mirror of
https://github.com/BookStackApp/BookStack.git
synced 2025-05-10 02:50:39 +00:00
Added permission system
This commit is contained in:
Dan Brown
parent
0513239c25
commit
ae95d0a239
24 changed files with 519 additions and 87 deletions
app
Http
Controllers
BookController.phpChapterController.phpController.phpHomeController.phpImageController.phpPageController.phpUserController.php
Kernel.phpMiddleware
routes.phpProviders
Role.phpUser.phpdatabase
migrations
seeds
resources
assets/sass
lang/en
views
|
|
@ -26,6 +26,7 @@ class BookController extends Controller
|
|||
{
|
||||
$this->bookRepo = $bookRepo;
|
||||
$this->pageRepo = $pageRepo;
|
||||
parent::__construct();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -46,6 +47,7 @@ class BookController extends Controller
|
|||
*/
|
||||
public function create()
|
||||
{
|
||||
$this->checkPermission('book-create');
|
||||
return view('books/create');
|
||||
}
|
||||
|
||||
|
|
@ -57,6 +59,7 @@ class BookController extends Controller
|
|||
*/
|
||||
public function store(Request $request)
|
||||
{
|
||||
$this->checkPermission('book-create');
|
||||
$this->validate($request, [
|
||||
'name' => 'required|string|max:255',
|
||||
'description' => 'string|max:1000'
|
||||
|
|
@ -90,6 +93,7 @@ class BookController extends Controller
|
|||
*/
|
||||
public function edit($slug)
|
||||
{
|
||||
$this->checkPermission('book-update');
|
||||
$book = $this->bookRepo->getBySlug($slug);
|
||||
return view('books/edit', ['book' => $book, 'current' => $book]);
|
||||
}
|
||||
|
|
@ -103,6 +107,7 @@ class BookController extends Controller
|
|||
*/
|
||||
public function update(Request $request, $slug)
|
||||
{
|
||||
$this->checkPermission('book-update');
|
||||
$book = $this->bookRepo->getBySlug($slug);
|
||||
$this->validate($request, [
|
||||
'name' => 'required|string|max:255',
|
||||
|
|
@ -123,6 +128,7 @@ class BookController extends Controller
|
|||
*/
|
||||
public function showDelete($bookSlug)
|
||||
{
|
||||
$this->checkPermission('book-delete');
|
||||
$book = $this->bookRepo->getBySlug($bookSlug);
|
||||
return view('books/delete', ['book' => $book, 'current' => $book]);
|
||||
}
|
||||
|
|
@ -135,6 +141,7 @@ class BookController extends Controller
|
|||
*/
|
||||
public function destroy($bookSlug)
|
||||
{
|
||||
$this->checkPermission('book-delete');
|
||||
$book = $this->bookRepo->getBySlug($bookSlug);
|
||||
Activity::addMessage('book_delete', 0, $book->name);
|
||||
$this->bookRepo->destroyBySlug($bookSlug);
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@ class ChapterController extends Controller
|
|||
{
|
||||
$this->bookRepo = $bookRepo;
|
||||
$this->chapterRepo = $chapterRepo;
|
||||
parent::__construct();
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -37,6 +38,7 @@ class ChapterController extends Controller
|
|||
*/
|
||||
public function create($bookSlug)
|
||||
{
|
||||
$this->checkPermission('chapter-create');
|
||||
$book = $this->bookRepo->getBySlug($bookSlug);
|
||||
return view('chapters/create', ['book' => $book, 'current' => $book]);
|
||||
}
|
||||
|
|
@ -50,6 +52,7 @@ class ChapterController extends Controller
|
|||
*/
|
||||
public function store($bookSlug, Request $request)
|
||||
{
|
||||
$this->checkPermission('chapter-create');
|
||||
$this->validate($request, [
|
||||
'name' => 'required|string|max:255'
|
||||
]);
|
||||
|
|
@ -88,6 +91,7 @@ class ChapterController extends Controller
|
|||
*/
|
||||
public function edit($bookSlug, $chapterSlug)
|
||||
{
|
||||
$this->checkPermission('chapter-update');
|
||||
$book = $this->bookRepo->getBySlug($bookSlug);
|
||||
$chapter = $this->chapterRepo->getBySlug($chapterSlug, $book->id);
|
||||
return view('chapters/edit', ['book' => $book, 'chapter' => $chapter, 'current' => $chapter]);
|
||||
|
|
@ -103,6 +107,7 @@ class ChapterController extends Controller
|
|||
*/
|
||||
public function update(Request $request, $bookSlug, $chapterSlug)
|
||||
{
|
||||
$this->checkPermission('chapter-update');
|
||||
$book = $this->bookRepo->getBySlug($bookSlug);
|
||||
$chapter = $this->chapterRepo->getBySlug($chapterSlug, $book->id);
|
||||
