1
|
|
|
<?php |
2
|
|
|
declare(strict_types=1); |
3
|
|
|
|
4
|
|
|
namespace Maklad\Permission\Traits; |
5
|
|
|
|
6
|
|
|
use Illuminate\Support\Collection; |
7
|
|
|
use Jenssegers\Mongodb\Eloquent\Builder; |
8
|
|
|
use Jenssegers\Mongodb\Eloquent\Model; |
9
|
|
|
use Jenssegers\Mongodb\Relations\BelongsToMany; |
10
|
|
|
use Maklad\Permission\Contracts\PermissionInterface as Permission; |
11
|
|
|
use Maklad\Permission\Exceptions\GuardDoesNotMatch; |
12
|
|
|
use Maklad\Permission\Guard; |
13
|
|
|
use Maklad\Permission\Helpers; |
14
|
|
|
use Maklad\Permission\Models\Role; |
15
|
|
|
use Maklad\Permission\PermissionRegistrar; |
16
|
|
|
|
17
|
|
|
/** |
18
|
|
|
* Trait HasPermissions |
19
|
|
|
* @package Maklad\Permission\Traits |
20
|
|
|
*/ |
21
|
|
|
trait HasPermissions |
22
|
|
|
{ |
23
|
|
|
public static function bootHasPermissions() |
24
|
|
|
{ |
25
|
123 |
|
static::deleting(function (Model $model) { |
26
|
6 |
|
if (isset($model->forceDeleting) && !$model->forceDeleting) { |
27
|
2 |
|
return; |
28
|
|
|
} |
29
|
|
|
|
30
|
4 |
|
$model->permissions()->sync([]); |
31
|
123 |
|
}); |
32
|
123 |
|
} |
33
|
|
|
|
34
|
|
|
/** |
35
|
|
|
* A role may be given various permissions. |
36
|
|
|
* @return BelongsToMany |
37
|
|
|
*/ |
38
|
54 |
|
public function permissions(): BelongsToMany |
39
|
|
|
{ |
40
|
54 |
|
return $this->belongsToMany( |
|
|
|
|
41
|
54 |
|
config('permission.models.permission'), |
42
|
54 |
|
config('permission.collection_names.role_has_permissions') |
43
|
|
|
); |
44
|
|
|
} |
45
|
|
|
|
46
|
|
|
/** |
47
|
|
|
* A role belongs to some users of the model associated with its guard. |
48
|
|
|
*/ |
49
|
2 |
|
public function users(): BelongsToMany |
50
|
|
|
{ |
51
|
2 |
|
return $this->belongsToMany($this->helpers->getModelForGuard($this->attributes['guard_name'])); |
|
|
|
|
52
|
|
|
} |
53
|
|
|
|
54
|
|
|
/** |
55
|
|
|
* Grant the given permission(s) to a role. |
56
|
|
|
* |
57
|
|
|
* @param string|array|Permission|\Illuminate\Support\Collection $permissions |
58
|
|
|
* |
59
|
|
|
* @return $this |
60
|
|
|
* @throws GuardDoesNotMatch |
61
|
|
|
*/ |
62
|
46 |
View Code Duplication |
public function givePermissionTo(...$permissions) |
|
|
|
|
63
|
|
|
{ |
64
|
46 |
|
$permissions = collect($permissions) |
65
|
46 |
|
->flatten() |
66
|
46 |
|
->map(function ($permission) { |
67
|
44 |
|
return $this->getStoredPermission($permission); |
68
|
46 |
|
}) |
69
|
44 |
|
->each(function ($permission) { |
70
|
42 |
|
$this->ensureModelSharesGuard($permission); |
71
|
44 |
|
}) |
72
|
41 |
|
->all(); |
73
|
|
|
|
74
|
41 |
|
$this->permissions()->saveMany($permissions); |
75
|
|
|
|
76
|
41 |
|
$this->forgetCachedPermissions(); |
77
|
|
|
|
78
|
41 |
|
return $this; |
79
|
|
|
} |
80
|
|
|
|
81
|
|
|
/** |
82
|
|
|
* Remove all current permissions and set the given ones. |
83
|
|
|
* |
84
|
|
|
* @param string|array|Permission|\Illuminate\Support\Collection $permissions |
85
|
|
|
* |
86
|
