use BookStack\Exceptions\PermissionsException;
-use BookStack\Permission;
+use BookStack\RolePermission;
use BookStack\Role;
+use BookStack\Services\PermissionService;
use Setting;
class PermissionsRepo
protected $permission;
protected $role;
+ protected $permissionService;
+
+ protected $systemRoles = ['admin', 'public'];
/**
* PermissionsRepo constructor.
- * @param $permission
- * @param $role
+ * @param RolePermission $permission
+ * @param Role $role
+ * @param PermissionService $permissionService
*/
- public function __construct(Permission $permission, Role $role)
+ public function __construct(RolePermission $permission, Role $role, PermissionService $permissionService)
{
$this->permission = $permission;
$this->role = $role;
+ $this->permissionService = $permissionService;
}
/**
$permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];
$this->assignRolePermissions($role, $permissions);
+ $this->permissionService->buildJointPermissionForRole($role);
return $role;
}
* Ensure Admin role always has all permissions.
* @param $roleId
* @param $roleData
+ * @throws PermissionsException
*/
public function updateRole($roleId, $roleData)
{
$role = $this->role->findOrFail($roleId);
+
$permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];
$this->assignRolePermissions($role, $permissions);
- if ($role->name === 'admin') {
+ if ($role->system_name === 'admin') {
$permissions = $this->permission->all()->pluck('id')->toArray();
$role->permissions()->sync($permissions);
}
$role->fill($roleData);
$role->save();
+ $this->permissionService->buildJointPermissionForRole($role);
}
/**
$role = $this->role->findOrFail($roleId);
// Prevent deleting admin role or default registration role.
- if ($role->name === 'admin') {
- throw new PermissionsException('The admin role cannot be deleted');
- } else if ($role->id == Setting::get('registration-role')) {
- throw new PermissionsException('This role cannot be deleted while set as the default registration role.');
+ if ($role->system_name && in_array($role->system_name, $this->systemRoles)) {
+ throw new PermissionsException(trans('errors.role_system_cannot_be_deleted'));
+ } else if ($role->id == setting('registration-role')) {
+ throw new PermissionsException(trans('errors.role_registration_default_cannot_delete'));
}
if ($migrateRoleId) {
}
}
+ $this->permissionService->deleteJointPermissionsForRole($role);
$role->delete();
}