Merge branch 'master' of github.com:spira/spira into feature/admin-at…

…omised-content

* 'master' of github.com:spira/spira: (56 commits)
  Fixed upstream PHPSecLib api change
  Attempt to use node 0.12
  Attempt to use node 4.2 lts in travis
  Resolved conflict with master in composer.lock
  locked selenium wd to a specific version
  Switched user admin checking to many roles, added roleAssignment model to track roles with a model.
  Switched user admin checking to many roles, added roleAssignment model to track roles with a model.
  role_name changed to role_key
  add roles to token
  style patch
  related to user role models
  Composer update to get latest illuminate/database
  just for test
  just for test
  and style patch =((
  another annoying fix
  test fix
  and style patch
  user based storage covered with tests
  roles returned to the user model User storage added for assignments
  ...

.travis.yml

@@ -27,6 +27,7 @@ env:
 before_install:
   - sudo apt-get update -qq
   - sudo apt-get install -y libnotify-bin beanstalkd
+  - nvm install 0.12 && nvm use 0.12
   - mysql -e 'create database vanilla;'
 
 install:

api/app/Console/Commands/GenerateKeysCommand.php

@@ -10,9 +10,9 @@
 
 namespace App\Console\Commands;
 
-use Crypt_RSA;
 use Illuminate\Console\Command;
 use Illuminate\Filesystem\Filesystem;
+use phpseclib\Crypt\RSA;
 
 class GenerateKeysCommand extends Command
 {
@@ -58,7 +58,7 @@ public function __construct(Filesystem $file)
      */
     public function handle()
     {
-        $rsa = new Crypt_RSA();
+        $rsa = new RSA();
         $keys = $rsa->createKey();
 
         if (! $this->file->exists(storage_path('app/keys'))) {

api/app/Extensions/Rbac/UserAssignmentStorage.php

@@ -0,0 +1,108 @@
+<?php
+
+/*
+ * This file is part of the Spira framework.
+ *
+ * @link https://github.com/spira/spira
+ *
+ * For the full copyright and license information, please view the LICENSE file that was distributed with this source code.
+ */
+
+namespace App\Extensions\Rbac;
+
+use App\Models\User;
+use Spira\Contract\Exception\NotImplementedException;
+use Spira\Rbac\Item\Assignment;
+use Spira\Rbac\Item\Role;
+use Spira\Rbac\Storage\AssignmentStorageInterface;
+
+class UserAssignmentStorage implements AssignmentStorageInterface
+{
+    /**
+     * Returns all role assignment information for the specified user.
+     * @param string|int $userId the user ID
+     * @return Assignment[] the assignments indexed by role names. An empty array will be
+     * returned if there is no role assigned to the user.
+     */
+    public function getAssignments($userId)
+    {
+        /** @var User $user */
+        $user = User::findOrFail($userId);
+        $assignments = [];
+
+        /** @var \App\Models\Role $role */
+        foreach ($user->roles as $role) {
+            $assignment = new Assignment();
+            $assignment->userId = $userId;
+            $assignment->roleName = $role->role_key;
+            $assignments[$role->role_key] = $assignment;
+        }
+
+        return $assignments;
+    }
+
+    /**
+     * Assigns a role to a user.
+     *
+     * @param Role $role
+     * @param string|int $userId the user ID
+     * @return Assignment the role assignment information.
+     */
+    public function assign(Role $role, $userId)
+    {
+        /** @var User $user */
+        $user = User::findOrFail($userId);
+
+        $roleModel = new \App\Models\Role();
+        $roleModel->role_key = $role->name;
+
+        $user->roles()->save($roleModel);
+
+        $assignment = new Assignment();
+        $assignment->userId = $userId;
+        $assignment->roleName = $role->name;
+
+        return $assignment;
+    }
+
+    /**
+     * Revokes a role from a user.
+     *
+     * @param Role $role
+     * @param string|int $userId the user ID
+     * @return bool whether the revoking is successful
+     */
+    public function revoke(Role $role, $userId)
+    {
+        if (! $userId) {
+            return false;
+        }
+
+        $role = \App\Models\Role::where('user_id', '=', $userId)->where('role_key', '=', $role->name)->first();
+
+        if ($role && $role->delete()) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * @param Role $role
+     * @return bool
+     */
+    public function removeAllAssignments(Role $role)
+    {
+        throw new NotImplementedException('Massive removal via Storage is disabled');
+    }
+
+    /**
+     * @param $oldName
+     * @param Role $role
+     * @return bool
+     */
+    public function updateAllAssignments($oldName, Role $role)
+    {
+        throw new NotImplementedException('Massive update via Storage is disabled');
+    }
+}

