X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/a81a56706e8be77586631f3619ad84df36c8d84e..refs/pull/448/head:/app/Repos/PermissionsRepo.php

diff --git a/app/Repos/PermissionsRepo.php b/app/Repos/PermissionsRepo.php
index ab265a45f..aa58d1718 100644
--- a/app/Repos/PermissionsRepo.php
+++ b/app/Repos/PermissionsRepo.php
@@ -2,9 +2,9 @@
 
 
 use BookStack\Exceptions\PermissionsException;
-use BookStack\Permission;
+use BookStack\RolePermission;
 use BookStack\Role;
-use BookStack\Services\RestrictionService;
+use BookStack\Services\PermissionService;
 use Setting;
 
 class PermissionsRepo
@@ -12,19 +12,21 @@ class PermissionsRepo
 
     protected $permission;
     protected $role;
-    protected $restrictionService;
+    protected $permissionService;
+
+    protected $systemRoles = ['admin', 'public'];
 
     /**
      * PermissionsRepo constructor.
-     * @param Permission $permission
+     * @param RolePermission $permission
      * @param Role $role
-     * @param RestrictionService $restrictionService
+     * @param PermissionService $permissionService
      */
-    public function __construct(Permission $permission, Role $role, RestrictionService $restrictionService)
+    public function __construct(RolePermission $permission, Role $role, PermissionService $permissionService)
     {
         $this->permission = $permission;
         $this->role = $role;
-        $this->restrictionService = $restrictionService;
+        $this->permissionService = $permissionService;
     }
 
     /**
@@ -73,7 +75,7 @@ class PermissionsRepo
 
         $permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];
         $this->assignRolePermissions($role, $permissions);
-        $this->restrictionService->buildEntityPermissionForRole($role);
+        $this->permissionService->buildJointPermissionForRole($role);
         return $role;
     }
 
@@ -82,21 +84,23 @@ class PermissionsRepo
      * Ensure Admin role always has all permissions.
      * @param $roleId
      * @param $roleData
+     * @throws PermissionsException
      */
     public function updateRole($roleId, $roleData)
     {
         $role = $this->role->findOrFail($roleId);
+
         $permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];
         $this->assignRolePermissions($role, $permissions);
 
-        if ($role->name === 'admin') {
+        if ($role->system_name === 'admin') {
             $permissions = $this->permission->all()->pluck('id')->toArray();
             $role->permissions()->sync($permissions);
         }
 
         $role->fill($roleData);
         $role->save();
-        $this->restrictionService->buildEntityPermissionForRole($role);
+        $this->permissionService->buildJointPermissionForRole($role);
     }
 
     /**
@@ -128,10 +132,10 @@ class PermissionsRepo
         $role = $this->role->findOrFail($roleId);
 
         // Prevent deleting admin role or default registration role.
-        if ($role->name === 'admin') {
-            throw new PermissionsException('The admin role cannot be deleted');
+        if ($role->system_name && in_array($role->system_name, $this->systemRoles)) {
+            throw new PermissionsException(trans('errors.role_system_cannot_be_deleted'));
         } else if ($role->id == setting('registration-role')) {
-            throw new PermissionsException('This role cannot be deleted while set as the default registration role.');
+            throw new PermissionsException(trans('errors.role_registration_default_cannot_delete'));
         }
 
         if ($migrateRoleId) {
@@ -142,7 +146,7 @@ class PermissionsRepo
             }
         }
 
-        $this->restrictionService->deleteEntityPermissionsForRole($role);
+        $this->permissionService->deleteJointPermissionsForRole($role);
         $role->delete();
     }