AVSDev/sprinkle-uf-tweaks
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Split the role admin permissions out

Browse Source
This commit is contained in:
Craig Williams
2023-07-18 13:25:21 +01:00
parent cbfa4adfe3
commit 243987382a
2 changed files with 107 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

114
src/Database/Seeds/CreateRoleAdmin.php
View File

@@ -9,8 +9,11 @@
namespace UserFrosting\Sprinkle\UFTweaks\Database\Seeds;
use UserFrosting\Sprinkle\Account\Database\Seeds\DefaultPermissions as UFDefaultPermissions;
use UserFrosting\Sprinkle\Account\Database\Models\Permission;
use UserFrosting\Sprinkle\Account\Database\Models\Role;
use UserFrosting\Sprinkle\Core\Database\Seeder\BaseSeed;
use UserFrosting\Sprinkle\Core\Facades\Seeder;
/**
* Seeder to create the role admin
@@ -22,14 +25,13 @@ class CreateRoleAdmin extends BaseSeed
*/
public function run()
{
$roles = $this->getRoles();
Seeder::execute('DefaultPermissions');
foreach ($roles as $role) {
// Don't save if already exist
if (Role::where('slug', $role->slug)->first() == null) {
$role->save();
}
}
$roles = $this->getRoles();
$this->saveRoles($roles);
$permissions = $this->getPermissions();
$this->syncPermissionsRole($roles, $permissions);
}
/**
@@ -38,11 +40,107 @@ class CreateRoleAdmin extends BaseSeed
protected function getRoles()
{
return [
new Role([
'role-admin' => new Role([
'slug' => 'role-admin',
'name' => 'Role Administrator',
'description' => 'This role is meant for "role administrators", who can basically do anything related to roles and their permissions.',
]),
];
}
/**
* Save roles.
*
* @param array $roles
*/
protected function saveRoles(array &$roles)
{
foreach ($roles as $slug => $role) {
// Trying to find if the role already exist
$existingRole = Role::where(['slug' => $role->slug])->first();
// Don't save if already exist, use existing role reference
// otherwise to re-sync permissions and roles
if ($existingRole == null) {
$role->save();
} else {
$roles[$slug] = $existingRole;
}
}
}
/**
* @return array Permissions to seed
*/
protected function getPermissions()
{
return [
'uri_dashboard' => Permission::where([
['slug', 'uri_dashboard'],
['conditions', 'always()']
])->first(),
'uri_role' => Permission::where([
['slug', 'uri_role'],
['conditions', 'always()']
])->first(),
'uri_roles' => Permission::where([
['slug', 'uri_roles'],
['conditions', 'always()']
])->first(),
'uri_permission' => Permission::where([
['slug', 'uri_permission'],
['conditions', 'always()']
])->first(),
'uri_permissions' => Permission::where([
['slug', 'uri_permissions'],
['conditions', 'always()']
])->first(),
'create_role' => Permission::where([
['slug', 'create_role'],
['conditions', 'always()']
])->first(),
'view_role_field' => Permission::where([
['slug', 'view_role_field'],
['conditions', "in(property,['slug','name','description','permissions','users'])"]
])->first(),
'update_role_field' => Permission::where([
['slug', 'update_role_field'],
['conditions', "is_master(self.id) || subset(fields,['slug','name','description'])"]
])->first(),
'update_role_permissions' => Permission::where([
['slug', 'update_role_permissions'],
['conditions', "is_master(self.id) || subset(fields,['permissions'])"]
])->first(),
'delete_role' => Permission::where([
['slug', 'delete_role'],
['conditions', 'always()']
])->first(),
];
}
/**
* Sync permissions with default roles.
*
* @param array $permissions
*/
protected function syncPermissionsRole(array $roles, array $permissions)
{
$roles['role-admin']->permissions()->syncWithoutDetaching([
$permissions['uri_dashboard']->id,
$permissions['uri_role']->id,
$permissions['uri_roles']->id,
$permissions['uri_permission']->id,
$permissions['uri_permissions']->id,
$permissions['create_role']->id,
$permissions['view_role_field']->id,
$permissions['update_role_field']->id,
$permissions['update_role_permissions']->id,
$permissions['delete_role']->id,
]);
}
}

19
src/Database/Seeds/DefaultPermissions.php
View File

@@ -26,7 +26,6 @@ class DefaultPermissions extends UFDefaultPermissions
{
// We require the default roles
Seeder::execute('DefaultRoles');
Seeder::execute('RoleAdminRole');
// Get and save permissions
$permissions = $this->getPermissions();
@@ -47,7 +46,6 @@ class DefaultPermissions extends UFDefaultPermissions
'user' => Role::where('slug', 'user')->first()->id,
'group-admin' => Role::where('slug', 'group-admin')->first()->id,
'site-admin' => Role::where('slug', 'site-admin')->first()->id,
'role-admin' => Role::where('slug', 'role-admin')->first()->id,
];
return array_merge(
@@ -142,23 +140,6 @@ class DefaultPermissions extends UFDefaultPermissions
{
parent::syncPermissionsRole($permissions);
$roleRoleAdmin = Role::where('slug', 'role-admin')->first();
if ($roleRoleAdmin) {
$roleRoleAdmin->permissions()->syncWithoutDetaching([
$permissions['uri_dashboard']->id,
$permissions['uri_role']->id,
$permissions['uri_roles']->id,
$permissions['uri_permission']->id,
$permissions['uri_permissions']->id,
$permissions['create_role']->id,
$permissions['view_role_field']->id,
$permissions['update_role_field']->id,
$permissions['update_role_permissions']->id,
$permissions['delete_role']->id,
]);
}
$roleSiteAdmin = Role::where('slug', 'site-admin')->first();
if ($roleSiteAdmin) {
$roleSiteAdmin->permissions()->syncWithoutDetaching([