Skip to content
Permalink
Browse files

User roles (#380)

  • Loading branch information...
axeloz authored and REBELinBLUE committed Aug 5, 2018
1 parent b881852 commit 2e7c99b4db14e0581558519e472b81a0aaaee55b
Showing with 134,331 additions and 106 deletions.
  1. BIN .DS_Store
  2. +5 −1 app/Console/Commands/CreateUser.php
  3. +1 −1 app/Console/Commands/InstallApp.php
  4. BIN app/Exceptions/.DS_Store
  5. +12 −3 app/Http/Controllers/Admin/ProjectController.php
  6. +4 −2 app/Http/Controllers/Admin/UserController.php
  7. +3 −0 app/Http/Controllers/DeploymentController.php
  8. +2 −0 app/Http/Kernel.php
  9. +52 −0 app/Http/Middleware/IsAdmin.php
  10. +87 −0 app/Policies/ProjectPolicy.php
  11. +10 −0 app/Project.php
  12. +34 −0 app/Providers/AuthServiceProvider.php
  13. +3 −1 app/Repositories/Contracts/ProjectRepositoryInterface.php
  14. +55 −4 app/Repositories/EloquentProjectRepository.php
  15. +8 −0 app/Repositories/EloquentUserRepository.php
  16. +23 −2 app/User.php
  17. +1 −1 config/app.php
  18. +1 −0 database/factories/UserFactory.php
  19. +36 −0 database/migrations/2018_06_12_162953_create_user_project_table.php
  20. +37 −0 database/migrations/2018_06_12_171807_add_user_admin_column.php
  21. +1 −0 database/seeds/UserTableSeeder.php
  22. BIN public/.DS_Store
  23. +342 −1 public/css/app.css
  24. +18,795 −10 public/css/vendor.css
  25. +29,308 −1 public/js/app.js
  26. +564 −1 public/js/ie.js
  27. +102 −1 public/js/manifest.js
  28. +84,668 −1 public/js/vendor.js
  29. +5 −5 public/mix-manifest.json
  30. +1 −0 resources/lang/en/projects.php
  31. +12 −0 resources/lang/en/users.php
  32. +18 −14 resources/views/_partials/sidebar.blade.php
  33. +18 −0 resources/views/admin/projects/dialog.blade.php
  34. +3 −0 resources/views/admin/projects/listing.blade.php
  35. +10 −0 resources/views/admin/users/dialog.blade.php
  36. +8 −0 resources/views/admin/users/listing.blade.php
  37. +14 −12 resources/views/projects/_partials/deployments.blade.php
  38. +48 −35 resources/views/projects/details.blade.php
  39. +1 −1 routes/admin.php
  40. +6 −0 tests/Unit/Console/Commands/CreateUserTest.php
  41. +1 −0 tests/Unit/Console/Commands/InstallAppTest.php
  42. +32 −9 tests/Unit/Repositories/EloquentProjectRepositoryTest.php
BIN +6 KB .DS_Store
Binary file not shown.
@@ -24,7 +24,8 @@ class CreateUser extends Command
{name : The name for the user}
{email : The email address for the user}
{password? : The password for the user, one will be generated if not supplied}
{--no-email : Do not send a welcome email}';
{--no-email : Do not send a welcome email}
{--admin : Sets this user as super administrator}';
/**
* The console command description.
@@ -77,6 +78,8 @@ public function handle(Dispatcher $dispatcher, Validation $validation)
$send_email = (!$this->option('no-email'));
$arguments['is_admin'] = (!$this->option('admin'));
$password_generated = false;
if (!$arguments['password']) {
$arguments['password'] = $this->generator->generateRandom(15);
@@ -87,6 +90,7 @@ public function handle(Dispatcher $dispatcher, Validation $validation)
'name' => 'required|max:255',
'email' => 'required|email|max:255|unique:users,email',
'password' => 'required|min:6',
'is_admin' => 'required|min:0|max:1'
]);
if (!$validator->passes()) {
@@ -359,7 +359,7 @@ private function generateKey()
*/
private function createAdminUser($name, $email, $password)
{
$process = $this->artisanProcess('deployer:create-user', [$name, $email, $password, '--no-email']);
$process = $this->artisanProcess('deployer:create-user', [$name, $email, $password, '--no-email', '--admin']);
$process->run();
Binary file not shown.
