X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/80865b30a5d6a82e86d21e272ae58977d4430a64..refs/pull/448/head:/app/Repos/PermissionsRepo.php

diff --git a/app/Repos/PermissionsRepo.php b/app/Repos/PermissionsRepo.php
index 2d497b76a..aa58d1718 100644
--- a/app/Repos/PermissionsRepo.php
+++ b/app/Repos/PermissionsRepo.php
@@ -2,8 +2,9 @@
 
 
 use BookStack\Exceptions\PermissionsException;
-use BookStack\Permission;
+use BookStack\RolePermission;
 use BookStack\Role;
+use BookStack\Services\PermissionService;
 use Setting;
 
 class PermissionsRepo
@@ -11,16 +12,21 @@ class PermissionsRepo
 
     protected $permission;
     protected $role;
+    protected $permissionService;
+
+    protected $systemRoles = ['admin', 'public'];
 
     /**
      * PermissionsRepo constructor.
-     * @param $permission
-     * @param $role
+     * @param RolePermission $permission
+     * @param Role $role
+     * @param PermissionService $permissionService
      */
-    public function __construct(Permission $permission, Role $role)
+    public function __construct(RolePermission $permission, Role $role, PermissionService $permissionService)
     {
         $this->permission = $permission;
         $this->role = $role;
+        $this->permissionService = $permissionService;
     }
 
     /**
@@ -69,6 +75,7 @@ class PermissionsRepo
 
         $permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];
         $this->assignRolePermissions($role, $permissions);
+        $this->permissionService->buildJointPermissionForRole($role);
         return $role;
     }
 
@@ -77,20 +84,23 @@ class PermissionsRepo
      * Ensure Admin role always has all permissions.
      * @param $roleId
      * @param $roleData
+     * @throws PermissionsException
      */
     public function updateRole($roleId, $roleData)
     {
         $role = $this->role->findOrFail($roleId);
+
         $permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];
         $this->assignRolePermissions($role, $permissions);
 
-        if ($role->name === 'admin') {
+        if ($role->system_name === 'admin') {
             $permissions = $this->permission->all()->pluck('id')->toArray();
             $role->permissions()->sync($permissions);
         }
 
         $role->fill($roleData);
         $role->save();
+        $this->permissionService->buildJointPermissionForRole($role);
     }
 
     /**
@@ -122,10 +132,10 @@ class PermissionsRepo
         $role = $this->role->findOrFail($roleId);
 
         // Prevent deleting admin role or default registration role.
-        if ($role->name === 'admin') {
-            throw new PermissionsException('The admin role cannot be deleted');
-        } else if ($role->id == Setting::get('registration-role')) {
-            throw new PermissionsException('This role cannot be deleted while set as the default registration role.');
+        if ($role->system_name && in_array($role->system_name, $this->systemRoles)) {
+            throw new PermissionsException(trans('errors.role_system_cannot_be_deleted'));
+        } else if ($role->id == setting('registration-role')) {
+            throw new PermissionsException(trans('errors.role_registration_default_cannot_delete'));
         }
 
         if ($migrateRoleId) {
@@ -136,6 +146,7 @@ class PermissionsRepo
             }
         }
 
+        $this->permissionService->deleteJointPermissionsForRole($role);
         $role->delete();
     }