github-mirror/framework
2
0
Fork 0
mirror of https://github.com/flarum/framework.git synced 2024-12-03 15:43:59 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Simplify permissions and add API to register configurable ones

Browse Source 
Lots of thought has gone into this; it will show up later when I do the
admin permissions interface / category permissions :)
This commit is contained in:
Toby Zerner 2015-05-15 17:05:46 +09:30
parent 269b33438c
commit 20fbad77e8
5 changed files with 43 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
framework/core/migrations/2015_02_24_000000_create_permissions_table.php
View File

@ -14,10 +14,9 @@ class CreatePermissionsTable extends Migration {
{
Schema::create('permissions', function($table)
{
$table->string('grantee', 100);
$table->string('entity', 100);
$table->integer('group_id')->unsigned();
$table->string('permission', 100);
$table->primary(['grantee', 'entity', 'permission']);
$table->primary(['group_id', 'permission']);
});
}

40
framework/core/src/Core/CoreServiceProvider.php
View File

@ -3,7 +3,7 @@
use Illuminate\Bus\Dispatcher as Bus;
use Illuminate\Contracts\Container\Container;
use Illuminate\Contracts\Events\Dispatcher;
use Illuminate\Support\ServiceProvider;
use Flarum\Support\ServiceProvider;
use Flarum\Core\Formatter\FormatterManager;
use Flarum\Core\Models\CommentPost;
use Flarum\Core\Models\Post;
@ -138,12 +138,20 @@ class CoreServiceProvider extends ServiceProvider
public function registerPermissions()
{
$this->permission('forum.view');
$this->permission('forum.startDiscussion');
$this->permission('discussion.rename');
$this->permission('discussion.delete');
$this->permission('discussion.reply');
$this->permission('post.edit');
$this->permission('post.delete');
Forum::grantPermission(function ($grant, $user, $permission) {
return $user->hasPermission($permission, 'forum');
return $user->hasPermission('forum.'.$permission);
});
Post::grantPermission(function ($grant, $user, $permission) {
return $user->hasPermission($permission, 'post');
return $user->hasPermission('post'.$permission);
});
// Grant view access to a post only if the user can also view the
@ -161,19 +169,14 @@ class CoreServiceProvider extends ServiceProvider
// Allow a user to edit their own post, unless it has been hidden by
// someone else.
Post::grantPermission('edit', function ($grant, $user) {
$grant->whereCan('editOwn')
->where('user_id', $user->id);
});
Post::demandPermission('editOwn', function ($demand, $user) {
$demand->whereNull('hide_user_id');
if ($user) {
$demand->orWhere('hide_user_id', $user->id);
}
$grant->where('user_id', $user->id)
->whereNull('hide_user_id')
->orWhere('hide_user_id', $user->id);
// @todo add limitations to time etc. according to a config setting
});
User::grantPermission(function ($grant, $user, $permission) {
return $user->hasPermission($permission, 'forum');
return $user->hasPermission('user.'.$permission);
});
// Grant view access to a user if the user can view the forum.
@ -187,7 +190,7 @@ class CoreServiceProvider extends ServiceProvider
});
Discussion::grantPermission(function ($grant, $user, $permission) {
return $user->hasPermission($permission, 'discussion');
return $user->hasPermission('discussion.'.$permission);
});
// Grant view access to a discussion if the user can view the forum.
@ -195,11 +198,10 @@ class CoreServiceProvider extends ServiceProvider
$grant->whereCan('view', 'forum');
});
// Allow a user to edit their own discussion.
Discussion::grantPermission('edit', function ($grant, $user) {
if ($user->hasPermission('editOwn', 'discussion')) {
$grant->where('start_user_id', $user->id);
}
// Allow a user to rename their own discussion.
Discussion::grantPermission('rename', function ($grant, $user) {
$grant->where('start_user_id', $user->id);
// @todo add limitations to time etc. according to a config setting
});
}
}

11
framework/core/src/Core/Models/Permission.php
View File

@ -2,4 +2,15 @@
class Permission extends Model
{
protected static $permissions = [];
public static function getPermissions()
{
return static::$permissions;
}
public static function addPermission($permission)
{
static::$permissions[] = $permission;
}
}

24
framework/core/src/Core/Models/User.php
View File

@ -307,24 +307,6 @@ class User extends Model
return $this;
}
/**
* Get a list of the user's grantees according to their ID and groups.
*
* @return array
*/
public function getGrantees()
{
$grantees = ['group.'.GROUP::GUEST_ID]; // guests
if ($this->id) {
$grantees[] = 'user.'.$this->id;
}
foreach ($this->groups as $group) {
$grantees[] = 'group.'.$group->id;
}
return $grantees;
}
/**
* Check whether the user has a certain permission based on their groups.
*
@ -332,13 +314,13 @@ class User extends Model
* @param string $entity
* @return boolean
*/
public function hasPermission($permission, $entity)
public function hasPermission($permission)
{
if ($this->isAdmin()) {
return true;
}
$count = $this->permissions()->where('entity', $entity)->where('permission', $permission)->count();
$count = $this->permissions()->where('permission', $permission)->count();
return (bool) $count;
}
@ -468,7 +450,7 @@ class User extends Model
*/
public function permissions()
{
return Permission::whereIn('grantee', $this->getGrantees());
return Permission::whereIn('group_id', $this->groups()->lists('id'));
}
/**

6
framework/core/src/Support/ServiceProvider.php
View File

@ -5,6 +5,7 @@ use Illuminate\Contracts\Events\Dispatcher;
use Flarum\Core\Models\Notification;
use Flarum\Core\Models\User;
use Flarum\Core\Models\Post;
use Flarum\Core\Models\Permission;
use Closure;
class ServiceProvider extends IlluminateServiceProvider
@ -90,4 +91,9 @@ class ServiceProvider extends IlluminateServiceProvider
}
});
}
protected function permission($permission)
{
Permission::addPermission($permission);
}
}