$listModuleStore = Modules::get()->toArray();
$listModuleStore = array_column($listModuleStore, 'name', 'slug');
// NEW MODULE
$diffInsert = array_diff($listModuleFile, $listModuleStore);
$insertData = array();
if (!empty($diffInsert)) {
foreach ($diffInsert as $k => $v) {
$insertData = array('slug' => $k, 'name' => $v, 'status' => 1);
if ($item = Modules::create($insertData)) {
if ($item->save()) {
// Insert Menu
$menuInsert = array('status' => 0, 'name' => $item->name, 'module_id' => $item->id, 'slug' => $item->slug . '/show-list');
Menus::create($menuInsert);
// Create Primary Permission
foreach ($primaryArray as $p) {
$primaryInsert = array('name' => $item->name . " " . $p, 'slug' => $item->slug . "-" . strtolower($p), 'module_id' => $item->id, 'action' => strtolower($p));
Permission::create($primaryInsert);
}
}
}
}
}
// REMOVE MODULE
$diffRemove = array_diff($listModuleStore, $listModuleFile);
if (!empty($diffRemove)) {
foreach ($diffRemove as $k => $v) {
$item = Modules::where(array('slug' => $k, 'name' => $v))->first();
$deleteID = $item->id;
if ($item->delete()) {
Menus::where('module_id', $deleteID)->delete();
Permission::where('module_id', $deleteID)->delete();
}
}
}
}
</div>
</div>
<div class="row left">
<form method="post" action="/dashboard/storyteller/manage/permissions/grant" class="panel">
<h4>Grant Permission</h5>
<label>User</label>
<select name="user">
@foreach(User::orderBy('username')->get() as $u)
<option value="{{$u->id}}">{{$u->username}}</option>
@endforeach
</select>
<label>Permission</label>
<select name="permission">
@foreach(PermissionDefinition::all() as $p)
<?php
$count = Permission::where('permission_id', $p->id)->count();
?>
<option value="{{$p->id}}">
{{$p->name}} ({{$count}} user{{$count == 1 ? '' : 's'}} with permission)
</option>
@endforeach
</select>
<input type="submit" class="button small" value="Grant Permission" />
</form>
<form method="post" action="/dashboard/storyteller/manage/permissions/create" class="panel">
<h4>Create Permission</h5>
<label>Name</label>
<input type="text" name="name" />
<label>Description</label>
<textarea name="description"></textarea>
<input type="submit" class="button small" value="Add Position" />
/**
* Auth check
* check if the current user can access the current uri
* it check user, user role, user group, and user group role perms
* all checks done using DataMapper directly
* user can call this function in the Controller constructor or function
* it follow the deny all expect allowed concept
*/
public function auth_check()
{
$controller = $this->ci->uri->rsegment(1);
if ($this->ci->uri->rsegment(2) != '') {
$action = $controller . '/' . $this->ci->uri->rsegment(2);
} else {
$action = $controller . '/index';
}
$allow = false;
$user = $this->get_user_info();
$u = new User($user['user']['id']);
$p = new Permission();
// check user
$p->where('permission', $action)->where_related($u)->get();
if ($p->exists()) {
return TRUE;
}
// check user role
$r = new Role();
$r->where_related($u)->get();
$p->where('permission', $action)->where_in_related($r)->get();
if ($p->exists()) {
return TRUE;
}
// check user group
$g = new Group();
$g->where_related($u)->get();
$p->where('permission', $action)->where_in_related($g)->get();
if ($p->exists()) {
return TRUE;
}
// check user group role
$r->where_in_related($g)->get();
$p->where('permission', $action)->where_in_related($r)->get();
if ($p->exists()) {
return TRUE;
}
$this->set_error('You have not the permission to do that');
return FALSE;
}