api/app/Http/Auth/ManipulateWithOwn.php

@@ -0,0 +1,32 @@
+<?php
+
+/*
+ * This file is part of the Spira framework.
+ *
+ * @link https://github.com/spira/spira
+ *
+ * For the full copyright and license information, please view the LICENSE file that was distributed with this source code.
+ */
+
+namespace App\Http\Auth;
+
+use Illuminate\Contracts\Auth\Authenticatable;
+use Spira\Rbac\Item\Rule;
+
+class ManipulateWithOwn extends Rule
+{
+    /**
+     * Executes the rule.
+     *
+     * @param callable $userResolver
+     * @param array $params parameters passed to check.
+     * @return bool a value indicating whether the rule permits the auth item it is associated with.
+     */
+    public function execute(callable $userResolver, $params)
+    {
+        /** @var Authenticatable $user */
+        $user = $userResolver();
+
+        return isset($params['model']) ? $params['model']->user_id == $user->getAuthIdentifier() : false;
+    }
+}

api/app/Http/Controllers/ApiController.php

@@ -15,11 +15,14 @@
 use Laravel\Lumen\Routing\Controller;
 use Spira\Model\Collection\Collection;
 use App\Exceptions\BadRequestException;
+use Spira\Rbac\Access\AuthorizesRequestsTrait;
 use Spira\Responder\Response\ApiResponse;
 use Spira\Responder\Contract\TransformerInterface;
 
 abstract class ApiController extends Controller
 {
+    use AuthorizesRequestsTrait;
+
     protected $paginatorDefaultLimit = 10;
     protected $paginatorMaxLimit = 50;
 
@@ -28,6 +31,18 @@ abstract class ApiController extends Controller
      */
     protected $transformer;
 
+    /**
+     * Enable permissions checks.
+     */
+    protected $permissionsEnabled = false;
+
+    /**
+     * Name of the default role to check against
+     * Designed for default rules
+     * Should be set to false to enable route based permissions.
+     */
+    protected $defaultRole = 'admin';
+
     public function __construct(TransformerInterface $transformer)
     {
         $this->transformer = $transformer;
@@ -72,4 +87,24 @@ protected function getWithNested($modelOrCollection, Request $request)
 
         return $modelOrCollection;
     }
+
+    /**
+     * Authorize a given action against a set of arguments.
+     *
+     * @param  mixed  $permission
+     * @param  mixed|array  $arguments
+     * @return void
+     */
+    public function checkPermission($permission, $arguments = [])
+    {
+        if (! $this->permissionsEnabled) {
+            return;
+        }
+
+        if ($this->defaultRole) {
+            $permission = $this->defaultRole;
+        }
+
+        $this->authorize($permission, $arguments);
+    }
 }

api/app/Http/Controllers/AuthController.php

@@ -188,7 +188,7 @@ public function handleProviderCallback($provider, Socialite $socialite, User $us
             $user = $userModel->findByEmail($socialUser->email);
         } catch (ModelNotFoundException $e) {
             $user = $userModel->newInstance();
-            $user->fill(array_merge($socialUser->toArray(), ['user_type' => 'guest']));
+            $user->fill(array_merge($socialUser->toArray()));
             $user->save();
         }
 

api/app/Http/Controllers/ChildEntityController.php

@@ -10,7 +10,6 @@
 
 namespace App\Http\Controllers;
 
-use App\Extensions\Controller\AuthorizesRequestsTrait;
 use App\Extensions\Controller\RequestValidationTrait;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\ModelNotFoundException;
@@ -20,6 +19,7 @@
 use Illuminate\Http\Request;
 use Spira\Model\Collection\Collection;
 use Spira\Model\Model\BaseModel;
+use Spira\Rbac\Access\AuthorizesRequestsTrait;
 use Spira\Responder\Contract\TransformerInterface;
 use Spira\Responder\Response\ApiResponse;