|
|
* @return $this |
87
|
|
|
* @throws GuardDoesNotMatch |
88
|
|
|
*/ |
89
|
4 |
|
public function syncPermissions(...$permissions) |
90
|
|
|
{ |
91
|
4 |
|
$this->permissions()->sync([]); |
92
|
|
|
|
93
|
4 |
|
return $this->givePermissionTo($permissions); |
94
|
|
|
} |
95
|
|
|
|
96
|
|
|
/** |
97
|
|
|
* Revoke the given permission. |
98
|
|
|
* |
99
|
|
|
* @param string|array|Permission|\Illuminate\Support\Collection $permissions |
100
|
|
|
* |
101
|
|
|
* @return $this |
102
|
|
|
* @throws \Maklad\Permission\Exceptions\GuardDoesNotMatch |
103
|
|
|
*/ |
104
|
6 |
View Code Duplication |
public function revokePermissionTo(...$permissions) |
|
|
|
|
105
|
|
|
{ |
106
|
6 |
|
collect($permissions) |
107
|
6 |
|
->flatten() |
108
|
6 |
|
->map(function ($permission) { |
109
|
6 |
|
$permission = $this->getStoredPermission($permission); |
110
|
6 |
|
$this->permissions()->detach($permission); |
|
|
|
|
111
|
|
|
|
112
|
6 |
|
return $permission; |
113
|
6 |
|
}); |
114
|
|
|
|
115
|
6 |
|
$this->forgetCachedPermissions(); |
116
|
|
|
|
117
|
6 |
|
return $this; |
118
|
|
|
} |
119
|
|
|
|
120
|
|
|
/** |
121
|
|
|
* @param string|Permission $permission |
122
|
|
|
* |
123
|
|
|
* @return Permission |
124
|
|
|
* @throws \ReflectionException |
125
|
|
|
*/ |
126
|
45 |
|
protected function getStoredPermission($permission): Permission |
127
|
|
|
{ |
128
|
45 |
|
if (\is_string($permission)) { |
129
|
32 |
|
return \app(Permission::class)->findByName($permission, $this->getDefaultGuardName()); |
130
|
|
|
} |
131
|
|
|
|
132
|
16 |
|
return $permission; |
133
|
|
|
} |
134
|
|
|
|
135
|
|
|
/** |
136
|
|
|
* @param Model $roleOrPermission |
137
|
|
|
* |
138
|
|
|
* @throws GuardDoesNotMatch |
139
|
|
|
* @throws \ReflectionException |
140
|
|
|
*/ |
141
|
83 |
|
protected function ensureModelSharesGuard(Model $roleOrPermission) |
142
|
|
|
{ |
143
|
83 |
View Code Duplication |
if (! $this->getGuardNames()->contains($roleOrPermission->guard_name)) { |
|
|
|
|
144
|
5 |
|
$expected = $this->getGuardNames(); |
145
|
5 |
|
$given = $roleOrPermission->guard_name; |
146
|
5 |
|
$helpers = new Helpers(); |
147
|
|
|
|
148
|
5 |
|
throw new GuardDoesNotMatch($helpers->getGuardDoesNotMatchMessage($expected, $given)); |
149
|
|
|
} |
150
|
79 |
|
} |
151
|
|
|
|
152
|
|
|
/** |
153
|
|
|
* @return Collection |
154
|
|
|
* @throws \ReflectionException |
155
|
|
|
*/ |
156
|
86 |
|
protected function getGuardNames(): Collection |
157
|
|
|
{ |
158
|
86 |
|
return (new Guard())->getNames($this); |
159
|
|
|
} |
160
|
|
|
|
161
|
|
|
/** |
162
|
|
|
* @return string |
163
|
|
|
* @throws \ReflectionException |
164
|
|
|
*/ |
165
|
78 |
|
protected function getDefaultGuardName(): string |
166
|
|
|
{ |
167
|
78 |
|
return (new Guard())->getDefaultName($this); |
168
|
|
|
} |
169
|
|
|
|
170
|
|
|
/** |
171
|
|
|
* Forget the cached permissions. |
172
|
|
|
*/ |
173
|
80 |
|
public function forgetCachedPermissions() |
174
|
|
|
{ |
