use BookStack\Exceptions\PermissionsException;
-use BookStack\Permission;
+use BookStack\RolePermission;
use BookStack\Role;
-use BookStack\Services\RestrictionService;
+use BookStack\Services\PermissionService;
use Setting;
class PermissionsRepo
protected $permission;
protected $role;
- protected $restrictionService;
+ protected $permissionService;
+
+ protected $systemRoles = ['admin', 'public'];
/**
* PermissionsRepo constructor.
- * @param Permission $permission
+ * @param RolePermission $permission
* @param Role $role
- * @param RestrictionService $restrictionService
+ * @param PermissionService $permissionService
*/
- public function __construct(Permission $permission, Role $role, RestrictionService $restrictionService)
+ public function __construct(RolePermission $permission, Role $role, PermissionService $permissionService)
{
$this->permission = $permission;
$this->role = $role;
- $this->restrictionService = $restrictionService;
+ $this->permissionService = $permissionService;
}
/**
*/
public function getAllRoles()
{
- return $this->role->all();
+ return $this->role->where('hidden', '=', false)->get();
}
/**
*/
public function getAllRolesExcept(Role $role)
{
- return $this->role->where('id', '!=', $role->id)->get();
+ return $this->role->where('id', '!=', $role->id)->where('hidden', '=', false)->get();
}
/**
$permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];
$this->assignRolePermissions($role, $permissions);
- $this->restrictionService->buildEntityPermissionForRole($role);
+ $this->permissionService->buildJointPermissionForRole($role);
return $role;
}
* Ensure Admin role always has all permissions.
* @param $roleId
* @param $roleData
+ * @throws PermissionsException
*/
public function updateRole($roleId, $roleData)
{
$role = $this->role->findOrFail($roleId);
+
+ if ($role->hidden) throw new PermissionsException("Cannot update a hidden role");
+
$permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];
$this->assignRolePermissions($role, $permissions);
$role->fill($roleData);
$role->save();
- $this->restrictionService->buildEntityPermissionForRole($role);
+ $this->permissionService->buildJointPermissionForRole($role);
}
/**
$role = $this->role->findOrFail($roleId);
// Prevent deleting admin role or default registration role.
- if ($role->name === 'admin') {
- throw new PermissionsException('The admin role cannot be deleted');
+ if ($role->system_name && in_array($role->system_name, $this->systemRoles)) {
+ throw new PermissionsException('This role is a system role and cannot be deleted');
} else if ($role->id == setting('registration-role')) {
throw new PermissionsException('This role cannot be deleted while set as the default registration role.');
}
}
}
- $this->restrictionService->deleteEntityPermissionsForRole($role);
+ $this->permissionService->deleteJointPermissionsForRole($role);
$role->delete();
}
projects / bookstack / blobdiff