github-mirror/framework
2
0
Fork 0
mirror of https://github.com/flarum/framework.git synced 2024-12-12 14:13:37 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Simplify permissions and add API to register configurable ones

Browse Source 
Lots of thought has gone into this; it will show up later when I do the
admin permissions interface / category permissions :)
This commit is contained in:
Toby Zerner 2015-05-15 17:05:46 +09:30
parent 269b33438c
commit 20fbad77e8
5 changed files with 43 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
framework/core/migrations/2015_02_24_000000_create_permissions_table.php
View File

@ -14,10 +14,9 @@ class CreatePermissionsTable extends Migration {
{ {
Schema::create('permissions', function($table) Schema::create('permissions', function($table)
{ {
$table->string('grantee', 100); $table->integer('group_id')->unsigned();
$table->string('entity', 100);
$table->string('permission', 100); $table->string('permission', 100);
$table->primary(['grantee', 'entity', 'permission']); $table->primary(['group_id', 'permission']);
}); });
} }

38
framework/core/src/Core/CoreServiceProvider.php
View File

@ -3,7 +3,7 @@
use Illuminate\Bus\Dispatcher as Bus; use Illuminate\Bus\Dispatcher as Bus;
use Illuminate\Contracts\Container\Container; use Illuminate\Contracts\Container\Container;
use Illuminate\Contracts\Events\Dispatcher; use Illuminate\Contracts\Events\Dispatcher;
use Illuminate\Support\ServiceProvider; use Flarum\Support\ServiceProvider;
use Flarum\Core\Formatter\FormatterManager; use Flarum\Core\Formatter\FormatterManager;
use Flarum\Core\Models\CommentPost; use Flarum\Core\Models\CommentPost;
use Flarum\Core\Models\Post; use Flarum\Core\Models\Post;
@ -138,12 +138,20 @@ class CoreServiceProvider extends ServiceProvider
public function registerPermissions() public function registerPermissions()
{ {
$this->permission('forum.view');
$this->permission('forum.startDiscussion');
$this->permission('discussion.rename');
$this->permission('discussion.delete');
$this->permission('discussion.reply');
$this->permission('post.edit');
$this->permission('post.delete');
Forum::grantPermission(function ($grant, $user, $permission) { Forum::grantPermission(function ($grant, $user, $permission) {
return $user->hasPermission($permission, 'forum'); return $user->hasPermission('forum.'.$permission);
}); });
Post::grantPermission(function ($grant, $user, $permission) { Post::grantPermission(function ($grant, $user, $permission) {
return $user->hasPermission($permission, 'post'); return $user->hasPermission('post'.$permission);
}); });
// Grant view access to a post only if the user can also view the // Grant view access to a post only if the user can also view the
@ -161,19 +169,14 @@ class CoreServiceProvider extends ServiceProvider
// Allow a user to edit their own post, unless it has been hidden by // Allow a user to edit their own post, unless it has been hidden by
// someone else. // someone else.
Post::grantPermission('edit', function ($grant, $user) { Post::grantPermission('edit', function ($grant, $user) {
$grant->whereCan('editOwn') $grant->where('user_id', $user->id)
->where('user_id', $user->id); ->whereNull('hide_user_id')
}); ->orWhere('hide_user_id', $user->id);
// @todo add limitations to time etc. according to a config setting
Post::demandPermission('editOwn', function ($demand, $user) {
$demand->whereNull('hide_user_id');
if ($user) {
$demand->orWhere('hide_user_id', $user->id);
}
}); });
User::grantPermission(function ($grant, $user, $permission) { User::grantPermission(function ($grant, $user, $permission) {
return $user->hasPermission($permission, 'forum'); return $user->hasPermission('user.'.$permission);
}); });
// Grant view access to a user if the user can view the forum. // Grant view access to a user if the user can view the forum.
@ -187,7 +190,7 @@ class CoreServiceProvider extends ServiceProvider
}); });
Discussion::grantPermission(function ($grant, $user, $permission) { Discussion::grantPermission(function ($grant, $user, $permission) {
return $user->hasPermission($permission, 'discussion'); return $user->hasPermission('discussion.'.$permission);
}); });
// Grant view access to a discussion if the user can view the forum. // Grant view access to a discussion if the user can view the forum.
@ -195,11 +198,10 @@ class CoreServiceProvider extends ServiceProvider
$grant->whereCan('view', 'forum'); $grant->whereCan('view', 'forum');
}); });
// Allow a user to edit their own discussion. // Allow a user to rename their own discussion.
Discussion::grantPermission('edit', function ($grant, $user) { Discussion::grantPermission('rename', function ($grant, $user) {
if ($user->hasPermission('editOwn', 'discussion')) {
$grant->where('start_user_id', $user->id); $grant->where('start_user_id', $user->id);
} // @todo add limitations to time etc. according to a config setting
}); });
} }
} }

11
framework/core/src/Core/Models/Permission.php
View File

@ -2,4 +2,15 @@
class Permission extends Model class Permission extends Model
{ {
protected static $permissions = [];
public static function getPermissions()
{
return static::$permissions;
}
public static function addPermission($permission)
{
static::$permissions[] = $permission;
}
} }

24
framework/core/src/Core/Models/User.php
View File

@ -307,24 +307,6 @@ class User extends Model
return $this; return $this;
} }
/**
* Get a list of the user's grantees according to their ID and groups.
*
* @return array
*/
public function getGrantees()
{
$grantees = ['group.'.GROUP::GUEST_ID]; // guests
if ($this->id) {
$grantees[] = 'user.'.$this->id;
}
foreach ($this->groups as $group) {
$grantees[] = 'group.'.$group->id;
}
return $grantees;
}
/** /**
* Check whether the user has a certain permission based on their groups. * Check whether the user has a certain permission based on their groups.
* *
@ -332,13 +314,13 @@ class User extends Model
* @param string $entity * @param string $entity
* @return boolean * @return boolean
*/ */
public function hasPermission($permission, $entity) public function hasPermission($permission)
{ {
if ($this->isAdmin()) { if ($this->isAdmin()) {
return true; return true;
} }
$count = $this->permissions()->where('entity', $entity)->where('permission', $permission)->count(); $count = $this->permissions()->where('permission', $permission)->count();
return (bool) $count; return (bool) $count;
} }
@ -468,7 +450,7 @@ class User extends Model
*/ */
public function permissions() public function permissions()
{ {
return Permission::whereIn('grantee', $this->getGrantees()); return Permission::whereIn('group_id', $this->groups()->lists('id'));
} }
/** /**

6
framework/core/src/Support/ServiceProvider.php
View File

@ -5,6 +5,7 @@ use Illuminate\Contracts\Events\Dispatcher;
use Flarum\Core\Models\Notification; use Flarum\Core\Models\Notification;
use Flarum\Core\Models\User; use Flarum\Core\Models\User;
use Flarum\Core\Models\Post; use Flarum\Core\Models\Post;
use Flarum\Core\Models\Permission;
use Closure; use Closure;
class ServiceProvider extends IlluminateServiceProvider class ServiceProvider extends IlluminateServiceProvider
@ -90,4 +91,9 @@ class ServiceProvider extends IlluminateServiceProvider
} }
}); });
} }
protected function permission($permission)
{
Permission::addPermission($permission);
}
} }