/**
* Run the database seeds.
*
* @return void
*/
public function run()
{
DB::transaction(function () {
// create admin user
$root = factory(App\User::class)->create(['name' => 'Administrator', 'email' => '*****@*****.**', 'password' => bcrypt('123456'), 'username' => 'admin', 'location' => 'Da Nang', 'country' => 'Viet Nam', 'biography' => 'Dev', 'occupation' => 'Dev', 'website' => 'greenglobal.vn', 'image' => 'avatar.jpg']);
// create default roles
$admin = new Role();
$admin->name = 'admin';
$admin->display_name = 'Administrator';
$admin->description = 'User is allowed to manage all system.';
$admin->active = 1;
$admin->save();
// create default guest roles
$guest = new Role();
$guest->name = 'guest';
$guest->display_name = 'Guest';
$guest->description = 'User are not logged in.';
$guest->active = 1;
$guest->save();
// attach roles
$root->attachRole($admin);
// create root permission
$admin = new NodePermission();
$admin->name = 'Root';
$admin->display_name = 'Root permission';
$admin->description = 'The root.';
$admin->save();
// create all permission to admin
$root = new PermissionRole();
$root->permission_id = 1;
$root->role_id = 1;
$root->status = 1;
$root->save();
});
}
public function can($permissions, $arguments = [])
{
// Get param
$userId = Auth::user()->id;
// Get roles
$listRole = (new RoleUser())->getUserRole($userId);
if (empty($listRole) || empty($permissions)) {
return false;
}
if (!is_array($permissions)) {
$permissions = [$permissions];
}
// Get list permissions id
$listPermissions = NodePermission::whereIn('name', $permissions)->lists('id');
// Get permission status
$rolePerm = PermissionRole::whereIn('role_id', $listRole)->whereIn('permission_id', $listPermissions)->get();
if (!$rolePerm->count()) {
return false;
}
foreach ($rolePerm as $perm) {
if ($perm->status == 1) {
return true;
}
}
return false;
}
public function testHasManyPermission()
{
// assign new roles with name
$modify = factory(Role::class)->create(['name' => 'modify', 'active' => 1]);
$editor = factory(Role::class)->create(['name' => 'editor', 'active' => 1]);
$user = factory(App\User::class)->create(['password' => bcrypt('123456')]);
$credentials = ['email' => $user->email, 'password' => '123456'];
$token = JWTAuth::attempt($credentials);
// add roles to user
$user->attachRole($modify);
$user->attachRole($editor);
// Post permission tree
NodePermission::model()->tree('[{"id":2, "name":"2"},{"id":3, "name":"3","children":[{"id":4, "name":"4","children":[{"id":5, "name":"5"},{"id":6, "name":"6"}]}]},{"id":7, "name":"7"}]');
// add route to permission
PermissionRoute::setRoutePermissionsRoles(2, '/password', 'PATCH');
PermissionRoute::setRoutePermissionsRoles(2, '/blog/{id}', 'POST');
// set permissons
PermissionRole::create(['permission_id' => 2, 'role_id' => $modify->id, 'status' => 0]);
PermissionRole::create(['permission_id' => 2, 'role_id' => $editor->id, 'status' => 0]);
$res = $this->call('POST', '/blog/1', [], [], [], ['HTTP_Authorization' => "Bearer {$token}"]);
$this->assertEquals(403, $res->getStatusCode());
// set permissons
PermissionRole::create(['permission_id' => 2, 'role_id' => $modify->id, 'status' => 1]);
PermissionRole::create(['permission_id' => 2, 'role_id' => $editor->id, 'status' => 0]);
$res = $this->call('POST', '/blog/1', [], [], [], ['HTTP_Authorization' => "Bearer {$token}"]);
$this->assertEquals(200, $res->getStatusCode());
// set permissons
PermissionRole::create(['permission_id' => 2, 'role_id' => $modify->id, 'status' => 0]);
PermissionRole::create(['permission_id' => 2, 'role_id' => $editor->id, 'status' => 1]);
$res = $this->call('POST', '/blog/1', [], [], [], ['HTTP_Authorization' => "Bearer {$token}"]);
$this->assertEquals(200, $res->getStatusCode());
}
/**
* List permission of role
*
* @param user id
* @return json
*/
public function rolePerm($roleId)
{
$role = new PermissionRole();
$tree = parent::where('id', '=', $this->getRootNode()->id)->first()->getDescendants()->toHierarchy();
// Get list permission with status
$permissions = $role->getRolePermission($roleId, $tree->toArray());
return $permissions;
}
/**
* Check role is have all permission action
*
* @param Request
* @return Response
*/
public function checkAllPerm($id = null)
{
if (!Role::find($id)) {
return response()->json(null, 404);
}
$permissionRoot = PermissionRole::where(['role_id' => $id, 'permission_id' => 1])->first();
if (!empty($permissionRoot) && $permissionRoot->status == 1) {
$isAll = true;
} else {
$isAll = false;
}
$roles = ['id' => (int) $id, 'type' => 'permissions', 'isAll' => $isAll];
return response()->json(arrayView('gcl.gclusers::nodePermission/read', ['node' => $roles]), 200);
}
public function testCanPermissionAndHasRole()
{
$this->withoutMiddleware();
$user = factory(App\User::class)->create(['password' => bcrypt('123456')]);
$credentials = ['email' => $user->email, 'password' => '123456'];
$token = JWTAuth::attempt($credentials);
$editor = factory(Role::class)->create(['name' => 'editor', 'active' => 1]);
$partner = factory(Role::class)->create(['name' => 'partner', 'active' => 1]);
// add role to user
$user->attachRole($editor);
$this->assertEquals(true, $user->hasRole('editor'));
$this->assertEquals(false, $user->hasRole('admin'));
$this->assertEquals(false, $user->can('delete-user'));
$this->assertEquals(false, $user->can(['delete-user', 'create-user']));
// Add permission
NodePermission::model()->tree('[{"id":2, "name":"2"},{"id":3, "name":"delete-user","children":[{"id":4, "name":"create-post","children":[{"id":5, "name":"5"},{"id":6, "name":"6"}]}]},{"id":7, "name":"7"}]');
PermissionRole::create(['permission_id' => 3, 'role_id' => $editor->id, 'status' => 1]);
$this->assertEquals(true, $user->can('delete-user'));
$this->assertEquals(true, $user->can(['delete-user', 'create-user']));
$this->assertEquals(false, $user->can('create-post'));
$user->attachRole($partner);
PermissionRole::create(['permission_id' => 4, 'role_id' => $partner->id, 'status' => 1]);
$this->assertEquals(true, $user->can('create-post'));
$this->assertEquals(true, $user->can(['create-post', 'delete-post']));
$this->assertEquals(true, $user->can(['create-post', 'delete-post', 'delete-user']));
}
/**
* Check guest roles have a permission
*
* @param $route
* @return boolean
*/
public static function isAllowGuest(array $route = [])
{
// Get param
$route_method = $route['route_method'];
$route_name = $route['route_name'];
// Get roles
$guestRole = Role::where('name', 'guest')->lists('id');
if (!$guestRole->count()) {
return false;
}
// Get permission
$permissions = parent::where(['route_method' => $route_method, 'route_name' => $route_name])->lists('permission_id')->toArray();
if (empty($permissions)) {
return false;
}
// Get permission status
$rolePerm = PermissionRole::whereIn('role_id', $guestRole)->whereIn('permission_id', $permissions)->get();
if (!$rolePerm->count()) {
return false;
}
foreach ($rolePerm as $perm) {
if ($perm->status == 1) {
return true;
}
}
return false;
}
