示例#1
0
 public function run()
 {
     DB::table('cms_role_permissions')->delete();
     $create_permission = Permission::where('alias', 'create')->first();
     $read_permission = Permission::where('alias', 'read')->first();
     $update_permission = Permission::where('alias', 'update')->first();
     $delete_permission = Permission::where('alias', 'delete')->first();
     $publish_permission = Permission::where('alias', 'publish')->first();
     // define permissions for each of the roles
     $admin_role = Role::where('alias', 'admin')->first();
     $manager_role = Role::where('alias', 'manager')->first();
     $editor_role = Role::where('alias', 'editor')->first();
     $admin_role->permissions()->attach([$create_permission->id, $read_permission->id, $update_permission->id, $delete_permission->id, $publish_permission->id]);
     $manager_role->permissions()->attach([$read_permission->id]);
     $editor_role->permissions()->attach([$create_permission->id, $read_permission->id, $update_permission->id, $delete_permission->id]);
 }
示例#2
0
 /**
  * Grant a role for an AuthorableInterface over a resource.
  *
  * @todo  Improve to accept authorization for multiple resources.
  *
  * @param  string                $role_alias The role to grant
  * @param  Agency\Cms\Authority\Contracts\PrivilegableInterface $resource
  * @return Agency\Cms\Authority\Entities\Privilege
  */
 public function grant($role_alias, PrivilegableInterface $resource)
 {
     // find role by alias
     $role = Role::where('alias', $role_alias)->first();
     if (!$role) {
         throw new Exceptions\RoleNotFoundException($role_alias);
     }
     $role_id = $role->id;
     $admin_id = $this->authorable->identifier();
     // try finding privilege on that resource
     $privilege_found = Privilege::where('admin_id', $admin_id)->where('resource_id', $resource->identifier())->where('resource_type', get_class($resource))->first();
     if ($privilege_found) {
         // the privilege exists already, update it
         $privilege_found->fill(compact('admin_id', 'role_id'));
         $privilege_found->save();
         return $privilege_found;
     }
     return $resource->privileges()->create(['admin_id' => $admin_id, 'role_id' => $role->id]);
 }
示例#3
0
 /**
  * Validate access to a resource through premissions
  *
  * @param  string $permission_alias
  * @param  string $resource
  * @return boolean
  */
 public function validate($permission_alias, $resource)
 {
     // verify permission alias
     $permission = Permission::where('alias', $permission_alias)->first();
     if (!$permission) {
         throw new Exceptions\PermissionNotFoundException($permission_alias);
     }
     $admin_id = $this->authorable->identifier();
     $resource_type = get_class($resource);
     $privilege = Privilege::where('admin_id', $admin_id)->where('resource_type', $resource_type)->first();
     if (!$privilege) {
         // user has no privilege to access this resource
         return false;
     }
     // privilege exists, we check to see
     // whether the role has the requested permission
     /**
      * @todo Improve this by finding the Role with
      *       its id and that the permission id
      *       exists for that role using whereHas.
      *       Finding that role confirms the validation.
      */
     $role = Role::findOrFail($privilege->role_id);
     $permissions = $role->permissions()->get();
     if (!count($permissions) > 0) {
         // this role has no permissions set
         return false;
     }
     $permissions = $permissions->toArray();
     $permission_found = array_filter($permissions, function ($permission) use($permission_alias) {
         return $permission['alias'] == $permission_alias;
     });
     // there should be only one match.
     // otherwise something must have gone wrong somewhere
     if (count($permission_found) === 1) {
         return true;
     }
     return false;
 }