X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/85db812feaae5f36ea6214931cec4adb67a9cb39..refs/pull/3918/head:/app/Auth/Role.php

diff --git a/app/Auth/Role.php b/app/Auth/Role.php
index 629cd6a95..b293d1af2 100644
--- a/app/Auth/Role.php
+++ b/app/Auth/Role.php
@@ -1,26 +1,36 @@
-<?php namespace BookStack\Auth;
+<?php
 
+namespace BookStack\Auth;
+
+use BookStack\Auth\Permissions\EntityPermission;
 use BookStack\Auth\Permissions\JointPermission;
 use BookStack\Auth\Permissions\RolePermission;
 use BookStack\Interfaces\Loggable;
 use BookStack\Model;
 use Illuminate\Database\Eloquent\Collection;
+use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Relations\BelongsToMany;
 use Illuminate\Database\Eloquent\Relations\HasMany;
 
 /**
- * Class Role
- * @property int $id
- * @property string $display_name
- * @property string $description
- * @property string $external_auth_id
- * @property string $system_name
+ * Class Role.
+ *
+ * @property int        $id
+ * @property string     $display_name
+ * @property string     $description
+ * @property string     $external_auth_id
+ * @property string     $system_name
+ * @property bool       $mfa_enforced
+ * @property Collection $users
  */
 class Role extends Model implements Loggable
 {
+    use HasFactory;
 
     protected $fillable = ['display_name', 'description', 'external_auth_id'];
 
+    protected $hidden = ['pivot'];
+
     /**
      * The roles that belong to the role.
      */
@@ -45,6 +55,14 @@ class Role extends Model implements Loggable
         return $this->belongsToMany(RolePermission::class, 'permission_role', 'role_id', 'permission_id');
     }
 
+    /**
+     * Get the entity permissions assigned to this role.
+     */
+    public function entityPermissions(): HasMany
+    {
+        return $this->hasMany(EntityPermission::class);
+    }
+
     /**
      * Check if this role has a permission.
      */
@@ -56,6 +74,7 @@ class Role extends Model implements Loggable
                 return true;
             }
         }
+
         return false;
     }
 
@@ -78,7 +97,7 @@ class Role extends Model implements Loggable
     /**
      * Get the role of the specified display name.
      */
-    public static function getRole(string $displayName): ?Role
+    public static function getRole(string $displayName): ?self
     {
         return static::query()->where('display_name', '=', $displayName)->first();
     }
@@ -86,29 +105,13 @@ class Role extends Model implements Loggable
     /**
      * Get the role object for the specified system role.
      */
-    public static function getSystemRole(string $systemName): ?Role
+    public static function getSystemRole(string $systemName): ?self
     {
         return static::query()->where('system_name', '=', $systemName)->first();
     }
 
     /**
-     * Get all visible roles
-     */
-    public static function visible(): Collection
-    {
-        return static::query()->where('hidden', '=', false)->orderBy('name')->get();
-    }
-
-    /**
-     * Get the roles that can be restricted.
-     */
-    public static function restrictable(): Collection
-    {
-        return static::query()->where('system_name', '!=', 'admin')->get();
-    }
-
-    /**
-     * @inheritdoc
+     * {@inheritdoc}
      */
     public function logDescriptor(): string
     {