X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/a81a56706e8be77586631f3619ad84df36c8d84e..refs/pull/448/head:/app/Repos/PermissionsRepo.php diff --git a/app/Repos/PermissionsRepo.php b/app/Repos/PermissionsRepo.php index ab265a45f..aa58d1718 100644 --- a/app/Repos/PermissionsRepo.php +++ b/app/Repos/PermissionsRepo.php @@ -2,9 +2,9 @@ use BookStack\Exceptions\PermissionsException; -use BookStack\Permission; +use BookStack\RolePermission; use BookStack\Role; -use BookStack\Services\RestrictionService; +use BookStack\Services\PermissionService; use Setting; class PermissionsRepo @@ -12,19 +12,21 @@ class PermissionsRepo protected $permission; protected $role; - protected $restrictionService; + protected $permissionService; + + protected $systemRoles = ['admin', 'public']; /** * PermissionsRepo constructor. - * @param Permission $permission + * @param RolePermission $permission * @param Role $role - * @param RestrictionService $restrictionService + * @param PermissionService $permissionService */ - public function __construct(Permission $permission, Role $role, RestrictionService $restrictionService) + public function __construct(RolePermission $permission, Role $role, PermissionService $permissionService) { $this->permission = $permission; $this->role = $role; - $this->restrictionService = $restrictionService; + $this->permissionService = $permissionService; } /** @@ -73,7 +75,7 @@ class PermissionsRepo $permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : []; $this->assignRolePermissions($role, $permissions); - $this->restrictionService->buildEntityPermissionForRole($role); + $this->permissionService->buildJointPermissionForRole($role); return $role; } @@ -82,21 +84,23 @@ class PermissionsRepo * Ensure Admin role always has all permissions. * @param $roleId * @param $roleData + * @throws PermissionsException */ public function updateRole($roleId, $roleData) { $role = $this->role->findOrFail($roleId); + $permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : []; $this->assignRolePermissions($role, $permissions); - if ($role->name === 'admin') { + if ($role->system_name === 'admin') { $permissions = $this->permission->all()->pluck('id')->toArray(); $role->permissions()->sync($permissions); } $role->fill($roleData); $role->save(); - $this->restrictionService->buildEntityPermissionForRole($role); + $this->permissionService->buildJointPermissionForRole($role); } /** @@ -128,10 +132,10 @@ class PermissionsRepo $role = $this->role->findOrFail($roleId); // Prevent deleting admin role or default registration role. - if ($role->name === 'admin') { - throw new PermissionsException('The admin role cannot be deleted'); + if ($role->system_name && in_array($role->system_name, $this->systemRoles)) { + throw new PermissionsException(trans('errors.role_system_cannot_be_deleted')); } else if ($role->id == setting('registration-role')) { - throw new PermissionsException('This role cannot be deleted while set as the default registration role.'); + throw new PermissionsException(trans('errors.role_registration_default_cannot_delete')); } if ($migrateRoleId) { @@ -142,7 +146,7 @@ class PermissionsRepo } } - $this->restrictionService->deleteEntityPermissionsForRole($role); + $this->permissionService->deleteJointPermissionsForRole($role); $role->delete(); }