diff --git a/framework/core/migrations/2015_02_24_000000_create_permissions_table.php b/framework/core/migrations/2015_02_24_000000_create_permissions_table.php index 3169a0e1b..bd01c52c6 100644 --- a/framework/core/migrations/2015_02_24_000000_create_permissions_table.php +++ b/framework/core/migrations/2015_02_24_000000_create_permissions_table.php @@ -14,10 +14,9 @@ class CreatePermissionsTable extends Migration { { Schema::create('permissions', function($table) { - $table->string('grantee', 100); - $table->string('entity', 100); + $table->integer('group_id')->unsigned(); $table->string('permission', 100); - $table->primary(['grantee', 'entity', 'permission']); + $table->primary(['group_id', 'permission']); }); } diff --git a/framework/core/src/Core/CoreServiceProvider.php b/framework/core/src/Core/CoreServiceProvider.php index 6224f7d58..9ab64507f 100644 --- a/framework/core/src/Core/CoreServiceProvider.php +++ b/framework/core/src/Core/CoreServiceProvider.php @@ -3,7 +3,7 @@ use Illuminate\Bus\Dispatcher as Bus; use Illuminate\Contracts\Container\Container; use Illuminate\Contracts\Events\Dispatcher; -use Illuminate\Support\ServiceProvider; +use Flarum\Support\ServiceProvider; use Flarum\Core\Formatter\FormatterManager; use Flarum\Core\Models\CommentPost; use Flarum\Core\Models\Post; @@ -138,12 +138,20 @@ class CoreServiceProvider extends ServiceProvider public function registerPermissions() { + $this->permission('forum.view'); + $this->permission('forum.startDiscussion'); + $this->permission('discussion.rename'); + $this->permission('discussion.delete'); + $this->permission('discussion.reply'); + $this->permission('post.edit'); + $this->permission('post.delete'); + Forum::grantPermission(function ($grant, $user, $permission) { - return $user->hasPermission($permission, 'forum'); + return $user->hasPermission('forum.'.$permission); }); Post::grantPermission(function ($grant, $user, $permission) { - return $user->hasPermission($permission, 'post'); + return $user->hasPermission('post'.$permission); }); // Grant view access to a post only if the user can also view the @@ -161,19 +169,14 @@ class CoreServiceProvider extends ServiceProvider // Allow a user to edit their own post, unless it has been hidden by // someone else. Post::grantPermission('edit', function ($grant, $user) { - $grant->whereCan('editOwn') - ->where('user_id', $user->id); - }); - - Post::demandPermission('editOwn', function ($demand, $user) { - $demand->whereNull('hide_user_id'); - if ($user) { - $demand->orWhere('hide_user_id', $user->id); - } + $grant->where('user_id', $user->id) + ->whereNull('hide_user_id') + ->orWhere('hide_user_id', $user->id); + // @todo add limitations to time etc. according to a config setting }); User::grantPermission(function ($grant, $user, $permission) { - return $user->hasPermission($permission, 'forum'); + return $user->hasPermission('user.'.$permission); }); // Grant view access to a user if the user can view the forum. @@ -187,7 +190,7 @@ class CoreServiceProvider extends ServiceProvider }); Discussion::grantPermission(function ($grant, $user, $permission) { - return $user->hasPermission($permission, 'discussion'); + return $user->hasPermission('discussion.'.$permission); }); // Grant view access to a discussion if the user can view the forum. @@ -195,11 +198,10 @@ class CoreServiceProvider extends ServiceProvider $grant->whereCan('view', 'forum'); }); - // Allow a user to edit their own discussion. - Discussion::grantPermission('edit', function ($grant, $user) { - if ($user->hasPermission('editOwn', 'discussion')) { - $grant->where('start_user_id', $user->id); - } + // Allow a user to rename their own discussion. + Discussion::grantPermission('rename', function ($grant, $user) { + $grant->where('start_user_id', $user->id); + // @todo add limitations to time etc. according to a config setting }); } } diff --git a/framework/core/src/Core/Models/Permission.php b/framework/core/src/Core/Models/Permission.php index 22a876e04..33c7c6d80 100644 --- a/framework/core/src/Core/Models/Permission.php +++ b/framework/core/src/Core/Models/Permission.php @@ -2,4 +2,15 @@ class Permission extends Model { + protected static $permissions = []; + + public static function getPermissions() + { + return static::$permissions; + } + + public static function addPermission($permission) + { + static::$permissions[] = $permission; + } } diff --git a/framework/core/src/Core/Models/User.php b/framework/core/src/Core/Models/User.php index e1480cbea..957ff8a05 100755 --- a/framework/core/src/Core/Models/User.php +++ b/framework/core/src/Core/Models/User.php @@ -307,24 +307,6 @@ class User extends Model return $this; } - /** - * Get a list of the user's grantees according to their ID and groups. - * - * @return array - */ - public function getGrantees() - { - $grantees = ['group.'.GROUP::GUEST_ID]; // guests - if ($this->id) { - $grantees[] = 'user.'.$this->id; - } - foreach ($this->groups as $group) { - $grantees[] = 'group.'.$group->id; - } - - return $grantees; - } - /** * Check whether the user has a certain permission based on their groups. * @@ -332,13 +314,13 @@ class User extends Model * @param string $entity * @return boolean */ - public function hasPermission($permission, $entity) + public function hasPermission($permission) { if ($this->isAdmin()) { return true; } - $count = $this->permissions()->where('entity', $entity)->where('permission', $permission)->count(); + $count = $this->permissions()->where('permission', $permission)->count(); return (bool) $count; } @@ -468,7 +450,7 @@ class User extends Model */ public function permissions() { - return Permission::whereIn('grantee', $this->getGrantees()); + return Permission::whereIn('group_id', $this->groups()->lists('id')); } /** diff --git a/framework/core/src/Support/ServiceProvider.php b/framework/core/src/Support/ServiceProvider.php index 08501519f..8bc434a98 100644 --- a/framework/core/src/Support/ServiceProvider.php +++ b/framework/core/src/Support/ServiceProvider.php @@ -5,6 +5,7 @@ use Illuminate\Contracts\Events\Dispatcher; use Flarum\Core\Models\Notification; use Flarum\Core\Models\User; use Flarum\Core\Models\Post; +use Flarum\Core\Models\Permission; use Closure; class ServiceProvider extends IlluminateServiceProvider @@ -90,4 +91,9 @@ class ServiceProvider extends IlluminateServiceProvider } }); } + + protected function permission($permission) + { + Permission::addPermission($permission); + } }