175
|
80 |
|
app(PermissionRegistrar::class)->forgetCachedPermissions(); |
176
|
80 |
|
} |
177
|
|
|
|
178
|
|
|
/** |
179
|
|
|
* Convert to Permission Models |
180
|
|
|
* |
181
|
|
|
* @param string|array|Collection $permissions |
182
|
|
|
* |
183
|
|
|
* @return Collection |
184
|
|
|
*/ |
185
|
7 |
View Code Duplication |
private function convertToPermissionModels($permissions): Collection |
|
|
|
|
186
|
|
|
{ |
187
|
7 |
|
if (\is_array($permissions)) { |
188
|
3 |
|
$permissions = collect($permissions); |
189
|
|
|
} |
190
|
|
|
|
191
|
7 |
|
if (! $permissions instanceof Collection) { |
192
|
5 |
|
$permissions = collect([$permissions]); |
193
|
|
|
} |
194
|
|
|
|
195
|
7 |
|
$permissions = $permissions->map(function ($permission) { |
196
|
7 |
|
return $this->getStoredPermission($permission); |
197
|
7 |
|
}); |
198
|
|
|
|
199
|
6 |
|
return $permissions; |
200
|
|
|
} |
201
|
|
|
|
202
|
|
|
/** |
203
|
|
|
* Return a collection of permission names associated with this user. |
204
|
|
|
* |
205
|
|
|
* @return Collection |
206
|
|
|
*/ |
207
|
1 |
|
public function getPermissionNames(): Collection |
208
|
|
|
{ |
209
|
1 |
|
return $this->getAllPermissions()->pluck('name'); |
210
|
|
|
} |
211
|
|
|
|
212
|
|
|
/** |
213
|
|
|
* Return all the permissions the model has via roles. |
214
|
|
|
*/ |
215
|
3 |
|
public function getPermissionsViaRoles(): Collection |
216
|
|
|
{ |
217
|
3 |
|
return $this->load('roles', 'roles.permissions') |
|
|
|
|
218
|
3 |
|
->roles->flatMap(function (Role $role) { |
219
|
2 |
|
return $role->permissions; |
220
|
3 |
|
})->sort()->values(); |
221
|
|
|
} |
222
|
|
|
|
223
|
|
|
/** |
224
|
|
|
* Return all the permissions the model has, both directly and via roles. |
225
|
|
|
*/ |
226
|
2 |
|
public function getAllPermissions(): Collection |
227
|
|
|
{ |
228
|
2 |
|
return $this->permissions |
|
|
|
|
229
|
2 |
|
->merge($this->getPermissionsViaRoles()) |
230
|
2 |
|
->sort() |
231
|
2 |
|
->values(); |
232
|
|
|
} |
233
|
|
|
|
234
|
|
|
/** |
235
|
|
|
* Determine if the model may perform the given permission. |
236
|
|
|
* |
237
|
|
|
* @param string|Permission $permission |
238
|
|
|
* @param string|null $guardName |
239
|
|
|
* |
240
|
|
|
* @return bool |
241
|
|
|
* @throws \ReflectionException |
242
|
|
|
*/ |
243
|
24 |
|
public function hasPermissionTo($permission, $guardName = null): bool |
244
|
|
|
{ |
245
|
24 |
|
if (\is_string($permission)) { |
246
|
15 |
|
$permission = \app(Permission::class)->findByName( |
247
|
15 |
|
$permission, |
248
|
15 |
|
$guardName ?? $this->getDefaultGuardName() |
249
|
|
|
); |
250
|
|
|
} |
251
|
|
|
|
252
|
22 |
|
return $this->hasDirectPermission($permission) || $this->hasPermissionViaRole($permission); |
253
|
|
|
} |
254
|
|
|
|
255
|
|
|
/** |
256
|
|
|
* Determine if the model has any of the given permissions. |
257
|
|
|
* |
258
|
|
|
* @param array ...$permissions |
259
|
|
|
* |
260
|
|
|
* @return bool |
261
|
|
|
