X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/80865b30a5d6a82e86d21e272ae58977d4430a64..refs/pull/448/head:/app/Repos/PermissionsRepo.php diff --git a/app/Repos/PermissionsRepo.php b/app/Repos/PermissionsRepo.php index 2d497b76a..aa58d1718 100644 --- a/app/Repos/PermissionsRepo.php +++ b/app/Repos/PermissionsRepo.php @@ -2,8 +2,9 @@ use BookStack\Exceptions\PermissionsException; -use BookStack\Permission; +use BookStack\RolePermission; use BookStack\Role; +use BookStack\Services\PermissionService; use Setting; class PermissionsRepo @@ -11,16 +12,21 @@ class PermissionsRepo protected $permission; protected $role; + protected $permissionService; + + protected $systemRoles = ['admin', 'public']; /** * PermissionsRepo constructor. - * @param $permission - * @param $role + * @param RolePermission $permission + * @param Role $role + * @param PermissionService $permissionService */ - public function __construct(Permission $permission, Role $role) + public function __construct(RolePermission $permission, Role $role, PermissionService $permissionService) { $this->permission = $permission; $this->role = $role; + $this->permissionService = $permissionService; } /** @@ -69,6 +75,7 @@ class PermissionsRepo $permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : []; $this->assignRolePermissions($role, $permissions); + $this->permissionService->buildJointPermissionForRole($role); return $role; } @@ -77,20 +84,23 @@ class PermissionsRepo * Ensure Admin role always has all permissions. * @param $roleId * @param $roleData + * @throws PermissionsException */ public function updateRole($roleId, $roleData) { $role = $this->role->findOrFail($roleId); + $permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : []; $this->assignRolePermissions($role, $permissions); - if ($role->name === 'admin') { + if ($role->system_name === 'admin') { $permissions = $this->permission->all()->pluck('id')->toArray(); $role->permissions()->sync($permissions); } $role->fill($roleData); $role->save(); + $this->permissionService->buildJointPermissionForRole($role); } /** @@ -122,10 +132,10 @@ class PermissionsRepo $role = $this->role->findOrFail($roleId); // Prevent deleting admin role or default registration role. - if ($role->name === 'admin') { - throw new PermissionsException('The admin role cannot be deleted'); - } else if ($role->id == Setting::get('registration-role')) { - throw new PermissionsException('This role cannot be deleted while set as the default registration role.'); + if ($role->system_name && in_array($role->system_name, $this->systemRoles)) { + throw new PermissionsException(trans('errors.role_system_cannot_be_deleted')); + } else if ($role->id == setting('registration-role')) { + throw new PermissionsException(trans('errors.role_registration_default_cannot_delete')); } if ($migrateRoleId) { @@ -136,6 +146,7 @@ class PermissionsRepo } } + $this->permissionService->deleteJointPermissionsForRole($role); $role->delete(); }