BookStack Code Mirror - bookstack/blobdiff - app/Auth/Permissions/PermissionsRepo.php

index 56ef193015f7103a98bb440ec60498e5bf765c25..988146700f80e1760c6d667ac0fe29dc0de22542 100644 (file)

--- a/app/Auth/Permissions/PermissionsRepo.php

+++ b/app/Auth/Permissions/PermissionsRepo.php

@@ -1,13 +1,16 @@

-<?php namespace BookStack\Auth\Permissions;

+<?php

-use BookStack\Auth\Permissions;

+namespace BookStack\Auth\Permissions;

+use BookStack\Actions\ActivityType;

use BookStack\Auth\Role;

use BookStack\Exceptions\PermissionsException;

-use Illuminate\Support\Str;

+use BookStack\Facades\Activity;

+use Exception;

+use Illuminate\Database\Eloquent\Collection;

class PermissionsRepo

{

protected $permission;

protected $role;

protected $permissionService;

@@ -16,11 +19,8 @@ class PermissionsRepo

/**

* PermissionsRepo constructor.

- * @param RolePermission $permission

- * @param Role $role

- * @param \BookStack\Auth\Permissions\PermissionService $permissionService

- public function __construct(RolePermission $permission, Role $role, Permissions\PermissionService $permissionService)

+ public function __construct(RolePermission $permission, Role $role, PermissionService $permissionService)

{

$this->permission = $permission;

$this->role = $role;

@@ -29,64 +29,53 @@ class PermissionsRepo

/**

* Get all the user roles from the system.

- * @return \Illuminate\Database\Eloquent\Collection|static[]

- public function getAllRoles()

+ public function getAllRoles(): Collection

{

return $this->role->all();

}

/**

* Get all the roles except for the provided one.

- * @param Role $role

- * @return mixed

- public function getAllRolesExcept(Role $role)

+ public function getAllRolesExcept(Role $role): Collection

{

return $this->role->where('id', '!=', $role->id)->get();

}

/**

* Get a role via its ID.

- * @param $id

- * @return mixed

- public function getRoleById($id)

+ public function getRoleById($id): Role

{

- return $this->role->findOrFail($id);

+ return $this->role->newQuery()->findOrFail($id);

}

/**

* Save a new role into the system.

- * @param array $roleData

- * @return Role

- public function saveNewRole($roleData)

+ public function saveNewRole(array $roleData): Role

{

$role = $this->role->newInstance($roleData);

- $role->name = str_replace(' ', '-', strtolower($roleData['display_name']));

- // Prevent duplicate names

- while ($this->role->where('name', '=', $role->name)->count() > 0) {

- $role->name .= strtolower(Str::random(2));

- }

+ $role->mfa_enforced = ($roleData['mfa_enforced'] ?? 'false') === 'true';

$role->save();

$permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];

$this->assignRolePermissions($role, $permissions);

$this->permissionService->buildJointPermissionForRole($role);

+ Activity::add(ActivityType::ROLE_CREATE, $role);

return $role;

}

/**

* Updates an existing role.

* Ensure Admin role always have core permissions.

- * @param $roleId

- * @param $roleData

- * @throws PermissionsException

- public function updateRole($roleId, $roleData)

+ public function updateRole($roleId, array $roleData)

{

- $role = $this->role->findOrFail($roleId);

+ /** @var Role $role */

+ $role = $this->role->newQuery()->findOrFail($roleId);

$permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];

if ($role->system_name === 'admin') {

@@ -102,22 +91,27 @@ class PermissionsRepo

$this->assignRolePermissions($role, $permissions);

$role->fill($roleData);

+ $role->mfa_enforced = ($roleData['mfa_enforced'] ?? 'false') === 'true';

$role->save();

$this->permissionService->buildJointPermissionForRole($role);

+ Activity::add(ActivityType::ROLE_UPDATE, $role);

}

/**

* Assign an list of permission names to an role.

- * @param Role $role

- * @param array $permissionNameArray

- public function assignRolePermissions(Role $role, $permissionNameArray = [])

+ protected function assignRolePermissions(Role $role, array $permissionNameArray = [])

{

$permissions = [];

$permissionNameArray = array_values($permissionNameArray);

- if ($permissionNameArray && count($permissionNameArray) > 0) {

- $permissions = $this->permission->whereIn('name', $permissionNameArray)->pluck('id')->toArray();

+ if ($permissionNameArray) {

+ $permissions = $this->permission->newQuery()

+ ->whereIn('name', $permissionNameArray)

+ ->pluck('id')

+ ->toArray();

}

$role->permissions()->sync($permissions);

}

@@ -126,30 +120,32 @@ class PermissionsRepo

* Check it's not an admin role or set as default before deleting.

* If an migration Role ID is specified the users assign to the current role

* will be added to the role of the specified id.

- * @param $roleId

- * @param $migrateRoleId

+ *

* @throws PermissionsException

+ * @throws Exception

public function deleteRole($roleId, $migrateRoleId)

{

- $role = $this->role->findOrFail($roleId);

+ /** @var Role $role */

+ $role = $this->role->newQuery()->findOrFail($roleId);

// Prevent deleting admin role or default registration role.

if ($role->system_name && in_array($role->system_name, $this->systemRoles)) {

throw new PermissionsException(trans('errors.role_system_cannot_be_deleted'));

- } else if ($role->id === intval(setting('registration-role'))) {

+ } elseif ($role->id === intval(setting('registration-role'))) {

throw new PermissionsException(trans('errors.role_registration_default_cannot_delete'));

}

if ($migrateRoleId) {

- $newRole = $this->role->find($migrateRoleId);

+ $newRole = $this->role->newQuery()->find($migrateRoleId);

if ($newRole) {

- $users = $role->users->pluck('id')->toArray();

+ $users = $role->users()->pluck('id')->toArray();

$newRole->users()->sync($users);

}

$this->permissionService->deleteJointPermissionsForRole($role);

+ Activity::add(ActivityType::ROLE_DELETE, $role);

$role->delete();

}