BookStack Code Mirror - bookstack/blob - database/migrations/2016_04_20_192649_create_entity_permissions_table.php

   1 <?php
   2
   3 use Illuminate\Database\Schema\Blueprint;
   4 use Illuminate\Database\Migrations\Migration;
   5
   6 class CreateEntityPermissionsTable extends Migration
   7 {
   8     /**
   9      * Run the migrations.
  10      *
  11      * @return void
  12      */
  13     public function up()
  14     {
  15         Schema::create('entity_permissions', function (Blueprint $table) {
  16             $table->increments('id');
  17             $table->integer('role_id');
  18             $table->string('entity_type');
  19             $table->integer('entity_id');
  20             $table->string('action');
  21             $table->boolean('has_permission')->default(false);
  22             $table->boolean('has_permission_own')->default(false);
  23             $table->integer('created_by');
  24             // Create indexes
  25             $table->index(['entity_id', 'entity_type']);
  26             $table->index('has_permission');
  27             $table->index('has_permission_own');
  28             $table->index('role_id');
  29             $table->index('action');
  30             $table->index('created_by');
  31         });
  32
  33         Schema::table('roles', function (Blueprint $table) {
  34             $table->string('system_name');
  35             $table->boolean('hidden')->default(false);
  36             $table->index('hidden');
  37             $table->index('system_name');
  38         });
  39
  40         // Create the new public role
  41         $publicRole = new \BookStack\Role();
  42         $publicRole->name = 'public';
  43         $publicRole->display_name = 'Public';
  44         $publicRole->description = 'The role given to public visitors if allowed';
  45         $publicRole->system_name = 'public';
  46         $publicRole->hidden = true;
  47         // Ensure unique name
  48         while (\BookStack\Role::getRole($publicRole->name) !== null) {
  49             $publicRole->name = $publicRole->name . str_random(2);
  50         }
  51         $publicRole->save();
  52
  53         // Add new view permissions to public role
  54         $entities = ['Book', 'Page', 'Chapter'];
  55         $ops = ['View All', 'View Own'];
  56         foreach ($entities as $entity) {
  57             foreach ($ops as $op) {
  58                 $name = strtolower($entity) . '-' . strtolower(str_replace(' ', '-', $op));
  59                 $permission = \BookStack\Permission::getByName($name);
  60                 // Assign view permissions to public
  61                 $publicRole->attachPermission($permission);
  62             }
  63         }
  64
  65         // Update admin role with system name
  66         $admin = \BookStack\Role::getRole('admin');
  67         $admin->system_name = 'admin';
  68         $admin->save();
  69
  70         // Generate the new entity permissions
  71         $restrictionService = app(\BookStack\Services\RestrictionService::class);
  72         $restrictionService->buildEntityPermissions();
  73     }
  74
  75     /**
  76      * Reverse the migrations.
  77      *
  78      * @return void
  79      */
  80     public function down()
  81     {
  82         Schema::drop('entity_permissions');
  83
  84         // Delete the public role
  85         $public = \BookStack\Role::getSystemRole('public');
  86         $public->delete();
  87
  88         Schema::table('roles', function (Blueprint $table) {
  89             $table->dropColumn('system_name');
  90         });
  91     }
  92 }