Performed further cleanup in permission service

This commit is contained in:
Dan Brown 2021-03-14 20:32:33 +00:00
parent 1e5951a75f
commit b929c0adbb
2 changed files with 28 additions and 39 deletions

View file

@ -495,19 +495,15 @@ class PermissionService
$userRoleIds = $this->currentUser()->roles()->select('id')->pluck('id')->toArray(); $userRoleIds = $this->currentUser()->roles()->select('id')->pluck('id')->toArray();
$userId = $this->currentUser()->id; $userId = $this->currentUser()->id;
$permissionQuery = $this->db->table('joint_permissions') $permissionQuery = JointPermission::query()
->where('action', '=', $permission) ->where('action', '=', $permission)
->whereIn('role_id', $userRoleIds) ->whereIn('role_id', $userRoleIds)
->where(function ($query) use ($userId) { ->where(function (Builder $query) use ($userId) {
$query->where('has_permission', '=', 1) $this->addJointHasPermissionCheck($query, $userId);
->orWhere(function ($query2) use ($userId) {
$query2->where('has_permission_own', '=', 1)
->where('owned_by', '=', $userId);
});
}); });
if (!is_null($entityClass)) { if (!is_null($entityClass)) {
$entityInstance = app()->make($entityClass); $entityInstance = app($entityClass);
$permissionQuery = $permissionQuery->where('entity_type', '=', $entityInstance->getMorphClass()); $permissionQuery = $permissionQuery->where('entity_type', '=', $entityInstance->getMorphClass());
} }
@ -526,12 +522,8 @@ class PermissionService
$parentQuery->whereHas('jointPermissions', function ($permissionQuery) use ($action) { $parentQuery->whereHas('jointPermissions', function ($permissionQuery) use ($action) {
$permissionQuery->whereIn('role_id', $this->getCurrentUserRoles()) $permissionQuery->whereIn('role_id', $this->getCurrentUserRoles())
->where('action', '=', $action) ->where('action', '=', $action)
->where(function ($query) { ->where(function (Builder $query) {
$query->where('has_permission', '=', true) $this->addJointHasPermissionCheck($query, $this->currentUser()->id);
->orWhere(function ($query) {
$query->where('has_permission_own', '=', true)
->where('owned_by', '=', $this->currentUser()->id);
});
}); });
}); });
}); });
@ -552,11 +544,7 @@ class PermissionService
$permissionQuery->whereIn('role_id', $this->getCurrentUserRoles()) $permissionQuery->whereIn('role_id', $this->getCurrentUserRoles())
->where('action', '=', $ability) ->where('action', '=', $ability)
->where(function (Builder $query) { ->where(function (Builder $query) {
$query->where('has_permission', '=', true) $this->addJointHasPermissionCheck($query, $this->currentUser()->id);
->orWhere(function (Builder $query) {
$query->where('has_permission_own', '=', true)
->where('owned_by', '=', $this->currentUser()->id);
});
}); });
}); });
}); });
@ -580,17 +568,11 @@ class PermissionService
/** /**
* Add restrictions for a generic entity. * Add restrictions for a generic entity.
*/ */
public function enforceEntityRestrictions(string $entityType, Builder $query, string $action = 'view'): Builder public function enforceEntityRestrictions(Entity $entity, Builder $query, string $action = 'view'): Builder
{ {
if (strtolower($entityType) === 'page') { if ($entity instanceof Page) {
// Prevent drafts being visible to others. // Prevent drafts being visible to others.
$query->where(function ($query) { $this->enforceDraftVisibilityOnQuery($query);
$query->where('draft', '=', false)
->orWhere(function ($query) {
$query->where('draft', '=', true)
->where('owned_by', '=', $this->currentUser()->id);
});
});
} }
return $this->entityRestrictionQuery($query, $action); return $this->entityRestrictionQuery($query, $action);
@ -610,11 +592,8 @@ class PermissionService
->whereRaw('joint_permissions.entity_type=' . $tableDetails['tableName'] . '.' . $tableDetails['entityTypeColumn']) ->whereRaw('joint_permissions.entity_type=' . $tableDetails['tableName'] . '.' . $tableDetails['entityTypeColumn'])
->where('action', '=', $action) ->where('action', '=', $action)
->whereIn('role_id', $this->getCurrentUserRoles()) ->whereIn('role_id', $this->getCurrentUserRoles())
->where(function ($query) { ->where(function (QueryBuilder $query) {
$query->where('has_permission', '=', true)->orWhere(function ($query) { $this->addJointHasPermissionCheck($query, $this->currentUser()->id);
$query->where('has_permission_own', '=', true)
->where('owned_by', '=', $this->currentUser()->id);
});
}); });
}); });
}); });
@ -640,11 +619,8 @@ class PermissionService
->where('entity_type', '=', $morphClass) ->where('entity_type', '=', $morphClass)
->where('action', '=', 'view') ->where('action', '=', 'view')
->whereIn('role_id', $this->getCurrentUserRoles()) ->whereIn('role_id', $this->getCurrentUserRoles())
->where(function ($query) { ->where(function (QueryBuilder $query) {
$query->where('has_permission', '=', true)->orWhere(function ($query) { $this->addJointHasPermissionCheck($query, $this->currentUser()->id);
$query->where('has_permission_own', '=', true)
->where('owned_by', '=', $this->currentUser()->id);
});
}); });
}); });
})->orWhere($tableDetails['entityIdColumn'], '=', 0); })->orWhere($tableDetails['entityIdColumn'], '=', 0);
@ -654,6 +630,19 @@ class PermissionService
return $q; return $q;
} }
/**
* Add the query for checking the given user id has permission
* within the join_permissions table.
* @param QueryBuilder|Builder $query
*/
protected function addJointHasPermissionCheck($query, int $userIdToCheck)
{
$query->where('has_permission', '=', true)->orWhere(function ($query) use ($userIdToCheck) {
$query->where('has_permission_own', '=', true)
->where('owned_by', '=', $userIdToCheck);
});
}
/** /**
* Get the current user * Get the current user
*/ */

View file

@ -179,7 +179,7 @@ class SearchRunner
} }
} }
return $this->permissionService->enforceEntityRestrictions($entityType, $entitySelect, $action); return $this->permissionService->enforceEntityRestrictions($entity, $entitySelect, $action);
} }
/** /**