@@ -9,6 +9,8 @@
use REBELinBLUE\Deployer\Http\Controllers\Controller;
use REBELinBLUE\Deployer\Http\Controllers\Resources\ResourceController;
use REBELinBLUE\Deployer\Http\Requests\StoreProjectRequest;
use REBELinBLUE\Deployer\User;
use REBELinBLUE\Deployer\Repositories\Contracts\UserRepositoryInterface;
use REBELinBLUE\Deployer\Repositories\Contracts\GroupRepositoryInterface;
use REBELinBLUE\Deployer\Repositories\Contracts\ProjectRepositoryInterface;
use REBELinBLUE\Deployer\Repositories\Contracts\TemplateRepositoryInterface;
@@ -34,6 +36,7 @@ public function __construct(ProjectRepositoryInterface $repository)
/**
* Shows all projects.
*
* @param UserRepositoryInterface $user
* @param TemplateRepositoryInterface $templateRepository
* @param GroupRepositoryInterface $groupRepository
* @param Request $request
@@ -43,20 +46,22 @@ public function __construct(ProjectRepositoryInterface $repository)
* @return \Illuminate\View\View
*/
public function index(
UserRepositoryInterface $user,
TemplateRepositoryInterface $templateRepository,
GroupRepositoryInterface $groupRepository,
Request $request,
ViewFactory $view,
Translator $translator
) {
$projects = $this->repository->getAll();
$projects = $this->repository->getAll(true);
return $view->make('admin.projects.listing', [
'is_secure' => $request->secure(),
'title' => $translator->trans('projects.manage'),
'templates' => $templateRepository->getAll(),
'groups' => $groupRepository->getAll(),
'projects' => $projects->toJson(),
'users' => $user->findNonAdminUsers()->toJson()
]);
}
@@ -81,7 +86,9 @@ public function store(StoreProjectRequest $request, ResponseFactory $response)
'template_id',
'allow_other_branch',
'include_dev',
'private_key'
'private_key',
'managers',
'users'
)), Response::HTTP_CREATED);
}
@@ -105,7 +112,9 @@ public function update($project_id, StoreProjectRequest $request)
'build_url',
'allow_other_branch',
'include_dev',
'private_key'
'private_key',
'managers',
'users'
), $project_id);
}
}
@@ -59,7 +59,8 @@ public function store(StoreUserRequest $request, Dispatcher $dispatcher, Respons
$user = $this->repository->create($request->only(
'name',
'email',
'password'
'password',
'is_admin'
));
$dispatcher->dispatch(new UserWasCreated($user, $request->get('password')));
@@ -80,7 +81,8 @@ public function update($user_id, StoreUserRequest $request)
return $this->repository->updateById($request->only(
'name',
'email',
'password'
'password',
'is_admin'
), $user_id);
}
}
@@ -86,6 +86,9 @@ public function project($project_id)
{
$project = $this->projectRepository->getById($project_id);
// Making sure this user may access this projet
$this->authorize('view', $project);
$optional = $project->commands->filter(function (Command $command) {
return $command->optional;
});
@@ -18,6 +18,7 @@
use REBELinBLUE\Deployer\Http\Middleware\RefreshJsonWebToken;
use REBELinBLUE\Deployer\Http\Middleware\TrimStrings;
use REBELinBLUE\Deployer\Http\Middleware\VerifyCsrfToken;
use REBELinBLUE\Deployer\Http\Middleware\IsAdmin;
/**
* Kernel class.
