bakaphp / phalcon-api

library/Traits/PermissionsTrait.php

<?php

declare(strict_types=1);

namespace Gewaer\Traits;

use Gewaer\Models\Roles;
use Gewaer\Models\UserRoles;
use Gewaer\Exception\ServerErrorHttpException;
use Gewaer\Exception\ModelException;

/**
 * Trait FractalTrait
 *
 * @package Gewaer\Traits
 */
trait PermissionsTrait
{
    /**
     * Assigne a user this role
     * Example: App.Role
     *
     * @param string $role
     * @return boolean
     */
    public function assignRole(string $role): bool
    {
        $role = Roles::getByAppName($role, $this->defaultCompany);

        if (!is_object($role)) {
            throw new ServerErrorHttpException('Role not found in DB');
        }

        $userRole = UserRoles::findFirst([
            'conditions' => 'users_id = ?0 and roles_id = ?1 and apps_id = ?2 and companies_id = ?3',
            'bind' => [$this->getId(), $role->getId(), $role->apps_id, $this->currentCompanyId()]

It seems like currentCompanyId() must be provided by classes using this trait. How about adding it as abstract method to this trait?

        ]);

        if (!is_object($userRole)) {
            $userRole = new UserRoles();
            $userRole->users_id = $this->getId();
            $userRole->roles_id = $role->getId();
            $userRole->apps_id = $role->apps_id;
            $userRole->companies_id = $this->currentCompanyId();
            if (!$userRole->save()) {
                throw new ModelException((string) current($userRole->getMessages()));
            }
        }

        return true;
    }

    /**
     * Remove a role for the current user
     * Example: App.Role
     *
     * @param string $role
     * @return boolean
     */
    public function removeRole(string $role): bool
    {
        $role = Roles::getByAppName($role, $this->defaultCompany);

        if (!is_object($role)) {
            throw new ServerErrorHttpException('Role not found in DB');
        }

        $userRole = UserRoles::findFirst([
            'conditions' => 'users_id = ?0 and roles_id = ?1 and apps_id = ?2 and companies_id = ?3',
            'bind' => [$this->getId(), $role->getId(), $role->apps_id, $this->currentCompanyId()]
        ]);

        if (is_object($userRole)) {
            return $userRole->delete();
        }

        return false;
    }

    /**
     * Check if the user has this role
     *
     * @param string $role
     * @return boolean
     */
    public function hasRole(string $role): bool
    {
        $role = Roles::getByAppName($role, $this->defaultCompany);

        if (!is_object($role)) {
            throw new ServerErrorHttpException('Role not found in DB');
        }

        $userRole = UserRoles::findFirst([
            'conditions' => 'users_id = ?0 and roles_id = ?1 and (apps_id = ?2 or apps_id = ?4) and companies_id = ?3',
            'bind' => [$this->getId(), $role->getId(), $role->apps_id, $this->currentCompanyId(), $this->di->getApp()->getId()]
        ]);

        if (is_object($userRole)) {
            return true;
        }

        return false;
    }

    /**
     * At this current system / app can you do this?
     *
     * Example: resource.action
     *  Leads.add || leads.updates || lead.delete
     *
     * @param string $action
     * @return boolean
     */
    public function can(string $action): bool
    {
        //if we find the . then les
        if (strpos($action, '.') === false) {
            throw new ServerErrorHttpException('ACL - We are expecting the resource for this action');
        }

        $action = explode('.', $action);
        $resource = $action[0];
        $action = $action[1];
        //get your user account role for this app or the canvas ecosystem
        $role = $this->getPermission('apps_id in (' . \Phalcon\DI::getDefault()->getConfig()->app->id . ',' . Roles::DEFAULT_ACL_APP_ID . ')')->roles->name;

        return $this->di->getAcl()->isAllowed($role, $resource, $action);
    }
}