Split the role admin permissions out
This commit is contained in:
@@ -9,8 +9,11 @@
|
|||||||
|
|
||||||
namespace UserFrosting\Sprinkle\UFTweaks\Database\Seeds;
|
namespace UserFrosting\Sprinkle\UFTweaks\Database\Seeds;
|
||||||
|
|
||||||
|
use UserFrosting\Sprinkle\Account\Database\Seeds\DefaultPermissions as UFDefaultPermissions;
|
||||||
|
use UserFrosting\Sprinkle\Account\Database\Models\Permission;
|
||||||
use UserFrosting\Sprinkle\Account\Database\Models\Role;
|
use UserFrosting\Sprinkle\Account\Database\Models\Role;
|
||||||
use UserFrosting\Sprinkle\Core\Database\Seeder\BaseSeed;
|
use UserFrosting\Sprinkle\Core\Database\Seeder\BaseSeed;
|
||||||
|
use UserFrosting\Sprinkle\Core\Facades\Seeder;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Seeder to create the role admin
|
* Seeder to create the role admin
|
||||||
@@ -22,14 +25,13 @@ class CreateRoleAdmin extends BaseSeed
|
|||||||
*/
|
*/
|
||||||
public function run()
|
public function run()
|
||||||
{
|
{
|
||||||
$roles = $this->getRoles();
|
Seeder::execute('DefaultPermissions');
|
||||||
|
|
||||||
foreach ($roles as $role) {
|
$roles = $this->getRoles();
|
||||||
// Don't save if already exist
|
$this->saveRoles($roles);
|
||||||
if (Role::where('slug', $role->slug)->first() == null) {
|
|
||||||
$role->save();
|
$permissions = $this->getPermissions();
|
||||||
}
|
$this->syncPermissionsRole($roles, $permissions);
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -38,11 +40,107 @@ class CreateRoleAdmin extends BaseSeed
|
|||||||
protected function getRoles()
|
protected function getRoles()
|
||||||
{
|
{
|
||||||
return [
|
return [
|
||||||
new Role([
|
'role-admin' => new Role([
|
||||||
'slug' => 'role-admin',
|
'slug' => 'role-admin',
|
||||||
'name' => 'Role Administrator',
|
'name' => 'Role Administrator',
|
||||||
'description' => 'This role is meant for "role administrators", who can basically do anything related to roles and their permissions.',
|
'description' => 'This role is meant for "role administrators", who can basically do anything related to roles and their permissions.',
|
||||||
]),
|
]),
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
/**
|
||||||
|
* Save roles.
|
||||||
|
*
|
||||||
|
* @param array $roles
|
||||||
|
*/
|
||||||
|
protected function saveRoles(array &$roles)
|
||||||
|
{
|
||||||
|
foreach ($roles as $slug => $role) {
|
||||||
|
// Trying to find if the role already exist
|
||||||
|
$existingRole = Role::where(['slug' => $role->slug])->first();
|
||||||
|
|
||||||
|
// Don't save if already exist, use existing role reference
|
||||||
|
// otherwise to re-sync permissions and roles
|
||||||
|
if ($existingRole == null) {
|
||||||
|
$role->save();
|
||||||
|
} else {
|
||||||
|
$roles[$slug] = $existingRole;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return array Permissions to seed
|
||||||
|
*/
|
||||||
|
protected function getPermissions()
|
||||||
|
{
|
||||||
|
return [
|
||||||
|
'uri_dashboard' => Permission::where([
|
||||||
|
['slug', 'uri_dashboard'],
|
||||||
|
['conditions', 'always()']
|
||||||
|
])->first(),
|
||||||
|
|
||||||
|
'uri_role' => Permission::where([
|
||||||
|
['slug', 'uri_role'],
|
||||||
|
['conditions', 'always()']
|
||||||
|
])->first(),
|
||||||
|
'uri_roles' => Permission::where([
|
||||||
|
['slug', 'uri_roles'],
|
||||||
|
['conditions', 'always()']
|
||||||
|
])->first(),
|
||||||
|
'uri_permission' => Permission::where([
|
||||||
|
['slug', 'uri_permission'],
|
||||||
|
['conditions', 'always()']
|
||||||
|
])->first(),
|
||||||
|
'uri_permissions' => Permission::where([
|
||||||
|
['slug', 'uri_permissions'],
|
||||||
|
['conditions', 'always()']
|
||||||
|
])->first(),
|
||||||
|
|
||||||
|
'create_role' => Permission::where([
|
||||||
|
['slug', 'create_role'],
|
||||||
|
['conditions', 'always()']
|
||||||
|
])->first(),
|
||||||
|
'view_role_field' => Permission::where([
|
||||||
|
['slug', 'view_role_field'],
|
||||||
|
['conditions', "in(property,['slug','name','description','permissions','users'])"]
|
||||||
|
])->first(),
|
||||||
|
'update_role_field' => Permission::where([
|
||||||
|
['slug', 'update_role_field'],
|
||||||
|
['conditions', "is_master(self.id) || subset(fields,['slug','name','description'])"]
|
||||||
|
])->first(),
|
||||||
|
'update_role_permissions' => Permission::where([
|
||||||
|
['slug', 'update_role_permissions'],
|
||||||
|
['conditions', "is_master(self.id) || subset(fields,['permissions'])"]
|
||||||
|
])->first(),
|
||||||
|
'delete_role' => Permission::where([
|
||||||
|
['slug', 'delete_role'],
|
||||||
|
['conditions', 'always()']
|
||||||
|
])->first(),
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sync permissions with default roles.
