-<?php
+<?php namespace BookStack\Http\Controllers;
-namespace BookStack\Http\Controllers;
-
-use BookStack\Permission;
-use BookStack\Role;
+use BookStack\Auth\Permissions\PermissionsRepo;
+use BookStack\Exceptions\PermissionsException;
use Illuminate\Http\Request;
-use BookStack\Http\Requests;
class PermissionController extends Controller
{
- protected $role;
- protected $permission;
+ protected $permissionsRepo;
/**
* PermissionController constructor.
- * @param Role $role
- * @param Permission $permission
- * @internal param $user
+ * @param \BookStack\Auth\Permissions\PermissionsRepo $permissionsRepo
*/
- public function __construct(Role $role, Permission $permission)
+ public function __construct(PermissionsRepo $permissionsRepo)
{
- $this->role = $role;
- $this->permission = $permission;
+ $this->permissionsRepo = $permissionsRepo;
parent::__construct();
}
public function listRoles()
{
$this->checkPermission('user-roles-manage');
- $roles = $this->role->all();
- return view('settings/roles/index', ['roles' => $roles]);
+ $roles = $this->permissionsRepo->getAllRoles();
+ return view('settings.roles.index', ['roles' => $roles]);
}
/**
public function createRole()
{
$this->checkPermission('user-roles-manage');
- return view('settings/roles/create');
+ return view('settings.roles.create');
}
/**
'description' => 'max:250'
]);
- $role = $this->role->newInstance($request->all());
- $role->name = str_replace(' ', '-', strtolower($request->get('display_name')));
- // Prevent duplicate names
- while ($this->role->where('name', '=', $role->name)->count() > 0) {
- $role->name .= strtolower(str_random(2));
- }
- $role->save();
-
- if ($request->has('permissions')) {
- $permissionsNames = array_keys($request->get('permissions'));
- $permissions = $this->permission->whereIn('name', $permissionsNames)->pluck('id')->toArray();
- $role->permissions()->sync($permissions);
- } else {
- $role->permissions()->sync([]);
- }
-
- session()->flash('success', 'Role successfully created');
+ $this->permissionsRepo->saveNewRole($request->all());
+ $this->showSuccessNotification(trans('settings.role_create_success'));
return redirect('/settings/roles');
}
* Show the form for editing a user role.
* @param $id
* @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
+ * @throws PermissionsException
*/
public function editRole($id)
{
$this->checkPermission('user-roles-manage');
- $role = $this->role->findOrFail($id);
- return view('settings/roles/edit', ['role' => $role]);
+ $role = $this->permissionsRepo->getRoleById($id);
+ if ($role->hidden) {
+ throw new PermissionsException(trans('errors.role_cannot_be_edited'));
+ }
+ return view('settings.roles.edit', ['role' => $role]);
}
/**
* Updates a user role.
- * @param $id
* @param Request $request
+ * @param $id
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
+ * @throws PermissionsException
+ * @throws \Illuminate\Validation\ValidationException
*/
- public function updateRole($id, Request $request)
+ public function updateRole(Request $request, $id)
{
$this->checkPermission('user-roles-manage');
$this->validate($request, [
'description' => 'max:250'
]);
- $role = $this->role->findOrFail($id);
- if ($request->has('permissions')) {
- $permissionsNames = array_keys($request->get('permissions'));
- $permissions = $this->permission->whereIn('name', $permissionsNames)->pluck('id')->toArray();
- $role->permissions()->sync($permissions);
- } else {
- $role->permissions()->sync([]);
- }
-
- // Ensure admin account always has all permissions
- if ($role->name === 'admin') {
- $permissions = $this->permission->all()->pluck('id')->toArray();
- $role->permissions()->sync($permissions);
- }
-
- $role->fill($request->all());
- $role->save();
-
- session()->flash('success', 'Role successfully updated');
+ $this->permissionsRepo->updateRole($id, $request->all());
+ $this->showSuccessNotification(trans('settings.role_update_success'));
return redirect('/settings/roles');
}
public function showDeleteRole($id)
{
$this->checkPermission('user-roles-manage');
- $role = $this->role->findOrFail($id);
- $roles = $this->role->where('id', '!=', $id)->get();
- $blankRole = $this->role->newInstance(['display_name' => 'Don\'t migrate users']);
+ $role = $this->permissionsRepo->getRoleById($id);
+ $roles = $this->permissionsRepo->getAllRolesExcept($role);
+ $blankRole = $role->newInstance(['display_name' => trans('settings.role_delete_no_migration')]);
$roles->prepend($blankRole);
- return view('settings/roles/delete', ['role' => $role, 'roles' => $roles]);
+ return view('settings.roles.delete', ['role' => $role, 'roles' => $roles]);
}
/**
* Delete a role from the system,
* Migrate from a previous role if set.
- * @param $id
* @param Request $request
+ * @param $id
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
*/
- public function deleteRole($id, Request $request)
+ public function deleteRole(Request $request, $id)
{
$this->checkPermission('user-roles-manage');
- $role = $this->role->findOrFail($id);
-
- // Prevent deleting admin role
- if ($role->name === 'admin') {
- session()->flash('error', 'The admin role cannot be deleted');
- return redirect()->back();
- }
- if ($role->id == \Setting::get('registration-role')) {
- session()->flash('error', 'This role cannot be deleted while set as the default registration role.');
+ try {
+ $this->permissionsRepo->deleteRole($id, $request->get('migrate_role_id'));
+ } catch (PermissionsException $e) {
+ $this->showErrorNotification($e->getMessage());
return redirect()->back();
}
- if ($request->has('migration_role_id')) {
- $newRole = $this->role->find($request->get('migration_role_id'));
- if ($newRole) {
- $users = $role->users->pluck('id')->toArray();
- $newRole->users()->sync($users);
- }
- }
-
- $role->delete();
-
- session()->flash('success', 'Role successfully deleted');
+ $this->showSuccessNotification(trans('settings.role_delete_success'));
return redirect('/settings/roles');
}
}
projects / bookstack / blobdiff