1 <?php namespace BookStack\Auth\Permissions;
3 use BookStack\Auth\Role;
4 use BookStack\Exceptions\PermissionsException;
6 use Illuminate\Database\Eloquent\Collection;
7 use Illuminate\Support\Str;
12 protected $permission;
14 protected $permissionService;
16 protected $systemRoles = ['admin', 'public'];
19 * PermissionsRepo constructor.
21 public function __construct(RolePermission $permission, Role $role, PermissionService $permissionService)
23 $this->permission = $permission;
25 $this->permissionService = $permissionService;
29 * Get all the user roles from the system.
31 public function getAllRoles(): Collection
33 return $this->role->all();
37 * Get all the roles except for the provided one.
39 public function getAllRolesExcept(Role $role): Collection
41 return $this->role->where('id', '!=', $role->id)->get();
45 * Get a role via its ID.
47 public function getRoleById($id): Role
49 return $this->role->newQuery()->findOrFail($id);
53 * Save a new role into the system.
55 public function saveNewRole(array $roleData): Role
57 $role = $this->role->newInstance($roleData);
60 $permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];
61 $this->assignRolePermissions($role, $permissions);
62 $this->permissionService->buildJointPermissionForRole($role);
67 * Updates an existing role.
68 * Ensure Admin role always have core permissions.
70 public function updateRole($roleId, array $roleData)
72 /** @var Role $role */
73 $role = $this->role->newQuery()->findOrFail($roleId);
75 $permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];
76 if ($role->system_name === 'admin') {
77 $permissions = array_merge($permissions, [
80 'restrictions-manage-all',
81 'restrictions-manage-own',
86 $this->assignRolePermissions($role, $permissions);
88 $role->fill($roleData);
90 $this->permissionService->buildJointPermissionForRole($role);
94 * Assign an list of permission names to an role.
96 public function assignRolePermissions(Role $role, array $permissionNameArray = [])
99 $permissionNameArray = array_values($permissionNameArray);
101 if ($permissionNameArray) {
102 $permissions = $this->permission->newQuery()
103 ->whereIn('name', $permissionNameArray)
108 $role->permissions()->sync($permissions);
112 * Delete a role from the system.
113 * Check it's not an admin role or set as default before deleting.
114 * If an migration Role ID is specified the users assign to the current role
115 * will be added to the role of the specified id.
116 * @throws PermissionsException
119 public function deleteRole($roleId, $migrateRoleId)
121 /** @var Role $role */
122 $role = $this->role->newQuery()->findOrFail($roleId);
124 // Prevent deleting admin role or default registration role.
125 if ($role->system_name && in_array($role->system_name, $this->systemRoles)) {
126 throw new PermissionsException(trans('errors.role_system_cannot_be_deleted'));
127 } else if ($role->id === intval(setting('registration-role'))) {
128 throw new PermissionsException(trans('errors.role_registration_default_cannot_delete'));
131 if ($migrateRoleId) {
132 $newRole = $this->role->newQuery()->find($migrateRoleId);
134 $users = $role->users()->pluck('id')->toArray();
135 $newRole->users()->sync($users);
139 $this->permissionService->deleteJointPermissionsForRole($role);