BookStack Code Mirror - bookstack/blobdiff - app/Repos/PermissionsRepo.php

index 2d497b76a245b0c272014e45aff3f01f2c141019..aa58d1718cc6bd22775c08d31fabd862159e4731 100644 (file)

--- a/app/Repos/PermissionsRepo.php

+++ b/app/Repos/PermissionsRepo.php

@@ -2,8 +2,9 @@

use BookStack\Exceptions\PermissionsException;

-use BookStack\Permission;

+use BookStack\RolePermission;

use BookStack\Role;

+use BookStack\Services\PermissionService;

use Setting;

class PermissionsRepo

use Setting;

class PermissionsRepo

@@ -11,16 +12,21 @@ class PermissionsRepo

protected $permission;

protected $role;

protected $permission;

protected $role;

+ protected $permissionService;

+ protected $systemRoles = ['admin', 'public'];

/**

* PermissionsRepo constructor.

/**

* PermissionsRepo constructor.

- * @param $permission

- * @param $role

+ * @param RolePermission $permission

+ * @param Role $role

+ * @param PermissionService $permissionService

- public function __construct(Permission $permission, Role $role)

+ public function __construct(RolePermission $permission, Role $role, PermissionService $permissionService)

{

$this->permission = $permission;

$this->role = $role;

{

$this->permission = $permission;

$this->role = $role;

+ $this->permissionService = $permissionService;

}

/**

}

/**

@@ -69,6 +75,7 @@ class PermissionsRepo

$permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];

$this->assignRolePermissions($role, $permissions);

$permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];

$this->assignRolePermissions($role, $permissions);

+ $this->permissionService->buildJointPermissionForRole($role);

return $role;

}

return $role;

}

@@ -77,20 +84,23 @@ class PermissionsRepo

* Ensure Admin role always has all permissions.

* @param $roleId

* @param $roleData

* Ensure Admin role always has all permissions.

* @param $roleId

* @param $roleData

+ * @throws PermissionsException

public function updateRole($roleId, $roleData)

{

$role = $this->role->findOrFail($roleId);

public function updateRole($roleId, $roleData)

{

$role = $this->role->findOrFail($roleId);

$permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];

$this->assignRolePermissions($role, $permissions);

$permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];

$this->assignRolePermissions($role, $permissions);

- if ($role->name === 'admin') {

+ if ($role->system_name === 'admin') {

$permissions = $this->permission->all()->pluck('id')->toArray();

$role->permissions()->sync($permissions);

}

$role->fill($roleData);

$role->save();

$permissions = $this->permission->all()->pluck('id')->toArray();

$role->permissions()->sync($permissions);

}

$role->fill($roleData);

$role->save();

+ $this->permissionService->buildJointPermissionForRole($role);

}

/**

}

/**

@@ -122,10 +132,10 @@ class PermissionsRepo

$role = $this->role->findOrFail($roleId);

// Prevent deleting admin role or default registration role.

$role = $this->role->findOrFail($roleId);

// Prevent deleting admin role or default registration role.

- if ($role->name === 'admin') {

- throw new PermissionsException('The admin role cannot be deleted');

- } else if ($role->id == Setting::get('registration-role')) {

- throw new PermissionsException('This role cannot be deleted while set as the default registration role.');

+ if ($role->system_name && in_array($role->system_name, $this->systemRoles)) {

+ throw new PermissionsException(trans('errors.role_system_cannot_be_deleted'));

+ } else if ($role->id == setting('registration-role')) {

+ throw new PermissionsException(trans('errors.role_registration_default_cannot_delete'));

}

if ($migrateRoleId) {

}

if ($migrateRoleId) {

@@ -136,6 +146,7 @@ class PermissionsRepo

}

+ $this->permissionService->deleteJointPermissionsForRole($role);

$role->delete();

}

$role->delete();

}