AVSDev/sprinkle-uf-tweaks
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

See the README for current tweaks

Browse Source
This commit is contained in:
Craig Williams
2023-05-31 11:51:12 +01:00
parent 97407e9532
commit a67214d024
18 changed files with 1260 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
src/Database/Seeds/ClearPermissions.php Normal file
View File

@@ -0,0 +1,33 @@
<?php
/*
* AVSDev UF Tweaks (https://avsdev.uk)
*
* @link https://git.avsdev.uk/avsdev/sprinkle-uf-tweaks
* @license https://git.avsdev.uk/avsdev/sprinkle-uf-tweaks/blob/master/LICENSE.md (LGPL-3.0 License)
*/
namespace UserFrosting\Sprinkle\UFTweaks\Database\Seeds;
use UserFrosting\Sprinkle\Account\Database\Models\Permission;
use UserFrosting\Sprinkle\Account\Database\Models\Role;
use UserFrosting\Sprinkle\Core\Database\Seeder\BaseSeed;
use UserFrosting\Sprinkle\Core\Facades\Seeder;
/**
* Removes all permissions from the system
*/
class ClearPermissions extends BaseSeed
{
/**
* {@inheritdoc}
*/
public function run()
{
Permission::all()->each(function($perm) {
$perm->roles()->sync([]);
});
Permission::whereRaw('1 = 1')->delete();
}
}

185
src/Database/Seeds/DefaultPermissions.php Normal file
View File

@@ -0,0 +1,185 @@
<?php
/*
* AVSDev UF Tweaks (https://avsdev.uk)
*
* @link https://git.avsdev.uk/avsdev/sprinkle-uf-tweaks
* @license https://git.avsdev.uk/avsdev/sprinkle-uf-tweaks/blob/master/LICENSE.md (LGPL-3.0 License)
*/
namespace UserFrosting\Sprinkle\UFTweaks\Database\Seeds;
use UserFrosting\Sprinkle\Account\Database\Models\Permission;
use UserFrosting\Sprinkle\Account\Database\Models\Role;
use UserFrosting\Sprinkle\Account\Database\Seeds\DefaultPermissions as UFDefaultPermissions;
use UserFrosting\Sprinkle\Core\Facades\Seeder;
/**
* Seeder for the dashboard permissions.
*/
class DefaultPermissions extends UFDefaultPermissions
{
/**
* {@inheritdoc}
*/
public function run()
{
// We require the default roles
Seeder::execute('DefaultRoles');
// Get and save permissions
$permissions = $this->getPermissions();
$this->savePermissions($permissions);
// Add default mappings to permissions
$this->syncPermissionsRole($permissions);
}
/**
* @return array Permissions to seed
*/
protected function getPermissions()
{
$base_permissions = parent::getPermissions();
$defaultRoleIds = [
'user' => Role::where('slug', 'user')->first()->id,
'group-admin' => Role::where('slug', 'group-admin')->first()->id,
'site-admin' => Role::where('slug', 'site-admin')->first()->id,
];
return array_merge(
$base_permissions,
[
'uri_role' => new Permission([
'slug' => 'uri_role',
'name' => 'View role',
'conditions' => 'always()',
'description' => 'View the role page of any role.',
]),
'uri_roles' => new Permission([
'slug' => 'uri_roles',
'name' => 'Role management page',
'conditions' => 'always()',
'description' => 'View a page containing a table of roles.',
]),
'uri_permission' => new Permission([
'slug' => 'uri_permission',
'name' => 'View permission',
'conditions' => 'always()',
'description' => 'View the permission page of any permission.',
]),
'uri_permissions' => new Permission([
'slug' => 'uri_permissions',
'name' => 'Permission management page',
'conditions' => 'always()',
'description' => 'View a page containing a table of permissions.',
]),
'create_role' => new Permission([
'slug' => 'create_role',
'name' => 'Create role',
'conditions' => 'always()',
'description' => 'Create a new role.',
]),
'view_role_field' => new Permission([
'slug' => 'view_role_field',
'name' => 'View role',
'conditions' => "in(property,['slug','name','description','permissions','users'])",
'description' => 'View certain properties of any role.',
]),
'update_role_permissions' => new Permission([
'slug' => 'update_role_permissions',
'name' => 'Edit role permissions',
'conditions' => "is_master(self.id) || subset(fields,['permissions'])",
'description' => 'Edit permissions of any role.',
]),
'update_role_permissions_limited' => new Permission([
'slug' => 'update_role_permissions',
'name' => 'Edit role permissions',
'conditions' => "is_master(self.id) || (!has_role(self.id,role.id) && role.id != {$defaultRoleIds['site-admin']} && subset(fields,['permissions']))",
'description' => 'Edit basic properties of any role, except the Site Administrators role (unless you are the root user).',
]),
'update_role_field' => new Permission([
'slug' => 'update_role_field',
'name' => 'Edit role',
'conditions' => "is_master(self.id) || (!has_role(self.id,role.id) && role.id != {$defaultRoleIds['site-admin']} && subset(fields,['slug','name','description']))",
'description' => 'Edit basic properties of any role, except the Site Administrators role (unless you are the root user).',
]),
'delete_role_any' => new Permission([
'slug' => 'delete_role',
'name' => 'Delete role',
'conditions' => 'always()',
'description' => 'Delete a role.',
]),
'delete_role' => new Permission([
'slug' => 'delete_role',
'name' => 'Delete role',
'conditions' => "is_master(self.id) || (!has_role(self.id,role.id) && role.id != {$defaultRoleIds['site-admin']})",
'description' => 'Delete a role, except the Site Administrators role (unless you are the root user).',
]),
]
);
}
/**
* Save permissions.
*
* @param array $permissions
*/
protected function savePermissions(array &$permissions)
{
foreach ($permissions as $slug => $permission) {
// Trying to find if the permission already exist
$existingPermission = Permission::where(['slug' => $permission->slug, 'conditions' => $permission->conditions])->first();
// Don't save if already exist, use existing permission reference
// otherwise to re-sync permissions and roles
if ($existingPermission == null) {
$permission->save();
} else {
$permissions[$slug] = $existingPermission;
}
}
}
/**
* Sync permissions with default roles.
*
* @param array $permissions
*/
protected function syncPermissionsRole(array $permissions)
{
parent::syncPermissionsRole($permissions);
$roleSiteAdmin = Role::where('slug', 'site-admin')->first();
if ($roleSiteAdmin) {
$roleSiteAdmin->permissions()->syncWithoutDetaching([
$permissions['uri_dashboard']->id,
$permissions['uri_role']->id,
$permissions['uri_roles']->id,
$permissions['uri_permission']->id,
$permissions['uri_permissions']->id,
// Too much power: $permissions['create_role']->id,
$permissions['view_role_field']->id,
$permissions['update_role_field']->id,
// Too much power: $permissions['update_role_permissions']->id,
// Too much power: $permissions['update_role_permissions_limited']->id,
// Too much power: $permissions['delete_role']->id,
// Too much power: $permissions['delete_role_any']->id,
]);
}
$roleGroupAdmin = Role::where('slug', 'group-admin')->first();
if ($roleGroupAdmin) {
$roleGroupAdmin->permissions()->syncWithoutDetaching([
$permissions['uri_dashboard']->id,
]);
}
$roleUser = Role::where('slug', 'user')->first();
if ($roleUser) {
$roleUser->permissions()->detach($permissions['uri_dashboard']);
}
}
}

