Centralised handling of permission form data to own class

author Dan Brown <redacted>

Sun, 9 Oct 2022 16:14:11 +0000 (17:14 +0100)

committer Dan Brown <redacted>

Sun, 9 Oct 2022 16:14:11 +0000 (17:14 +0100)
author Dan Brown <redacted>
Sun, 9 Oct 2022 16:14:11 +0000 (17:14 +0100)
committer Dan Brown <redacted>
Sun, 9 Oct 2022 16:14:11 +0000 (17:14 +0100)
diff --git a/app/Auth/Permissions/EntityPermission.php b/app/Auth/Permissions/EntityPermission.php

index 8af5f480a44df50a59290ae696e2388de0f208dc..32ebc440d1dccc0b9274fd935531498dd23cb857 100644 (file)
--- a/app/Auth/Permissions/EntityPermission.php
+++ b/app/Auth/Permissions/EntityPermission.php
@@ -2,7 +2,9 @@
  
  namespace BookStack\Auth\Permissions;
  
  
  namespace BookStack\Auth\Permissions;
  
+use BookStack\Auth\Role;
  use BookStack\Model;
  use BookStack\Model;
+use Illuminate\Database\Eloquent\Relations\BelongsTo;
  use Illuminate\Database\Eloquent\Relations\MorphTo;
  
  /**
  use Illuminate\Database\Eloquent\Relations\MorphTo;
  
  /**
@@ -29,4 +31,12 @@ class EntityPermission extends Model
      {
          return $this->morphTo('restrictable');
      }
      {
          return $this->morphTo('restrictable');
      }
+
+    /**
+     * Get the role assigned to this entity permission.
+     */
+    public function role(): BelongsTo
+    {
+        return $this->belongsTo(Role::class);
+    }
  }
  }
diff --git a/app/Auth/Permissions/PermissionFormData.php b/app/Auth/Permissions/PermissionFormData.php

new file mode 100644 (file)

index 0000000..07c95c5
--- /dev/null
+++ b/app/Auth/Permissions/PermissionFormData.php
@@ -0,0 +1,57 @@
+<?php
+
+namespace BookStack\Auth\Permissions;
+
+use BookStack\Auth\Role;
+use BookStack\Entities\Models\Entity;
+
+class PermissionFormData
+{
+    protected Entity $entity;
+
+    public function __construct(Entity $entity)
+    {
+        $this->entity = $entity;
+    }
+
+    /**
+     * Get the roles with permissions assigned.
+     */
+    public function rolesWithPermissions(): array
+    {
+        return $this->entity->permissions()
+            ->with('role')
+            ->where('role_id', '!=', 0)
+            ->get(['id', 'role_id'])
+            ->pluck('role')
+            ->sortBy('display_name')
+            ->all();
+    }
+
+    /**
+     * Get the roles that don't yet have specific permissions for the
+     * entity we're managing permissions for.
+     */
+    public function rolesNotAssigned(): array
+    {
+        $assigned = $this->entity->permissions()->pluck('role_id');
+        return Role::query()
+            ->where('system_name', '!=', 'admin')
+            ->whereNotIn('id', $assigned)
+            ->orderBy('display_name', 'asc')
+            ->get()
+            ->all();
+    }
+
+    /**
+     * Get the "Everyone Else" role entry.
+     */
+    public function everyoneElseRole(): Role
+    {
+        return (new Role())->forceFill([
+            'id' => 0,
+            'display_name' => 'Everyone Else',
+            'description' => 'Set permissions for all roles not specifically overridden.'
+        ]);
+    }
+}
diff --git a/app/Auth/Role.php b/app/Auth/Role.php

index d5ce5cab70522c6e602d2d55857bb9448d5f1c61..17a4edcc020b0a84c5e1da880d364747069e2abc 100644 (file)
--- a/app/Auth/Role.php
+++ b/app/Auth/Role.php
@@ -118,30 +118,6 @@ class Role extends Model implements Loggable
          return static::query()->where('hidden', '=', false)->orderBy('name')->get();
      }
  
          return static::query()->where('hidden', '=', false)->orderBy('name')->get();
      }
  
-    /**
-     * Get the roles that can be restricted.
-     */
-    public static function restrictable(): Collection
-    {
-        return static::query()
-            ->where('system_name', '!=', 'admin')
-            ->orderBy('display_name', 'asc')
-            ->get();
-    }
-
-    /**
-     * Get a role to represent the case of 'Everyone else' in the system.
-     * Used within the interface since the default-fallback for permissions uses role_id=0.
-     */
-    public static function getEveryoneElseRole(): self
-    {
-        return (new static())->forceFill([
-            'id' => 0,
-            'display_name' => 'Everyone Else',
-            'description'  => 'Set permissions for all roles not specifically overridden.'
-        ]);
-    }
-
      /**
       * {@inheritdoc}
       */
      /**
       * {@inheritdoc}
       */
diff --git a/app/Http/Controllers/PermissionsController.php b/app/Http/Controllers/PermissionsController.php

index 92f994b00e04598bba56d855a58f3ac96ad4c4b3..d8dca9825c4ed3e96c0732af6ca81f45425ad6df 100644 (file)
--- a/app/Http/Controllers/PermissionsController.php
+++ b/app/Http/Controllers/PermissionsController.php
@@ -2,6 +2,7 @@
  
  namespace BookStack\Http\Controllers;
  
  
  namespace BookStack\Http\Controllers;
  