$chapter->fill($request->all());
|
||||
|
|
@ -121,6 +126,7 @@ class ChapterController extends Controller
|
|||
*/
|
||||
public function showDelete($bookSlug, $chapterSlug)
|
||||
{
|
||||
$this->checkPermission('chapter-delete');
|
||||
$book = $this->bookRepo->getBySlug($bookSlug);
|
||||
$chapter = $this->chapterRepo->getBySlug($chapterSlug, $book->id);
|
||||
return view('chapters/delete', ['book' => $book, 'chapter' => $chapter, 'current' => $chapter]);
|
||||
|
|
@ -135,6 +141,7 @@ class ChapterController extends Controller
|
|||
*/
|
||||
public function destroy($bookSlug, $chapterSlug)
|
||||
{
|
||||
$this->checkPermission('chapter-delete');
|
||||
$book = $this->bookRepo->getBySlug($bookSlug);
|
||||
$chapter = $this->chapterRepo->getBySlug($chapterSlug, $book->id);
|
||||
if (count($chapter->pages) > 0) {
|
||||
|
|
|
|||
|
|
@ -2,27 +2,69 @@
|
|||
|
||||
namespace Oxbow\Http\Controllers;
|
||||
|
||||
use HttpRequestException;
|
||||
use Illuminate\Foundation\Bus\DispatchesJobs;
|
||||
use Illuminate\Http\Exception\HttpResponseException;
|
||||
use Illuminate\Routing\Controller as BaseController;
|
||||
use Illuminate\Foundation\Validation\ValidatesRequests;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
use Illuminate\Support\Facades\Session;
|
||||
use Oxbow\User;
|
||||
|
||||
abstract class Controller extends BaseController
|
||||
{
|
||||
use DispatchesJobs, ValidatesRequests;
|
||||
|
||||
/**
|
||||
* @var User static
|
||||
*/
|
||||
protected $currentUser;
|
||||
/**
|
||||
* @var bool
|
||||
*/
|
||||
protected $signedIn;
|
||||
|
||||
/**
|
||||
* Controller constructor.
|
||||
*/
|
||||
public function __construct()
|
||||
{
|
||||
view()->share('signedIn', Auth::check());
|
||||
// Get a user instance for the current user
|
||||
$user = Auth::user();
|
||||
if (!$user) {
|
||||
$user = User::getDefault();
|
||||
}
|
||||
view()->share('user', $user);
|
||||
// Share variables with views
|
||||
view()->share('signedIn', Auth::check());
|
||||
view()->share('currentUser', $user);
|
||||
// Share variables with controllers
|
||||
$this->currentUser = $user;
|
||||
$this->signedIn = Auth::check();
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks for a permission.
|
||||
*
|
||||
* @param $permissionName
|
||||
* @return bool|\Illuminate\Http\RedirectResponse
|
||||
*/
|
||||
protected function checkPermission($permissionName)
|
||||
{
|
||||
if (!$this->currentUser || !$this->currentUser->can($permissionName)) {
|
||||
Session::flash('error', trans('errors.permission'));
|
||||
throw new HttpResponseException(
|
||||
redirect()->back()
|
||||
);
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
protected function checkPermissionOr($permissionName, $callback)
|
||||
{
|
||||
$callbackResult = $callback();
|
||||
if ($callbackResult === false) $this->checkPermission($permissionName);
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ class HomeController extends Controller
|
|||
{
|
||||
$this->activityService = $activityService;
|
||||
$this->bookRepo = $bookRepo;
|
||||
parent::__construct();
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -24,6 +24,7 @@ class ImageController extends Controller
|
|||
{
|
||||
$this->image = $image;
|
||||
$this->file = $file;
|
||||
parent::__construct();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -124,6 +125,7 @@ class ImageController extends Controller
|
|||
*/
|
||||
public function upload(Request $request)
|
||||
{
|
||||
$this->checkPermission('image-create');
|
||||
$imageUpload = $request->file('file');
|
||||
$name = str_replace(' ', '-', $imageUpload->getClientOriginalName());
|
||||
$storageName = substr(sha1(time()), 0, 10) . '-' . $name;
|
||||
|
|
@ -153,6 +155,7 @@ class ImageController extends Controller
|
|||
*/
|
||||
public function update($imageId, Request $request)
|
||||
{
|
||||
$this->checkPermission('image-update');
|
||||
$this->validate($request, [
|
||||
'name' => 'required|min:2|string'
|
||||
]);
|
||||
|
|
@ -169,6 +172,7 @@ class ImageController extends Controller
|
|||
*/
|
||||
public function destroy($id)
|
||||
{
|
||||
