BookStack Code Mirror - bookstack/blobdiff - app/Auth/Permissions/PermissionsRepo.php

index f54612a4339a3423557a994a3fa876636215799b..6dcef72568343d550c169a4ad7124a035c0223ed 100644 (file)

--- a/app/Auth/Permissions/PermissionsRepo.php

+++ b/app/Auth/Permissions/PermissionsRepo.php

@@ -1,4 +1,6 @@

-<?php namespace BookStack\Auth\Permissions;

+<?php

+namespace BookStack\Auth\Permissions;

use BookStack\Actions\ActivityType;

use BookStack\Auth\Role;

use BookStack\Actions\ActivityType;

use BookStack\Auth\Role;

@@ -9,21 +11,15 @@ use Illuminate\Database\Eloquent\Collection;

class PermissionsRepo

{

class PermissionsRepo

{

- protected $permission;

- protected $role;

- protected $permissionService;

+ protected JointPermissionBuilder $permissionBuilder;

protected $systemRoles = ['admin', 'public'];

/**

* PermissionsRepo constructor.

protected $systemRoles = ['admin', 'public'];

/**

* PermissionsRepo constructor.

- public function __construct(RolePermission $permission, Role $role, PermissionService $permissionService)

+ public function __construct(JointPermissionBuilder $permissionBuilder)

{

- $this->permission = $permission;

- $this->role = $role;

- $this->permissionService = $permissionService;

+ $this->permissionBuilder = $permissionBuilder;

}

/**

}

/**

@@ -31,7 +27,7 @@ class PermissionsRepo

public function getAllRoles(): Collection

{

public function getAllRoles(): Collection

{

- return $this->role->all();

+ return Role::query()->get();

}

/**

}

/**

@@ -39,7 +35,7 @@ class PermissionsRepo

public function getAllRolesExcept(Role $role): Collection

{

public function getAllRolesExcept(Role $role): Collection

{

- return $this->role->where('id', '!=', $role->id)->get();

+ return Role::query()->where('id', '!=', $role->id)->get();

}

/**

}

/**

@@ -47,7 +43,7 @@ class PermissionsRepo

public function getRoleById($id): Role

{

public function getRoleById($id): Role

{

- return $this->role->newQuery()->findOrFail($id);

+ return Role::query()->findOrFail($id);

}

/**

}

/**

@@ -55,13 +51,16 @@ class PermissionsRepo

public function saveNewRole(array $roleData): Role

{

public function saveNewRole(array $roleData): Role

{

- $role = $this->role->newInstance($roleData);

+ $role = new Role($roleData);

+ $role->mfa_enforced = ($roleData['mfa_enforced'] ?? 'false') === 'true';

$role->save();

$permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];

$this->assignRolePermissions($role, $permissions);

$role->save();

$permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];

$this->assignRolePermissions($role, $permissions);

- $this->permissionService->buildJointPermissionForRole($role);

+ $this->permissionBuilder->rebuildForRole($role);

Activity::add(ActivityType::ROLE_CREATE, $role);

return $role;

}

return $role;

}

@@ -71,8 +70,7 @@ class PermissionsRepo

public function updateRole($roleId, array $roleData)

{

public function updateRole($roleId, array $roleData)

{

- /** @var Role $role */

- $role = $this->role->newQuery()->findOrFail($roleId);

+ $role = $this->getRoleById($roleId);

$permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];

if ($role->system_name === 'admin') {

$permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];

if ($role->system_name === 'admin') {

@@ -88,13 +86,15 @@ class PermissionsRepo

$this->assignRolePermissions($role, $permissions);

$role->fill($roleData);

$this->assignRolePermissions($role, $permissions);

$role->fill($roleData);

+ $role->mfa_enforced = ($roleData['mfa_enforced'] ?? 'false') === 'true';

$role->save();

- $this->permissionService->buildJointPermissionForRole($role);

+ $this->permissionBuilder->rebuildForRole($role);

Activity::add(ActivityType::ROLE_UPDATE, $role);

}

/**

Activity::add(ActivityType::ROLE_UPDATE, $role);

}

/**

- * Assign an list of permission names to an role.

+ * Assign a list of permission names to a role.

protected function assignRolePermissions(Role $role, array $permissionNameArray = [])

{

protected function assignRolePermissions(Role $role, array $permissionNameArray = [])

{

@@ -102,7 +102,7 @@ class PermissionsRepo

$permissionNameArray = array_values($permissionNameArray);

if ($permissionNameArray) {

$permissionNameArray = array_values($permissionNameArray);

if ($permissionNameArray) {

- $permissions = $this->permission->newQuery()

+ $permissions = RolePermission::query()

->whereIn('name', $permissionNameArray)

->pluck('id')

->toArray();

->whereIn('name', $permissionNameArray)

->pluck('id')

->toArray();

@@ -116,30 +116,31 @@ class PermissionsRepo

* Check it's not an admin role or set as default before deleting.

* If an migration Role ID is specified the users assign to the current role

* will be added to the role of the specified id.

* Check it's not an admin role or set as default before deleting.

* If an migration Role ID is specified the users assign to the current role

* will be added to the role of the specified id.

+ *

* @throws PermissionsException

* @throws Exception

public function deleteRole($roleId, $migrateRoleId)

{

* @throws PermissionsException

* @throws Exception

public function deleteRole($roleId, $migrateRoleId)

{

- /** @var Role $role */

- $role = $this->role->newQuery()->findOrFail($roleId);

+ $role = $this->getRoleById($roleId);

// Prevent deleting admin role or default registration role.

if ($role->system_name && in_array($role->system_name, $this->systemRoles)) {

throw new PermissionsException(trans('errors.role_system_cannot_be_deleted'));

// Prevent deleting admin role or default registration role.

if ($role->system_name && in_array($role->system_name, $this->systemRoles)) {

throw new PermissionsException(trans('errors.role_system_cannot_be_deleted'));

- } else if ($role->id === intval(setting('registration-role'))) {

+ } elseif ($role->id === intval(setting('registration-role'))) {

throw new PermissionsException(trans('errors.role_registration_default_cannot_delete'));

}

if ($migrateRoleId) {

throw new PermissionsException(trans('errors.role_registration_default_cannot_delete'));

}

if ($migrateRoleId) {

- $newRole = $this->role->newQuery()->find($migrateRoleId);

+ $newRole = Role::query()->find($migrateRoleId);

if ($newRole) {

$users = $role->users()->pluck('id')->toArray();

$newRole->users()->sync($users);

}

if ($newRole) {

$users = $role->users()->pluck('id')->toArray();

$newRole->users()->sync($users);

}

- $this->permissionService->deleteJointPermissionsForRole($role);

+ $role->entityPermissions()->delete();

+ $role->jointPermissions()->delete();

Activity::add(ActivityType::ROLE_DELETE, $role);

$role->delete();

}

Activity::add(ActivityType::ROLE_DELETE, $role);

$role->delete();

}