Skip to content

Commit

Permalink
Limit teamowners to only be able to give permissions at or beneath th…
Browse files Browse the repository at this point in the history 
…eir own
  • Loading branch information
@mikebronner
mikebronner committed Jun 11, 2019
1 parent 43ac267 commit 92a1c35
Show file tree
Hide file tree
Showing 5 changed files with 90 additions and 11 deletions.
2 changes: 1 addition & 1 deletion dist/js/tool.js
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion dist/mix-manifest.json
View file
@@ -1,5 +1,5 @@
{
"/js/tool.js": "/js/tool.js?id=3116c8e27a9dcdbcf858",
"/js/tool.js": "/js/tool.js?id=8bb7882418fee4ece035",
"/css/tool.css": "/css/tool.css?id=d41d8cd98f00b204e980",
"/css/vue-multiselect.min.css": "/css/vue-multiselect.min.css?id=fbccbb35c9587cb838a3"
}
62 changes: 53 additions & 9 deletions resources/js/components/PermissionsTool.vue
View file
Expand Up @@ -14,23 +14,67 @@ export default {
],
permissions: [],
permissionsIsLoading: true,
selectOptions: [
anySelectOptions: [
"own",
"any",
"no",
],
ownSelectOptions: [
"own",
"no",
],
noSelectOptions: [
"no",
],
};
},
created: function () {
this.loadPermissions();
this.loadTeamOwnerPermissions();
},
mounted: function () {
//
},
methods: {
getOptionsFor: function (action, entity) {
var effectivePermission = _.filter(this.ownerPermissions, function (permission) {
return permission.action_name == action
&& permission.entity_name == entity;
})[0];
if (((effectivePermission || {}).ownership_name || "") == "any") {
if (effectivePermission.action_name == "create"
|| effectivePermission.action_name == "viewAny"
) {
return this.binarySelectOptions;
}
return this.anySelectOptions;
}
if (((effectivePermission || {}).ownership_name || "") == "own") {
return this.ownSelectOptions;
}
return this.noSelectOptions;
},
loadTeamOwnerPermissions: function () {
var self = this;
Nova.request()
.get("/genealabs/laravel-governor/nova/permissions?owner=yes&filter=team_id&value=" + this.resourceId)
.then(function (response) {
self.ownerPermissions = Object.assign({}, response.data);
self.loadPermissions();
})
.catch(function (error) {
console.error(error.response);
});
},
loadPermissions: function () {
var self = this;
Expand Down Expand Up @@ -135,7 +179,7 @@ export default {
<td>
<multiselect
v-model="permissions[groupName][name]['create']"
:options="binarySelectOptions"
:options="getOptionsFor('create', name)"
select-label=""
deselect-label=""
selected-label=""
Expand All @@ -148,7 +192,7 @@ export default {
<td>
<multiselect
v-model="permissions[groupName][name]['viewAny']"
:options="selectOptions"
:options="getOptionsFor('viewAny', name)"
select-label=""
deselect-label=""
selected-label=""
Expand All @@ -161,7 +205,7 @@ export default {
<td>
<multiselect
v-model="permissions[groupName][name]['view']"
:options="selectOptions"
:options="getOptionsFor('view', name)"
select-label=""
deselect-label=""
selected-label=""
Expand All @@ -174,7 +218,7 @@ export default {
<td>
<multiselect
v-model="permissions[groupName][name]['update']"
:options="selectOptions"
:options="getOptionsFor('update', name)"
select-label=""
deselect-label=""
selected-label=""
Expand All @@ -187,7 +231,7 @@ export default {
<td>
<multiselect
v-model="permissions[groupName][name]['delete']"
:options="selectOptions"
:options="getOptionsFor('delete', name)"
select-label=""
deselect-label=""
selected-label=""
Expand All @@ -200,7 +244,7 @@ export default {
<td>
<multiselect
v-model="permissions[groupName][name]['restore']"
:options="selectOptions"
:options="getOptionsFor('restore', name)"
select-label=""
deselect-label=""
selected-label=""
Expand All @@ -213,7 +257,7 @@ export default {
<td>
<multiselect
v-model="permissions[groupName][name]['forceDelete']"
:options="selectOptions"
:options="getOptionsFor('forceDelete', name)"
select-label=""
deselect-label=""
selected-label=""
Expand Down
8 changes: 8 additions & 0 deletions src/Http/Controllers/Nova/PermissionController.php
View file
Expand Up @@ -26,6 +26,14 @@ public function index() : array
}
})
->first();

if (request("owner") === "yes") {
return $permissible
->ownedBy
->effectivePermissions
->toArray();
}

$gate = app('Illuminate\Contracts\Auth\Access\Gate');
$reflectedGate = new \ReflectionObject($gate);
$policies = $reflectedGate->getProperty("policies");
Expand Down
27 changes: 27 additions & 0 deletions src/Traits/Governing.php
View file
Expand Up @@ -61,4 +61,31 @@ public function getPermissionsAttribute() : Collection

return (new $permissionClass)->whereIn('role_name', $roleNames)->get();
}

public function getEffectivePermissionsAttribute() : Collection
{
$results = collect();
$groupedPermissions = $this->permissions
->groupBy(function ($permission) {
return $permission->entity_name . "|" . $permission->action_name;
});

foreach ($groupedPermissions as $entityAction => $permissions) {
$permission = $permissions->first();
$permission->role_name = null;
$permission->team_name = null;

if ($permissions->pluck("ownership_name")->contains("any")) {
$permission->ownership_name = "any";
$results = $results->push($permission);
}

if ($permissions->pluck("ownership_name")->contains("own")) {
$permission->ownership_name = "any";
$results = $results->push($permission);
}
}

return $results;
}
}

0 comments on commit 92a1c35

Please sign in to comment.