@@ -68,5 +69,6 @@ class Kernel extends HttpKernel
'guest' => RedirectIfAuthenticated::class,
'jwt' => RefreshJsonWebToken::class,
'throttle' => ThrottleRequests::class,
'isadmin' => IsAdmin::class
];
}
@@ -0,0 +1,52 @@
<?php
namespace REBELinBLUE\Deployer\Http\Middleware;
use Closure;
use Illuminate\Contracts\Auth\Factory as AuthFactory;
/**
* IsAdmin Middleware
*/
class IsAdmin
{
/**
* @var AuthFactory
*/
private $auth;
/**
* @param AuthFactory $auth
*/
public function __construct(AuthFactory $auth)
{
$this->auth = $auth;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
// If user is authenticated ...
if ($this->auth->user()) {
// ... and IS an application admin
if ($this->auth->user()->isAdmin() === true) {
// authorization granted
return $next($request);
}
// ... otherwise there is nothing we can do. Aborting...
abort(403);
}
// User should login
return redirect('/');
}
}
@@ -0,0 +1,87 @@
<?php
namespace REBELinBLUE\Deployer\Policies;
use REBELinBLUE\Deployer\User;
use REBELinBLUE\Deployer\Project;
use Illuminate\Auth\Access\HandlesAuthorization;
/**
* Project policies
*/
class ProjectPolicy
{
use HandlesAuthorization;
/**
* Global policy with any action allowed for admins
* @param User $user
* @param string $ability
* @return bool
*/
public function before($user, $ability)
{
if ($user->isAdmin()) {
return true;
}
}
/**
* Determine whether the user can view the project.
*
* @param \REBELinBLUE\Deployer\User $user
* @param \REBELinBLUE\Deployer\Project $project
* @return mixed
*/
public function view(User $user, Project $project)
{
return $project->users()->where('users.id', $user->id)->count() === 1;
}
/**
* Determine whether the user can rollback the project.
*
* @param \REBELinBLUE\Deployer\User $user
* @param \REBELinBLUE\Deployer\Project $project
* @return mixed
*/
public function rollback(User $user, Project $project)
{
return $project->users()->where('role', 'manager')->where('users.id', $user->id)->count() === 1;
}
/**
* Determine whether the user can create projects.
*
* @param \REBELinBLUE\Deployer\User $user
* @return mixed
*/
public function create(User $user)
{
//
}
/**
* Determine whether the user can update the project.
*
* @param \REBELinBLUE\Deployer\User $user
* @param \REBELinBLUE\Deployer\Project $project
* @return mixed
*/
public function update(User $user, Project $project)
{
return $project->users()->where('role', 'manager')->where('users.id', $user->id)->count() === 1;
}
/**
* Determine whether the user can delete the project.
*
* @param \REBELinBLUE\Deployer\User $user
* @param \REBELinBLUE\Deployer\Project $project
* @return mixed
*/
public function delete(User $user, Project $project)
{
//
}
}
@@ -429,4 +429,14 @@ public function refs()
{
return $this->hasMany(Ref::class);
}
/**
* Has many relationship for users.
*
* @return \Illuminate\Database\Eloquent\Relations\BelongsToMany
*/
public function users()
{
return $this->belongsToMany(User::class)->withPivot('role');
}
}
@@ -0,0 +1,34 @@
<?php
namespace REBELinBLUE\Deployer\Providers;
use REBELinBLUE\Deployer\Project;
use REBELinBLUE\Deployer\Policies\ProjectPolicy;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
/**
* Auth Service Provider
*/
class AuthServiceProvider extends ServiceProvider
{
/**
* The policy mappings for the application.
*
* @var array
*/
protected $policies = [
Project::class => ProjectPolicy::class,
];
/**
* Register any authentication / authorization services.
*
* @return void
*/
public function boot()
{
$this->registerPolicies();
}
}
@@ -15,9 +15,11 @@ interface ProjectRepositoryInterface
public function getByHash($hash);
/**
* @param bool $with_user
*
* @return \Illuminate\Database\Eloquent\Collection
*/
public function getAll();
public function getAll($with_user = false);
/**
* @param array $fields
Oops, something went wrong.

0 comments on commit 2e7c99b

Please sign in to comment.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.