2018-09-25 19:30:50 +08:00
|
|
|
<?php namespace BookStack\Auth;
|
|
|
|
|
|
|
|
use BookStack\Auth\Permissions\JointPermission;
|
2019-02-04 01:34:15 +08:00
|
|
|
use BookStack\Auth\Permissions\RolePermission;
|
2018-09-25 19:30:50 +08:00
|
|
|
use BookStack\Model;
|
2015-08-29 22:03:42 +08:00
|
|
|
|
2019-11-16 23:24:09 +08:00
|
|
|
/**
|
|
|
|
* Class Role
|
|
|
|
* @property string $display_name
|
|
|
|
* @property string $description
|
|
|
|
* @property string $external_auth_id
|
|
|
|
* @package BookStack\Auth
|
|
|
|
*/
|
2015-08-29 22:03:42 +08:00
|
|
|
class Role extends Model
|
|
|
|
{
|
2016-02-28 03:24:42 +08:00
|
|
|
|
2018-07-16 02:34:42 +08:00
|
|
|
protected $fillable = ['display_name', 'description', 'external_auth_id'];
|
2015-09-06 00:42:05 +08:00
|
|
|
|
2015-08-29 22:03:42 +08:00
|
|
|
/**
|
|
|
|
* The roles that belong to the role.
|
|
|
|
*/
|
|
|
|
public function users()
|
|
|
|
{
|
2019-02-04 01:34:15 +08:00
|
|
|
return $this->belongsToMany(User::class)->orderBy('name', 'asc');
|
2015-08-29 22:03:42 +08:00
|
|
|
}
|
|
|
|
|
2016-04-24 23:54:20 +08:00
|
|
|
/**
|
2016-05-02 04:20:50 +08:00
|
|
|
* Get all related JointPermissions.
|
2016-04-24 23:54:20 +08:00
|
|
|
* @return \Illuminate\Database\Eloquent\Relations\HasMany
|
|
|
|
*/
|
2016-05-02 04:20:50 +08:00
|
|
|
public function jointPermissions()
|
2016-04-24 23:54:20 +08:00
|
|
|
{
|
2016-05-02 04:20:50 +08:00
|
|
|
return $this->hasMany(JointPermission::class);
|
2016-04-24 23:54:20 +08:00
|
|
|
}
|
|
|
|
|
2015-08-29 22:03:42 +08:00
|
|
|
/**
|
2016-05-02 04:20:50 +08:00
|
|
|
* The RolePermissions that belong to the role.
|
2015-08-29 22:03:42 +08:00
|
|
|
*/
|
|
|
|
public function permissions()
|
|
|
|
{
|
2019-02-04 01:34:15 +08:00
|
|
|
return $this->belongsToMany(RolePermission::class, 'permission_role', 'role_id', 'permission_id');
|
2015-08-29 22:03:42 +08:00
|
|
|
}
|
|
|
|
|
2016-02-28 03:24:42 +08:00
|
|
|
/**
|
|
|
|
* Check if this role has a permission.
|
2016-05-01 00:16:06 +08:00
|
|
|
* @param $permissionName
|
|
|
|
* @return bool
|
2016-02-28 03:24:42 +08:00
|
|
|
*/
|
2016-05-01 00:16:06 +08:00
|
|
|
public function hasPermission($permissionName)
|
2016-02-28 03:24:42 +08:00
|
|
|
{
|
2016-05-01 00:16:06 +08:00
|
|
|
$permissions = $this->getRelationValue('permissions');
|
|
|
|
foreach ($permissions as $permission) {
|
2018-01-29 00:58:52 +08:00
|
|
|
if ($permission->getRawAttribute('name') === $permissionName) {
|
|
|
|
return true;
|
|
|
|
}
|
2016-05-01 00:16:06 +08:00
|
|
|
}
|
|
|
|
return false;
|
2016-02-28 03:24:42 +08:00
|
|
|
}
|
|
|
|
|
2015-08-29 22:03:42 +08:00
|
|
|
/**
|
|
|
|
* Add a permission to this role.
|
2019-02-04 01:34:15 +08:00
|
|
|
* @param RolePermission $permission
|
2015-08-29 22:03:42 +08:00
|
|
|
*/
|
2019-02-04 01:34:15 +08:00
|
|
|
public function attachPermission(RolePermission $permission)
|
2015-08-29 22:03:42 +08:00
|
|
|
{
|
|
|
|
$this->permissions()->attach($permission->id);
|
|
|
|
}
|
|
|
|
|
2016-04-09 19:37:58 +08:00
|
|
|
/**
|
|
|
|
* Detach a single permission from this role.
|
2019-02-04 01:34:15 +08:00
|
|
|
* @param RolePermission $permission
|
2016-04-09 19:37:58 +08:00
|
|
|
*/
|
2019-02-04 01:34:15 +08:00
|
|
|
public function detachPermission(RolePermission $permission)
|
2016-04-09 19:37:58 +08:00
|
|
|
{
|
2019-12-31 03:42:46 +08:00
|
|
|
$this->permissions()->detach([$permission->id]);
|
2016-04-09 19:37:58 +08:00
|
|
|
}
|
|
|
|
|
2016-01-02 22:48:35 +08:00
|
|
|
/**
|
|
|
|
* Get the role object for the specified role.
|
|
|
|
* @param $roleName
|
2016-09-30 00:07:58 +08:00
|
|
|
* @return Role
|
2016-01-02 22:48:35 +08:00
|
|
|
*/
|
|
|
|
public static function getRole($roleName)
|
|
|
|
{
|
2019-10-05 19:55:01 +08:00
|
|
|
return static::query()->where('name', '=', $roleName)->first();
|
2015-09-06 00:42:05 +08:00
|
|
|
}
|
2016-05-02 02:36:53 +08:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Get the role object for the specified system role.
|
|
|
|
* @param $roleName
|
2016-09-30 00:07:58 +08:00
|
|
|
* @return Role
|
2016-05-02 02:36:53 +08:00
|
|
|
*/
|
|
|
|
public static function getSystemRole($roleName)
|
|
|
|
{
|
2019-10-05 19:55:01 +08:00
|
|
|
return static::query()->where('system_name', '=', $roleName)->first();
|
2016-05-02 02:36:53 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2016-05-02 04:20:50 +08:00
|
|
|
* Get all visible roles
|
2016-05-02 02:36:53 +08:00
|
|
|
* @return mixed
|
|
|
|
*/
|
|
|
|
public static function visible()
|
|
|
|
{
|
2019-10-05 19:55:01 +08:00
|
|
|
return static::query()->where('hidden', '=', false)->orderBy('name')->get();
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Get the roles that can be restricted.
|
|
|
|
* @return \Illuminate\Database\Eloquent\Builder[]|\Illuminate\Database\Eloquent\Collection
|
|
|
|
*/
|
|
|
|
public static function restrictable()
|
|
|
|
{
|
|
|
|
return static::query()->where('system_name', '!=', 'admin')->get();
|
2016-05-02 02:36:53 +08:00
|
|
|
}
|
2015-08-29 22:03:42 +08:00
|
|
|
}
|