5f1ee5fb0e
The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above.
107 lines
2.7 KiB
PHP
107 lines
2.7 KiB
PHP
<?php namespace BookStack\Auth;
|
|
|
|
use BookStack\Auth\Permissions\JointPermission;
|
|
use BookStack\Auth\Permissions\RolePermission;
|
|
use BookStack\Model;
|
|
use Illuminate\Database\Eloquent\Collection;
|
|
use Illuminate\Database\Eloquent\Relations\HasMany;
|
|
|
|
/**
|
|
* Class Role
|
|
* @property int $id
|
|
* @property string $display_name
|
|
* @property string $description
|
|
* @property string $external_auth_id
|
|
* @property string $system_name
|
|
*/
|
|
class Role extends Model
|
|
{
|
|
|
|
protected $fillable = ['display_name', 'description', 'external_auth_id'];
|
|
|
|
/**
|
|
* The roles that belong to the role.
|
|
*/
|
|
public function users()
|
|
{
|
|
return $this->belongsToMany(User::class)->orderBy('name', 'asc');
|
|
}
|
|
|
|
/**
|
|
* Get all related JointPermissions.
|
|
*/
|
|
public function jointPermissions(): HasMany
|
|
{
|
|
return $this->hasMany(JointPermission::class);
|
|
}
|
|
|
|
/**
|
|
* The RolePermissions that belong to the role.
|
|
*/
|
|
public function permissions()
|
|
{
|
|
return $this->belongsToMany(RolePermission::class, 'permission_role', 'role_id', 'permission_id');
|
|
}
|
|
|
|
/**
|
|
* Check if this role has a permission.
|
|
*/
|
|
public function hasPermission(string $permissionName): bool
|
|
{
|
|
$permissions = $this->getRelationValue('permissions');
|
|
foreach ($permissions as $permission) {
|
|
if ($permission->getRawAttribute('name') === $permissionName) {
|
|
return true;
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Add a permission to this role.
|
|
*/
|
|
public function attachPermission(RolePermission $permission)
|
|
{
|
|
$this->permissions()->attach($permission->id);
|
|
}
|
|
|
|
/**
|
|
* Detach a single permission from this role.
|
|
*/
|
|
public function detachPermission(RolePermission $permission)
|
|
{
|
|
$this->permissions()->detach([$permission->id]);
|
|
}
|
|
|
|
/**
|
|
* Get the role of the specified display name.
|
|
*/
|
|
public static function getRole(string $displayName): ?Role
|
|
{
|
|
return static::query()->where('display_name', '=', $displayName)->first();
|
|
}
|
|
|
|
/**
|
|
* Get the role object for the specified system role.
|
|
*/
|
|
public static function getSystemRole(string $systemName): ?Role
|
|
{
|
|
return static::query()->where('system_name', '=', $systemName)->first();
|
|
}
|
|
|
|
/**
|
|
* Get all visible roles
|
|
*/
|
|
public static function visible(): Collection
|
|
{
|
|
return static::query()->where('hidden', '=', false)->orderBy('name')->get();
|
|
}
|
|
|
|
/**
|
|
* Get the roles that can be restricted.
|
|
*/
|
|
public static function restrictable(): Collection
|
|
{
|
|
return static::query()->where('system_name', '!=', 'admin')->get();
|
|
}
|
|
}
|