mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-11-26 18:30:50 +08:00
183 lines
5.7 KiB
PHP
183 lines
5.7 KiB
PHP
<?php
|
|
|
|
namespace BookStack\Http\Controllers;
|
|
|
|
use BookStack\Permission;
|
|
use BookStack\Role;
|
|
use Illuminate\Http\Request;
|
|
use BookStack\Http\Requests;
|
|
|
|
class PermissionController extends Controller
|
|
{
|
|
|
|
protected $role;
|
|
protected $permission;
|
|
|
|
/**
|
|
* PermissionController constructor.
|
|
* @param Role $role
|
|
* @param Permission $permission
|
|
* @internal param $user
|
|
*/
|
|
public function __construct(Role $role, Permission $permission)
|
|
{
|
|
$this->role = $role;
|
|
$this->permission = $permission;
|
|
parent::__construct();
|
|
}
|
|
|
|
/**
|
|
* Show a listing of the roles in the system.
|
|
*/
|
|
public function listRoles()
|
|
{
|
|
$this->checkPermission('user-roles-manage');
|
|
$roles = $this->role->all();
|
|
return view('settings/roles/index', ['roles' => $roles]);
|
|
}
|
|
|
|
/**
|
|
* Show the form to create a new role
|
|
* @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
|
|
*/
|
|
public function createRole()
|
|
{
|
|
$this->checkPermission('user-roles-manage');
|
|
return view('settings/roles/create');
|
|
}
|
|
|
|
/**
|
|
* Store a new role in the system.
|
|
* @param Request $request
|
|
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
|
|
*/
|
|
public function storeRole(Request $request)
|
|
{
|
|
$this->checkPermission('user-roles-manage');
|
|
$this->validate($request, [
|
|
'display_name' => 'required|min:3|max:200',
|
|
'description' => 'max:250'
|
|
]);
|
|
|
|
$role = $this->role->newInstance($request->all());
|
|
$role->name = str_replace(' ', '-', strtolower($request->get('display_name')));
|
|
// Prevent duplicate names
|
|
while ($this->role->where('name', '=', $role->name)->count() > 0) {
|
|
$role->name .= strtolower(str_random(2));
|
|
}
|
|
$role->save();
|
|
|
|
if ($request->has('permissions')) {
|
|
$permissionsNames = array_keys($request->get('permissions'));
|
|
$permissions = $this->permission->whereIn('name', $permissionsNames)->pluck('id')->toArray();
|
|
$role->permissions()->sync($permissions);
|
|
} else {
|
|
$role->permissions()->sync([]);
|
|
}
|
|
|
|
session()->flash('success', 'Role successfully created');
|
|
return redirect('/settings/roles');
|
|
}
|
|
|
|
/**
|
|
* Show the form for editing a user role.
|
|
* @param $id
|
|
* @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
|
|
*/
|
|
public function editRole($id)
|
|
{
|
|
$this->checkPermission('user-roles-manage');
|
|
$role = $this->role->findOrFail($id);
|
|
return view('settings/roles/edit', ['role' => $role]);
|
|
}
|
|
|
|
/**
|
|
* Updates a user role.
|
|
* @param $id
|
|
* @param Request $request
|
|
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
|
|
*/
|
|
public function updateRole($id, Request $request)
|
|
{
|
|
$this->checkPermission('user-roles-manage');
|
|
$this->validate($request, [
|
|
'display_name' => 'required|min:3|max:200',
|
|
'description' => 'max:250'
|
|
]);
|
|
|
|
$role = $this->role->findOrFail($id);
|
|
if ($request->has('permissions')) {
|
|
$permissionsNames = array_keys($request->get('permissions'));
|
|
$permissions = $this->permission->whereIn('name', $permissionsNames)->pluck('id')->toArray();
|
|
$role->permissions()->sync($permissions);
|
|
} else {
|
|
$role->permissions()->sync([]);
|
|
}
|
|
|
|
// Ensure admin account always has all permissions
|
|
if ($role->name === 'admin') {
|
|
$permissions = $this->permission->all()->pluck('id')->toArray();
|
|
$role->permissions()->sync($permissions);
|
|
}
|
|
|
|
$role->fill($request->all());
|
|
$role->save();
|
|
|
|
session()->flash('success', 'Role successfully updated');
|
|
return redirect('/settings/roles');
|
|
}
|
|
|
|
/**
|
|
* Show the view to delete a role.
|
|
* Offers the chance to migrate users.
|
|
* @param $id
|
|
* @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
|
|
*/
|
|
public function showDeleteRole($id)
|
|
{
|
|
$this->checkPermission('user-roles-manage');
|
|
$role = $this->role->findOrFail($id);
|
|
$roles = $this->role->where('id', '!=', $id)->get();
|
|
$blankRole = $this->role->newInstance(['display_name' => 'Don\'t migrate users']);
|
|
$roles->prepend($blankRole);
|
|
return view('settings/roles/delete', ['role' => $role, 'roles' => $roles]);
|
|
}
|
|
|
|
/**
|
|
* Delete a role from the system,
|
|
* Migrate from a previous role if set.
|
|
* @param $id
|
|
* @param Request $request
|
|
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
|
|
*/
|
|
public function deleteRole($id, Request $request)
|
|
{
|
|
$this->checkPermission('user-roles-manage');
|
|
$role = $this->role->findOrFail($id);
|
|
|
|
// Prevent deleting admin role
|
|
if ($role->name === 'admin') {
|
|
session()->flash('error', 'The admin role cannot be deleted');
|
|
return redirect()->back();
|
|
}
|
|
|
|
if ($role->id == \Setting::get('registration-role')) {
|
|
session()->flash('error', 'This role cannot be deleted while set as the default registration role.');
|
|
return redirect()->back();
|
|
}
|
|
|
|
if ($request->has('migration_role_id')) {
|
|
$newRole = $this->role->find($request->get('migration_role_id'));
|
|
if ($newRole) {
|
|
$users = $role->users->pluck('id')->toArray();
|
|
$newRole->users()->sync($users);
|
|
}
|
|
}
|
|
|
|
$role->delete();
|
|
|
|
session()->flash('success', 'Role successfully deleted');
|
|
return redirect('/settings/roles');
|
|
}
|
|
}
|