|
||||||
|
*
|
||||||
|
* @param array $permissions
|
||||||
|
*/
|
||||||
|
protected function syncPermissionsRole(array $roles, array $permissions)
|
||||||
|
{
|
||||||
|
$roles['role-admin']->permissions()->syncWithoutDetaching([
|
||||||
|
$permissions['uri_dashboard']->id,
|
||||||
|
|
||||||
|
$permissions['uri_role']->id,
|
||||||
|
$permissions['uri_roles']->id,
|
||||||
|
$permissions['uri_permission']->id,
|
||||||
|
$permissions['uri_permissions']->id,
|
||||||
|
|
||||||
|
$permissions['create_role']->id,
|
||||||
|
$permissions['view_role_field']->id,
|
||||||
|
$permissions['update_role_field']->id,
|
||||||
|
$permissions['update_role_permissions']->id,
|
||||||
|
$permissions['delete_role']->id,
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -26,7 +26,6 @@ class DefaultPermissions extends UFDefaultPermissions
|
|||||||
{
|
{
|
||||||
// We require the default roles
|
// We require the default roles
|
||||||
Seeder::execute('DefaultRoles');
|
Seeder::execute('DefaultRoles');
|
||||||
Seeder::execute('RoleAdminRole');
|
|
||||||
|
|
||||||
// Get and save permissions
|
// Get and save permissions
|
||||||
$permissions = $this->getPermissions();
|
$permissions = $this->getPermissions();
|
||||||
@@ -47,7 +46,6 @@ class DefaultPermissions extends UFDefaultPermissions
|
|||||||
'user' => Role::where('slug', 'user')->first()->id,
|
'user' => Role::where('slug', 'user')->first()->id,
|
||||||
'group-admin' => Role::where('slug', 'group-admin')->first()->id,
|
'group-admin' => Role::where('slug', 'group-admin')->first()->id,
|
||||||
'site-admin' => Role::where('slug', 'site-admin')->first()->id,
|
'site-admin' => Role::where('slug', 'site-admin')->first()->id,
|
||||||
'role-admin' => Role::where('slug', 'role-admin')->first()->id,
|
|
||||||
];
|
];
|
||||||
|
|
||||||
return array_merge(
|
return array_merge(
|
||||||
@@ -142,23 +140,6 @@ class DefaultPermissions extends UFDefaultPermissions
|
|||||||
{
|
{
|
||||||
parent::syncPermissionsRole($permissions);
|
parent::syncPermissionsRole($permissions);
|
||||||
|
|
||||||
$roleRoleAdmin = Role::where('slug', 'role-admin')->first();
|
|
||||||
if ($roleRoleAdmin) {
|
|
||||||
$roleRoleAdmin->permissions()->syncWithoutDetaching([
|
|
||||||
$permissions['uri_dashboard']->id,
|
|
||||||
$permissions['uri_role']->id,
|
|
||||||
$permissions['uri_roles']->id,
|
|
||||||
$permissions['uri_permission']->id,
|
|
||||||
$permissions['uri_permissions']->id,
|
|
||||||
|
|
||||||
$permissions['create_role']->id,
|
|
||||||
$permissions['view_role_field']->id,
|
|
||||||
$permissions['update_role_field']->id,
|
|
||||||
$permissions['update_role_permissions']->id,
|
|
||||||
$permissions['delete_role']->id,
|
|
||||||
]);
|
|
||||||
}
|
|
||||||
|
|
||||||
$roleSiteAdmin = Role::where('slug', 'site-admin')->first();
|
$roleSiteAdmin = Role::where('slug', 'site-admin')->first();
|
||||||
if ($roleSiteAdmin) {
|
if ($roleSiteAdmin) {
|
||||||
$roleSiteAdmin->permissions()->syncWithoutDetaching([
|
$roleSiteAdmin->permissions()->syncWithoutDetaching([
|
||||||
|
|||||||
Reference in New Issue
Block a user