mirror of
https://github.com/flarum/framework.git
synced 2024-12-11 21:43:38 +08:00
Simplify permissions and add API to register configurable ones
Lots of thought has gone into this; it will show up later when I do the admin permissions interface / category permissions :)
This commit is contained in:
parent
269b33438c
commit
20fbad77e8
|
@ -14,10 +14,9 @@ class CreatePermissionsTable extends Migration {
|
|||
{
|
||||
Schema::create('permissions', function($table)
|
||||
{
|
||||
$table->string('grantee', 100);
|
||||
$table->string('entity', 100);
|
||||
$table->integer('group_id')->unsigned();
|
||||
$table->string('permission', 100);
|
||||
$table->primary(['grantee', 'entity', 'permission']);
|
||||
$table->primary(['group_id', 'permission']);
|
||||
});
|
||||
}
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
use Illuminate\Bus\Dispatcher as Bus;
|
||||
use Illuminate\Contracts\Container\Container;
|
||||
use Illuminate\Contracts\Events\Dispatcher;
|
||||
use Illuminate\Support\ServiceProvider;
|
||||
use Flarum\Support\ServiceProvider;
|
||||
use Flarum\Core\Formatter\FormatterManager;
|
||||
use Flarum\Core\Models\CommentPost;
|
||||
use Flarum\Core\Models\Post;
|
||||
|
@ -138,12 +138,20 @@ class CoreServiceProvider extends ServiceProvider
|
|||
|
||||
public function registerPermissions()
|
||||
{
|
||||
$this->permission('forum.view');
|
||||
$this->permission('forum.startDiscussion');
|
||||
$this->permission('discussion.rename');
|
||||
$this->permission('discussion.delete');
|
||||
$this->permission('discussion.reply');
|
||||
$this->permission('post.edit');
|
||||
$this->permission('post.delete');
|
||||
|
||||
Forum::grantPermission(function ($grant, $user, $permission) {
|
||||
return $user->hasPermission($permission, 'forum');
|
||||
return $user->hasPermission('forum.'.$permission);
|
||||
});
|
||||
|
||||
Post::grantPermission(function ($grant, $user, $permission) {
|
||||
return $user->hasPermission($permission, 'post');
|
||||
return $user->hasPermission('post'.$permission);
|
||||
});
|
||||
|
||||
// Grant view access to a post only if the user can also view the
|
||||
|
@ -161,19 +169,14 @@ class CoreServiceProvider extends ServiceProvider
|
|||
// Allow a user to edit their own post, unless it has been hidden by
|
||||
// someone else.
|
||||
Post::grantPermission('edit', function ($grant, $user) {
|
||||
$grant->whereCan('editOwn')
|
||||
->where('user_id', $user->id);
|
||||
});
|
||||
|
||||
Post::demandPermission('editOwn', function ($demand, $user) {
|
||||
$demand->whereNull('hide_user_id');
|
||||
if ($user) {
|
||||
$demand->orWhere('hide_user_id', $user->id);
|
||||
}
|
||||
$grant->where('user_id', $user->id)
|
||||
->whereNull('hide_user_id')
|
||||
->orWhere('hide_user_id', $user->id);
|
||||
// @todo add limitations to time etc. according to a config setting
|
||||
});
|
||||
|
||||
User::grantPermission(function ($grant, $user, $permission) {
|
||||
return $user->hasPermission($permission, 'forum');
|
||||
return $user->hasPermission('user.'.$permission);
|
||||
});
|
||||
|
||||
// Grant view access to a user if the user can view the forum.
|
||||
|
@ -187,7 +190,7 @@ class CoreServiceProvider extends ServiceProvider
|
|||
});
|
||||
|
||||
Discussion::grantPermission(function ($grant, $user, $permission) {
|
||||
return $user->hasPermission($permission, 'discussion');
|
||||
return $user->hasPermission('discussion.'.$permission);
|
||||
});
|
||||
|
||||
// Grant view access to a discussion if the user can view the forum.
|
||||
|
@ -195,11 +198,10 @@ class CoreServiceProvider extends ServiceProvider
|
|||
$grant->whereCan('view', 'forum');
|
||||
});
|
||||
|
||||
// Allow a user to edit their own discussion.
|
||||
Discussion::grantPermission('edit', function ($grant, $user) {
|
||||
if ($user->hasPermission('editOwn', 'discussion')) {
|
||||
$grant->where('start_user_id', $user->id);
|
||||
}
|
||||
// Allow a user to rename their own discussion.
|
||||
Discussion::grantPermission('rename', function ($grant, $user) {
|
||||
$grant->where('start_user_id', $user->id);
|
||||
// @todo add limitations to time etc. according to a config setting
|
||||
});
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,4 +2,15 @@
|
|||
|
||||
class Permission extends Model
|
||||
{
|
||||
protected static $permissions = [];
|
||||
|
||||
public static function getPermissions()
|
||||
{
|
||||
return static::$permissions;
|
||||
}
|
||||
|
||||
public static function addPermission($permission)
|
||||
{
|
||||
static::$permissions[] = $permission;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -307,24 +307,6 @@ class User extends Model
|
|||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get a list of the user's grantees according to their ID and groups.
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function getGrantees()
|
||||
{
|
||||
$grantees = ['group.'.GROUP::GUEST_ID]; // guests
|
||||
if ($this->id) {
|
||||
$grantees[] = 'user.'.$this->id;
|
||||
}
|
||||
foreach ($this->groups as $group) {
|
||||
$grantees[] = 'group.'.$group->id;
|
||||
}
|
||||
|
||||
return $grantees;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check whether the user has a certain permission based on their groups.
|
||||
*
|
||||
|
@ -332,13 +314,13 @@ class User extends Model
|
|||
* @param string $entity
|
||||
* @return boolean
|
||||
*/
|
||||
public function hasPermission($permission, $entity)
|
||||
public function hasPermission($permission)
|
||||
{
|
||||
if ($this->isAdmin()) {
|
||||
return true;
|
||||
}
|
||||
|
||||
$count = $this->permissions()->where('entity', $entity)->where('permission', $permission)->count();
|
||||
$count = $this->permissions()->where('permission', $permission)->count();
|
||||
|
||||
return (bool) $count;
|
||||
}
|
||||
|
@ -468,7 +450,7 @@ class User extends Model
|
|||
*/
|
||||
public function permissions()
|
||||
{
|
||||
return Permission::whereIn('grantee', $this->getGrantees());
|
||||
return Permission::whereIn('group_id', $this->groups()->lists('id'));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -5,6 +5,7 @@ use Illuminate\Contracts\Events\Dispatcher;
|
|||
use Flarum\Core\Models\Notification;
|
||||
use Flarum\Core\Models\User;
|
||||
use Flarum\Core\Models\Post;
|
||||
use Flarum\Core\Models\Permission;
|
||||
use Closure;
|
||||
|
||||
class ServiceProvider extends IlluminateServiceProvider
|
||||
|
@ -90,4 +91,9 @@ class ServiceProvider extends IlluminateServiceProvider
|
|||
}
|
||||
});
|
||||
}
|
||||
|
||||
protected function permission($permission)
|
||||
{
|
||||
Permission::addPermission($permission);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user