public function __construct(AuthorableInterface $authorable, $resources = array())
{
if (empty($resources)) {
// revoking all privileges of an admin
$privileges = Privilege::where('admin_id', $authorable->identifier())->get();
$this->revoke($privileges);
return true;
}
$privileges = Privilege::where('admin_id', $authorable->identifier())->whereIn('resource_id', $resources)->get();
$this->revoke($privileges);
return true;
}
/**
* Grant a role for an AuthorableInterface over a resource.
*
* @todo Improve to accept authorization for multiple resources.
*
* @param string $role_alias The role to grant
* @param Agency\Cms\Authority\Contracts\PrivilegableInterface $resource
* @return Agency\Cms\Authority\Entities\Privilege
*/
public function grant($role_alias, PrivilegableInterface $resource)
{
// find role by alias
$role = Role::where('alias', $role_alias)->first();
if (!$role) {
throw new Exceptions\RoleNotFoundException($role_alias);
}
$role_id = $role->id;
$admin_id = $this->authorable->identifier();
// try finding privilege on that resource
$privilege_found = Privilege::where('admin_id', $admin_id)->where('resource_id', $resource->identifier())->where('resource_type', get_class($resource))->first();
if ($privilege_found) {
// the privilege exists already, update it
$privilege_found->fill(compact('admin_id', 'role_id'));
$privilege_found->save();
return $privilege_found;
}
return $resource->privileges()->create(['admin_id' => $admin_id, 'role_id' => $role->id]);
}
/**
* Validate access to a resource through premissions
*
* @param string $permission_alias
* @param string $resource
* @return boolean
*/
public function validate($permission_alias, $resource)
{
// verify permission alias
$permission = Permission::where('alias', $permission_alias)->first();
if (!$permission) {
throw new Exceptions\PermissionNotFoundException($permission_alias);
}
$admin_id = $this->authorable->identifier();
$resource_type = get_class($resource);
$privilege = Privilege::where('admin_id', $admin_id)->where('resource_type', $resource_type)->first();
if (!$privilege) {
// user has no privilege to access this resource
return false;
}
// privilege exists, we check to see
// whether the role has the requested permission
/**
* @todo Improve this by finding the Role with
* its id and that the permission id
* exists for that role using whereHas.
* Finding that role confirms the validation.
*/
$role = Role::findOrFail($privilege->role_id);
$permissions = $role->permissions()->get();
if (!count($permissions) > 0) {
// this role has no permissions set
return false;
}
$permissions = $permissions->toArray();
$permission_found = array_filter($permissions, function ($permission) use($permission_alias) {
return $permission['alias'] == $permission_alias;
});
// there should be only one match.
// otherwise something must have gone wrong somewhere
if (count($permission_found) === 1) {
return true;
}
return false;
}
public function __construct(AuthorableInterface $authorable, $resources)
{
$resource_types = $this->extractResourceTypes($resources);
$previous = Privilege::where('admin_id', $authorable->identifier())->whereIn('resource_type', $resource_types)->delete();
}
