-
Notifications
You must be signed in to change notification settings - Fork 554
/
HandleRolePermissions.php
95 lines (80 loc) · 3.11 KB
/
HandleRolePermissions.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
<?php
namespace A17\Twill\Repositories\Behaviors;
use A17\Twill\Models\Contracts\TwillModelContract;
use A17\Twill\Models\Role;
use Illuminate\Support\Str;
use A17\Twill\Models\Permission;
trait HandleRolePermissions
{
/**
* Retrieve role permissions fields
*
* @param TwillModelContract|Role $object
* @param array $fields
* @return array
*/
public function getFormFieldsHandleRolePermissions($object, $fields)
{
$object->permissions()->get();
foreach ($object->permissions()->global()->pluck('name')->toArray() as $permissionName) {
$fields[$permissionName] = true;
}
foreach (Permission::permissionableModules() as $moduleName) {
$modulePermission = $object->permissions()->module()->ofModuleName($moduleName)->first();
if ($modulePermission) {
$fields['module_' . $moduleName . '_permissions'] = $modulePermission->name;
} else {
$fields['module_' . $moduleName . '_permissions'] = 'none';
}
}
return $fields;
}
/**
* Function executed after save on role form
*
* @param TwillModelContract|Role $object
* @param array $fields
*/
public function afterSaveHandleRolePermissions($object, $fields)
{
$this->addOrRemoveUsersToEveryoneGroup($object);
$this->updateRolePermissions($object, $fields);
}
private function addOrRemoveUsersToEveryoneGroup($role)
{
$everyoneGroup = twillModel('group')::getEveryoneGroup();
$roleUserIds = $role->users->pluck('id')->toArray();
if ($role->in_everyone_group) {
$everyoneGroup->users()->syncWithoutDetaching($roleUserIds);
} else {
$everyoneGroup->users()->detach($roleUserIds);
}
}
private function updateRolePermissions($role, $fields)
{
foreach (Permission::available(Permission::SCOPE_GLOBAL) as $permissionName) {
if (isset($fields[$permissionName]) && $fields[$permissionName] === true) {
$role->grantGlobalPermission($permissionName);
} else {
$role->revokeGlobalPermission($permissionName);
}
}
foreach ($fields as $key => $permissionName) {
if (Str::startsWith($key, 'module_') && Str::endsWith($key, '_permissions')) {
$modulePermissions = Permission::available(Permission::SCOPE_MODULE);
$model = getModelByModuleName($moduleName = explode('_', $key)[1]);
$currentPermission = $role->permissions()
->where('permissionable_type', $model)
->whereIn('name', $modulePermissions)
->first();
if (!$currentPermission || $permissionName != $currentPermission->name) {
$role->revokeAllModulePermission($model);
if (in_array($permissionName, $modulePermissions)) {
$role->grantModulePermission($permissionName, $model);
}
}
}
}
$role->save();
}
}