+use BookStack\Auth\Permissions\PermissionFormData;
  use BookStack\Entities\Models\Book;
  use BookStack\Entities\Models\Bookshelf;
  use BookStack\Entities\Models\Chapter;
  use BookStack\Entities\Models\Book;
  use BookStack\Entities\Models\Bookshelf;
  use BookStack\Entities\Models\Chapter;
@@ -28,6 +29,7 @@ class PermissionsController extends Controller
  
          return view('pages.permissions', [
              'page' => $page,
  
          return view('pages.permissions', [
              'page' => $page,
+            'data' => new PermissionFormData($page),
          ]);
      }
  
          ]);
      }
  
@@ -56,6 +58,7 @@ class PermissionsController extends Controller
  
          return view('chapters.permissions', [
              'chapter' => $chapter,
  
          return view('chapters.permissions', [
              'chapter' => $chapter,
+            'data' => new PermissionFormData($chapter),
          ]);
      }
  
          ]);
      }
  
@@ -84,6 +87,7 @@ class PermissionsController extends Controller
  
          return view('books.permissions', [
              'book' => $book,
  
          return view('books.permissions', [
              'book' => $book,
+            'data' => new PermissionFormData($book),
          ]);
      }
  
          ]);
      }
  
@@ -112,6 +116,7 @@ class PermissionsController extends Controller
  
          return view('shelves.permissions', [
              'shelf' => $shelf,
  
          return view('shelves.permissions', [
              'shelf' => $shelf,
+            'data' => new PermissionFormData($shelf),
          ]);
      }
  
          ]);
      }
  
diff --git a/resources/sass/_components.scss b/resources/sass/_components.scss

index d0aadce6e47a5ec43eeeb845702b16f623ac08f7..42477982a65b3330817e4aa1cf87591f96244089 100644 (file)
--- a/resources/sass/_components.scss
+++ b/resources/sass/_components.scss
@@ -818,6 +818,9 @@ body.flexbox-support #entity-selector-wrap .popup-body .form-group {
    border-radius: 0 0 4px 4px;
    border-bottom-width: 1.5px;
  }
    border-radius: 0 0 4px 4px;
    border-bottom-width: 1.5px;
  }
+.content-permissions-row:first-child:last-child {
+  border-radius: 4px;
+}
  .content-permissions-row-toggle-all {
    visibility: hidden;
  }
  .content-permissions-row-toggle-all {
    visibility: hidden;
  }
diff --git a/resources/views/form/entity-permissions.blade.php b/resources/views/form/entity-permissions.blade.php

index 408414b7651dcb650a175eff68aaf667e40bf21e..2fd0a4a434980f12c3a2233f39f3d00d2b3f72c6 100644 (file)
--- a/resources/views/form/entity-permissions.blade.php
+++ b/resources/views/form/entity-permissions.blade.php
@@ -19,13 +19,13 @@
      @endif
  
      <div class="content-permissions mt-m mb-xl">
      @endif
  
      <div class="content-permissions mt-m mb-xl">
-        @foreach(\BookStack\Auth\Role::restrictable() as $role)
+        @foreach($data->rolesWithPermissions() as $role)
              @include('form.entity-permissions-row', ['role' => $role, 'model' => $model])
          @endforeach
      </div>
  
      <div class="content-permissions mt-m mb-xl">
              @include('form.entity-permissions-row', ['role' => $role, 'model' => $model])
          @endforeach
      </div>
  
      <div class="content-permissions mt-m mb-xl">
-        @include('form.entity-permissions-row', ['role' => \BookStack\Auth\Role::getEveryoneElseRole(), 'model' => $model])
+        @include('form.entity-permissions-row', ['role' => $data->everyoneElseRole(), 'model' => $model])
      </div>
  
      <div class="text-right">
      </div>
  
      <div class="text-right">
author	Dan Brown <redacted>
	Sun, 9 Oct 2022 16:14:11 +0000 (17:14 +0100)
committer	Dan Brown <redacted>
	Sun, 9 Oct 2022 16:14:11 +0000 (17:14 +0100)
app/Auth/Permissions/EntityPermission.php		patch \| blob \| history
app/Auth/Permissions/PermissionFormData.php	[new file with mode: 0644]	patch \| blob
app/Auth/Role.php		patch \| blob \| history
app/Http/Controllers/PermissionsController.php		patch \| blob \| history
resources/sass/_components.scss		patch \| blob \| history
resources/views/form/entity-permissions.blade.php		patch \| blob \| history