forked from ProcessMaker/processmaker
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathHasAuthorization.php
More file actions
105 lines (90 loc) · 3.11 KB
/
HasAuthorization.php
File metadata and controls
105 lines (90 loc) · 3.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
<?php
namespace ProcessMaker\Traits;
use Illuminate\Support\Facades\Auth;
use ProcessMaker\Models\Group;
use ProcessMaker\Models\Permission;
use ProcessMaker\Models\Process;
use ProcessMaker\Models\ProcessPermission;
use ProcessMaker\Models\User;
trait HasAuthorization
{
public function loadPermissions()
{
return array_merge(
$this->loadUserPermissions(),
$this->loadGroupPermissions()
);
}
public function loadUserPermissions()
{
$permissions = $this->permissions->pluck('name')->toArray();
return $this->addCategoryViewPermissions($permissions);
}
public function loadGroupPermissions()
{
$permissions = [];
foreach ($this->groupMembersFromMemberable as $gm) {
$group = $gm->group;
$permissions = $this->loadPermissionOfGroups($group, $permissions);
$names = $group->permissions->pluck('name')->toArray();
$permissions = array_merge($permissions, $names);
}
return $this->addCategoryViewPermissions($permissions);
}
public function loadPermissionOfGroups(Group $group, array $permissions = [])
{
foreach ($group->groupMembersFromMemberable as $member) {
$group = $member->group;
$permissions = $this->loadPermissionOfGroups($group, $permissions);
$permissions = array_merge($permissions, $group->permissions->pluck('name')->toArray());
}
return $permissions;
}
public function hasPermission($permissionString)
{
if (\Auth::user() == $this) {
if (session('permissions')) {
$permissionStrings = session('permissions');
} else {
$permissionStrings = $this->loadPermissions();
session(['permissions' => $permissionStrings]);
}
} else {
$permissionStrings = $this->loadPermissions();
}
return in_array($permissionString, $permissionStrings);
}
/**
* If a user can create or edit a resource,
* they should be able to view its categories.
*
* @param array $permissions
* @return array $permissions
*/
private function addCategoryViewPermissions($permissions)
{
$addFor = [
'processes' => 'view-process-categories',
'scripts' => 'view-script-categories',
'screens' => 'view-screen-categories',
];
foreach ($addFor as $resource => $categoryPermission) {
if (
in_array('create-' . $resource, $permissions) ||
in_array('edit-' . $resource, $permissions)
) {
if (!in_array($categoryPermission, $permissions)) {
$permissions[] = $categoryPermission;
}
}
}
return $permissions;
}
public function giveDirectPermission($permissionNames)
{
foreach ((array) $permissionNames as $permissionName) {
$permissionId = Permission::byName($permissionName)->id;
$this->permissions()->attach($permissionId);
}
}
}