Merge pull request #5 from mr-luke/feature/scope-restricted

Scope Restrictions

src/Manager.php

@@ -226,10 +226,18 @@ public function getAuthorizableMigration(): array
      */
     public function getPermission(Permitable $subject, string $scope, bool $checkScope = true)
     {
-        if($checkScope) {
+        if ($checkScope) {
             $this->checkScope($scope);
         }
 
+        if (':*' === substr($scope, -2)) {
+            $scope = substr($scope, 0, -2);
+
+            return $subject->permissions->sortbyDesc('level')->first(function ($perm) use ($scope) {
+                return preg_match("/^(${scope}$|${scope}:)/", $perm['scope']);
+            });
+        }
+
         return $subject->permissions->where('scope', $scope)->first();
     }
 

src/PermissionResolver.php

@@ -0,0 +1,38 @@
+<?php
+
+namespace Mrluke\Privileges;
+
+/**
+ * Class PermissionResolver
+ * @package Mrluke\Privileges
+ *
+ * @author  Hubert Smusz <hubert.smusz@movecloser.pl>
+ * @version 1.0.0
+ */
+class PermissionResolver
+{
+
+    /**
+     * @param          $subject
+     * @param string   $scope
+     * @param int|null $level
+     *
+     * @return array
+     */
+    public static function getScopeRestrictions($subject, string $scope, int $level = null): array
+    {
+        $scopes = $subject->roles->flatMap(function ($role) use ($scope, $level) {
+            if ($level) {
+                $permissions = $role->permissions->where('level', $level);
+            } else {
+                $permissions = $role->permissions;
+            }
+
+            return preg_grep("/^${scope}:/", array_column($permissions->toArray(), 'scope'));
+        })->toArray();
+
+        return array_map(function ($scope) {
+            return explode(':', $scope)[1];
+        }, $scopes);
+    }
+}