* @throws \ReflectionException |
262
|
|
|
*/ |
263
|
8 |
|
public function hasAnyPermission(...$permissions): bool |
264
|
|
|
{ |
265
|
8 |
|
if (\is_array($permissions[0])) { |
266
|
6 |
|
$permissions = $permissions[0]; |
267
|
|
|
} |
268
|
|
|
|
269
|
8 |
|
foreach ($permissions as $permission) { |
270
|
8 |
|
if ($this->hasPermissionTo($permission)) { |
271
|
8 |
|
return true; |
272
|
|
|
} |
273
|
|
|
} |
274
|
|
|
|
275
|
5 |
|
return false; |
276
|
|
|
} |
277
|
|
|
|
278
|
|
|
/** |
279
|
|
|
* Determine if the model has, via roles, the given permission. |
280
|
|
|
* |
281
|
|
|
* @param Permission $permission |
282
|
|
|
* |
283
|
|
|
* @return bool |
284
|
|
|
*/ |
285
|
17 |
|
protected function hasPermissionViaRole(Permission $permission): bool |
286
|
|
|
{ |
287
|
17 |
|
return $this->hasRole($permission->roles); |
|
|
|
|
288
|
|
|
} |
289
|
|
|
|
290
|
|
|
/** |
291
|
|
|
* Determine if the model has the given permission. |
292
|
|
|
* |
293
|
|
|
* @param string|Permission $permission |
294
|
|
|
* |
295
|
|
|
* @return bool |
296
|
|
|
* @throws \ReflectionException |
297
|
|
|
*/ |
298
|
23 |
|
public function hasDirectPermission($permission): bool |
299
|
|
|
{ |
300
|
23 |
|
if (\is_string($permission)) { |
301
|
1 |
|
$permission = \app(Permission::class)->findByName($permission, $this->getDefaultGuardName()); |
302
|
|
|
} |
303
|
|
|
|
304
|
23 |
|
return $this->permissions->contains('id', $permission->id); |
305
|
|
|
} |
306
|
|
|
|
307
|
|
|
/** |
308
|
|
|
* Return all permissions the directory coupled to the model. |
309
|
|
|
*/ |
310
|
1 |
|
public function getDirectPermissions(): Collection |
311
|
|
|
{ |
312
|
1 |
|
return $this->permissions; |
313
|
|
|
} |
314
|
|
|
|
315
|
|
|
/** |
316
|
|
|
* Scope the model query to certain permissions only. |
317
|
|
|
* |
318
|
|
|
* @param Builder $query |
319
|
|
|
* @param string|array|Permission|Collection $permissions |
320
|
|
|
* |
321
|
|
|
* @return Builder |
322
|
|
|
*/ |
323
|
7 |
|
public function scopePermission(Builder $query, $permissions): Builder |
324
|
|
|
{ |
325
|
7 |
|
$permissions = $this->convertToPermissionModels($permissions); |
326
|
|
|
|
327
|
6 |
|
$roles = \collect([]); |
328
|
|
|
|
329
|
6 |
|
foreach ($permissions as $permission) { |
330
|
6 |
|
$roles = $roles->merge($permission->roles); |
331
|
|
|
} |
332
|
6 |
|
$roles = $roles->unique(); |
333
|
|
|
|
334
|
6 |
|
return $query->orWhereIn('permission_ids', $permissions->pluck('_id')) |
335
|
6 |
|
->orWhereIn('role_ids', $roles->pluck('_id')); |
336
|
|
|
} |
337
|
|
|
} |
338
|
|
|
|
This check looks for methods that are used by a trait but not required by it.
To illustrate, let’s look at the following code example
The trait
Idable
provides a methodequalsId
that in turn relies on the methodgetId()
. If this method does not exist on a class mixing in this trait, the method will fail.Adding the
getId()
as an abstract method to the trait will make sure it is available.