forked from ProcessMaker/processmaker
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathHasAuthorization.php
More file actions
90 lines (79 loc) · 2.64 KB
/
HasAuthorization.php
File metadata and controls
90 lines (79 loc) · 2.64 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
<?php
namespace ProcessMaker\Traits;
use Illuminate\Support\Facades\Auth;
use ProcessMaker\Models\Group;
use ProcessMaker\Models\Permission;
use ProcessMaker\Models\Process;
use ProcessMaker\Models\ProcessPermission;
use ProcessMaker\Models\User;
trait HasAuthorization
{
public function loadPermissions()
{
return array_merge(
$this->loadUserPermissions(),
$this->loadGroupPermissions()
);
}
public function loadUserPermissions()
{
$permissions = $this->permissions->pluck('name')->toArray();
return $this->addCategoryViewPermissions($permissions);
}
public function loadGroupPermissions()
{
$permissions = [];
foreach ($this->groupMembersFromMemberable as $gm) {
$group = $gm->group;
$names = $group->permissions->pluck('name')->toArray();
$permissions = array_merge($permissions, $names);
}
return $this->addCategoryViewPermissions($permissions);
}
public function hasPermission($permissionString)
{
if (\Auth::user() == $this) {
if (session('permissions')) {
$permissionStrings = session('permissions');
} else {
$permissionStrings = $this->loadPermissions();
session(['permissions' => $permissionStrings]);
}
} else {
$permissionStrings = $this->loadPermissions();
}
return in_array($permissionString, $permissionStrings);
}
/**
* If a user can create or edit a resource,
* they should be able to view its categories.
*
* @param Array $permissions
* @return Array $permissions
*/
private function addCategoryViewPermissions($permissions) {
$addFor = [
'processes' => 'view-process-categories',
'scripts' => 'view-script-categories',
'screens' => 'view-screen-categories'
];
foreach($addFor as $resource => $categoryPermission) {
if (
in_array('create-' . $resource, $permissions) ||
in_array('edit-' . $resource, $permissions)
) {
if (!in_array($categoryPermission, $permissions)) {
$permissions[] = $categoryPermission;
}
}
}
return $permissions;
}
public function giveDirectPermission($permissionNames)
{
foreach ((array) $permissionNames as $permissionName) {
$permissionId = Permission::byName($permissionName)->id;
$this->permissions()->attach($permissionId);
}
}
}