X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/5f1ee5fb0e8f9422650b380f8bdd7299618a99fa..refs/pull/3918/head:/app/Auth/Role.php

diff --git a/app/Auth/Role.php b/app/Auth/Role.php
index 13ec6df16..b293d1af2 100644
--- a/app/Auth/Role.php
+++ b/app/Auth/Role.php
@@ -1,28 +1,40 @@
-<?php namespace BookStack\Auth;
+<?php
 
+namespace BookStack\Auth;
+
+use BookStack\Auth\Permissions\EntityPermission;
 use BookStack\Auth\Permissions\JointPermission;
 use BookStack\Auth\Permissions\RolePermission;
+use BookStack\Interfaces\Loggable;
 use BookStack\Model;
 use Illuminate\Database\Eloquent\Collection;
+use Illuminate\Database\Eloquent\Factories\HasFactory;
+use Illuminate\Database\Eloquent\Relations\BelongsToMany;
 use Illuminate\Database\Eloquent\Relations\HasMany;
 
 /**
- * Class Role
- * @property int $id
- * @property string $display_name
- * @property string $description
- * @property string $external_auth_id
- * @property string $system_name
+ * Class Role.
+ *
+ * @property int        $id
+ * @property string     $display_name
+ * @property string     $description
+ * @property string     $external_auth_id
+ * @property string     $system_name
+ * @property bool       $mfa_enforced
+ * @property Collection $users
  */
-class Role extends Model
+class Role extends Model implements Loggable
 {
+    use HasFactory;
 
     protected $fillable = ['display_name', 'description', 'external_auth_id'];
 
+    protected $hidden = ['pivot'];
+
     /**
      * The roles that belong to the role.
      */
-    public function users()
+    public function users(): BelongsToMany
     {
         return $this->belongsToMany(User::class)->orderBy('name', 'asc');
     }
@@ -38,11 +50,19 @@ class Role extends Model
     /**
      * The RolePermissions that belong to the role.
      */
-    public function permissions()
+    public function permissions(): BelongsToMany
     {
         return $this->belongsToMany(RolePermission::class, 'permission_role', 'role_id', 'permission_id');
     }
 
+    /**
+     * Get the entity permissions assigned to this role.
+     */
+    public function entityPermissions(): HasMany
+    {
+        return $this->hasMany(EntityPermission::class);
+    }
+
     /**
      * Check if this role has a permission.
      */
@@ -54,6 +74,7 @@ class Role extends Model
                 return true;
             }
         }
+
         return false;
     }
 
@@ -76,7 +97,7 @@ class Role extends Model
     /**
      * Get the role of the specified display name.
      */
-    public static function getRole(string $displayName): ?Role
+    public static function getRole(string $displayName): ?self
     {
         return static::query()->where('display_name', '=', $displayName)->first();
     }
@@ -84,24 +105,16 @@ class Role extends Model
     /**
      * Get the role object for the specified system role.
      */
-    public static function getSystemRole(string $systemName): ?Role
+    public static function getSystemRole(string $systemName): ?self
     {
         return static::query()->where('system_name', '=', $systemName)->first();
     }
 
     /**
-     * Get all visible roles
-     */
-    public static function visible(): Collection
-    {
-        return static::query()->where('hidden', '=', false)->orderBy('name')->get();
-    }
-
-    /**
-     * Get the roles that can be restricted.
+     * {@inheritdoc}
      */
-    public static function restrictable(): Collection
+    public function logDescriptor(): string
     {
-        return static::query()->where('system_name', '!=', 'admin')->get();
+        return "({$this->id}) {$this->display_name}";
     }
 }