X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/a6633642232efd164d4708967ab59e498fbff896..refs/pull/3918/head:/app/Auth/Permissions/PermissionsRepo.php

diff --git a/app/Auth/Permissions/PermissionsRepo.php b/app/Auth/Permissions/PermissionsRepo.php
index f54612a43..6dcef7256 100644
--- a/app/Auth/Permissions/PermissionsRepo.php
+++ b/app/Auth/Permissions/PermissionsRepo.php
@@ -1,4 +1,6 @@
-<?php namespace BookStack\Auth\Permissions;
+<?php
+
+namespace BookStack\Auth\Permissions;
 
 use BookStack\Actions\ActivityType;
 use BookStack\Auth\Role;
@@ -9,21 +11,15 @@ use Illuminate\Database\Eloquent\Collection;
 
 class PermissionsRepo
 {
-
-    protected $permission;
-    protected $role;
-    protected $permissionService;
-
+    protected JointPermissionBuilder $permissionBuilder;
     protected $systemRoles = ['admin', 'public'];
 
     /**
      * PermissionsRepo constructor.
      */
-    public function __construct(RolePermission $permission, Role $role, PermissionService $permissionService)
+    public function __construct(JointPermissionBuilder $permissionBuilder)
     {
-        $this->permission = $permission;
-        $this->role = $role;
-        $this->permissionService = $permissionService;
+        $this->permissionBuilder = $permissionBuilder;
     }
 
     /**
@@ -31,7 +27,7 @@ class PermissionsRepo
      */
     public function getAllRoles(): Collection
     {
-        return $this->role->all();
+        return Role::query()->get();
     }
 
     /**
@@ -39,7 +35,7 @@ class PermissionsRepo
      */
     public function getAllRolesExcept(Role $role): Collection
     {
-        return $this->role->where('id', '!=', $role->id)->get();
+        return Role::query()->where('id', '!=', $role->id)->get();
     }
 
     /**
@@ -47,7 +43,7 @@ class PermissionsRepo
      */
     public function getRoleById($id): Role
     {
-        return $this->role->newQuery()->findOrFail($id);
+        return Role::query()->findOrFail($id);
     }
 
     /**
@@ -55,13 +51,16 @@ class PermissionsRepo
      */
     public function saveNewRole(array $roleData): Role
     {
-        $role = $this->role->newInstance($roleData);
+        $role = new Role($roleData);
+        $role->mfa_enforced = ($roleData['mfa_enforced'] ?? 'false') === 'true';
         $role->save();
 
         $permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];
         $this->assignRolePermissions($role, $permissions);
-        $this->permissionService->buildJointPermissionForRole($role);
+        $this->permissionBuilder->rebuildForRole($role);
+
         Activity::add(ActivityType::ROLE_CREATE, $role);
+
         return $role;
     }
 
@@ -71,8 +70,7 @@ class PermissionsRepo
      */
     public function updateRole($roleId, array $roleData)
     {
-        /** @var Role $role */
-        $role = $this->role->newQuery()->findOrFail($roleId);
+        $role = $this->getRoleById($roleId);
 
         $permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];
         if ($role->system_name === 'admin') {
@@ -88,13 +86,15 @@ class PermissionsRepo
         $this->assignRolePermissions($role, $permissions);
 
         $role->fill($roleData);
+        $role->mfa_enforced = ($roleData['mfa_enforced'] ?? 'false') === 'true';
         $role->save();
-        $this->permissionService->buildJointPermissionForRole($role);
+        $this->permissionBuilder->rebuildForRole($role);
+
         Activity::add(ActivityType::ROLE_UPDATE, $role);
     }
 
     /**
-     * Assign an list of permission names to an role.
+     * Assign a list of permission names to a role.
      */
     protected function assignRolePermissions(Role $role, array $permissionNameArray = [])
     {
@@ -102,7 +102,7 @@ class PermissionsRepo
         $permissionNameArray = array_values($permissionNameArray);
 
         if ($permissionNameArray) {
-            $permissions = $this->permission->newQuery()
+            $permissions = RolePermission::query()
                 ->whereIn('name', $permissionNameArray)
                 ->pluck('id')
                 ->toArray();
@@ -116,30 +116,31 @@ class PermissionsRepo
      * Check it's not an admin role or set as default before deleting.
      * If an migration Role ID is specified the users assign to the current role
      * will be added to the role of the specified id.
+     *
      * @throws PermissionsException
      * @throws Exception
      */
     public function deleteRole($roleId, $migrateRoleId)
     {
-        /** @var Role $role */
-        $role = $this->role->newQuery()->findOrFail($roleId);
+        $role = $this->getRoleById($roleId);
 
         // Prevent deleting admin role or default registration role.
         if ($role->system_name && in_array($role->system_name, $this->systemRoles)) {
             throw new PermissionsException(trans('errors.role_system_cannot_be_deleted'));
-        } else if ($role->id === intval(setting('registration-role'))) {
+        } elseif ($role->id === intval(setting('registration-role'))) {
             throw new PermissionsException(trans('errors.role_registration_default_cannot_delete'));
         }
 
         if ($migrateRoleId) {
-            $newRole = $this->role->newQuery()->find($migrateRoleId);
+            $newRole = Role::query()->find($migrateRoleId);
             if ($newRole) {
                 $users = $role->users()->pluck('id')->toArray();
                 $newRole->users()->sync($users);
             }
         }
 
-        $this->permissionService->deleteJointPermissionsForRole($role);
+        $role->entityPermissions()->delete();
+        $role->jointPermissions()->delete();
         Activity::add(ActivityType::ROLE_DELETE, $role);
         $role->delete();
     }