107
src/ServicesProvider/ServicesProvider.php Normal file
View File

@@ -0,0 +1,107 @@
<?php
/*
* AVSDev UF Tweaks (https://avsdev.uk)
*
* @link https://git.avsdev.uk/avsdev/sprinkle-uf-tweaks
* @license https://git.avsdev.uk/avsdev/sprinkle-uf-tweaks/blob/master/LICENSE.md (LGPL-3.0 License)
*/
namespace UserFrosting\Sprinkle\UFTweaks\ServicesProvider;
use Psr\Container\ContainerInterface;
use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ServerRequestInterface as Request;
/**
* Registers services for the UFTweaks sprinkle.
*
* @author Craig Williams (https://avsdev.uk)
*/
class ServicesProvider
{
/**
* Register UserFrosting's services.
*
* @param ContainerInterface $container A DI container implementing ArrayAccess and psr-container.
*/
public function register(ContainerInterface $container)
{
/*
* Returns a callback that handles setting the `UF-Redirect` header after a successful login.
*
* Overrides the service definition in the account Sprinkle.
*
* @return callable
*/
$container['redirect.onLogin'] = function ($c) {
/*
* This method is invoked when a user completes the login process.
*
* Returns a callback that handles setting the `UF-Redirect` header after a successful login.
* @param \Psr\Http\Message\ServerRequestInterface $request
* @param \Psr\Http\Message\ResponseInterface $response
* @param array $args
* @return \Psr\Http\Message\ResponseInterface
*/
return function (Request $request, Response $response, array $args) use ($c) {
/** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager */
$authorizer = $c->authorizer;
$currentUser = $c->authenticator->user();
if ($authorizer->checkAccess($currentUser, 'uri_dashboard')) {
return $response->withHeader('UF-Redirect', $c->router->pathFor('dashboard'));
} else {
return $response->withHeader('UF-Redirect', $c->router->pathFor('index'));
}
};
};
/*
* Extend the 'authorizer' service to fix some callbacks
*
* @return \UserFrosting\Sprinkle\Core\Util\ClassMapper
*/
$container->extend('authorizer', function ($authorizer, $c) {
/*
* Check if all values in the array $needle are present in the values of $haystack.
*
* @param array[mixed] $needle the array whose values we should look for in $haystack
* @param array[mixed] $haystack the array of values to search.
* @return bool true if every value in $needle is present in the values of $haystack, false otherwise.
*/
$authorizer->addCallback(
'subset',
function ($needle, $haystack) {
if (!is_countable($needle)) {
$needle = [ $needle ];
}
return count($needle) == count(array_intersect($needle, $haystack));
}
);
/*
* Check if all keys of the array $needle are present in the values of $haystack.
*
* This function is useful for whitelisting an array of key-value parameters.
* @param array[mixed] $needle the array whose keys we should look for in $haystack
* @param array[mixed] $haystack the array of values to search.
* @return bool true if every key in $needle is present in the values of $haystack, false otherwise.
*/
$authorizer->addCallback(
'subset_keys',
function ($needle, $haystack) {
if (!is_countable($needle)) {
$needle = [ $needle ];
}
return count($needle) == count(array_intersect(array_keys($needle), $haystack));
}
);
return $authorizer;
});
}
}

21
src/UFTweaks.php Normal file
View File

@@ -0,0 +1,21 @@
<?php
/*
* AVSDev UF Tweaks (https://avsdev.uk)
*
* @link https://git.avsdev.uk/avsdev/sprinkle-uf-tweaks
* @license https://git.avsdev.uk/avsdev/sprinkle-uf-tweaks/blob/master/LICENSE.md (LGPL-3.0 License)
*/
namespace UserFrosting\Sprinkle\UFTweaks;
use UserFrosting\System\Sprinkle\Sprinkle;
/**
* Bootstrapper class for the 'UFTweaks' sprinkle.
*
* @author Craig Williams (https://avsdev.uk)
*/
class UFTweaks extends Sprinkle
{
}