$this->checkPermission('image-delete');
|
||||
$image = $this->image->findOrFail($id);
|
||||
|
||||
// Delete files
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@ class PageController extends Controller
|
|||
$this->pageRepo = $pageRepo;
|
||||
$this->bookRepo = $bookRepo;
|
||||
$this->chapterRepo = $chapterRepo;
|
||||
parent::__construct();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -41,6 +42,7 @@ class PageController extends Controller
|
|||
*/
|
||||
public function create($bookSlug, $chapterSlug = false)
|
||||
{
|
||||
$this->checkPermission('page-create');
|
||||
$book = $this->bookRepo->getBySlug($bookSlug);
|
||||
$chapter = $chapterSlug ? $this->chapterRepo->getBySlug($chapterSlug, $book->id) : false;
|
||||
return view('pages/create', ['book' => $book, 'chapter' => $chapter]);
|
||||
|
|
@ -55,6 +57,7 @@ class PageController extends Controller
|
|||
*/
|
||||
public function store(Request $request, $bookSlug)
|
||||
{
|
||||
$this->checkPermission('page-create');
|
||||
$this->validate($request, [
|
||||
'name' => 'required|string|max:255',
|
||||
'html' => 'required|string',
|
||||
|
|
@ -103,6 +106,7 @@ class PageController extends Controller
|
|||
*/
|
||||
public function edit($bookSlug, $pageSlug)
|
||||
{
|
||||
$this->checkPermission('page-update');
|
||||
$book = $this->bookRepo->getBySlug($bookSlug);
|
||||
$page = $this->pageRepo->getBySlug($pageSlug, $book->id);
|
||||
return view('pages/edit', ['page' => $page, 'book' => $book, 'current' => $page]);
|
||||
|
|
@ -118,6 +122,7 @@ class PageController extends Controller
|
|||
*/
|
||||
public function update(Request $request, $bookSlug, $pageSlug)
|
||||
{
|
||||
$this->checkPermission('page-update');
|
||||
$book = $this->bookRepo->getBySlug($bookSlug);
|
||||
$page = $this->pageRepo->getBySlug($pageSlug, $book->id);
|
||||
$this->pageRepo->updatePage($page, $book->id, $request->all());
|
||||
|
|
@ -158,6 +163,7 @@ class PageController extends Controller
|
|||
*/
|
||||
public function sortPages($bookSlug)
|
||||
{
|
||||
$this->checkPermission('book-update');
|
||||
$book = $this->bookRepo->getBySlug($bookSlug);
|
||||
return view('pages/sort', ['book' => $book, 'current' => $book]);
|
||||
}
|
||||
|
|
@ -171,6 +177,7 @@ class PageController extends Controller
|
|||
*/
|
||||
public function savePageSort($bookSlug, Request $request)
|
||||
{
|
||||
$this->checkPermission('book-update');
|
||||
$book = $this->bookRepo->getBySlug($bookSlug);
|
||||
// Return if no map sent
|
||||
if (!$request->has('sort-tree')) {
|
||||
|
|
@ -201,6 +208,7 @@ class PageController extends Controller
|
|||
*/
|
||||
public function showDelete($bookSlug, $pageSlug)
|
||||
{
|
||||
$this->checkPermission('page-delete');
|
||||
$book = $this->bookRepo->getBySlug($bookSlug);
|
||||
$page = $this->pageRepo->getBySlug($pageSlug, $book->id);
|
||||
return view('pages/delete', ['book' => $book, 'page' => $page, 'current' => $page]);
|
||||
|
|
@ -216,6 +224,7 @@ class PageController extends Controller
|
|||
*/
|
||||
public function destroy($bookSlug, $pageSlug)
|
||||
{
|
||||
$this->checkPermission('page-delete');
|
||||
$book = $this->bookRepo->getBySlug($bookSlug);
|
||||
$page = $this->pageRepo->getBySlug($pageSlug, $book->id);
|
||||
Activity::addMessage('page_delete', $book->id, $page->name);
|
||||
|
|
@ -255,6 +264,7 @@ class PageController extends Controller
|
|||
|
||||
public function restoreRevision($bookSlug, $pageSlug, $revisionId)
|
||||
{
|
||||
$this->checkPermission('page-update');
|
||||
$book = $this->bookRepo->getBySlug($bookSlug);
|
||||
$page = $this->pageRepo->getBySlug($pageSlug, $book->id);
|
||||
$revision = $this->pageRepo->getRevisionById($revisionId);
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@ use Illuminate\Http\Request;
|
|||
|
||||
use Illuminate\Support\Facades\Hash;
|
||||
use Oxbow\Http\Requests;
|
||||
use Oxbow\Http\Controllers\Controller;
|
||||
use Oxbow\User;
|
||||
|
||||
class UserController extends Controller
|
||||
|
|
@ -21,9 +20,9 @@ class UserController extends Controller
|
|||
public function __construct(User $user)
|
||||
{
|
||||
$this->user = $user;
|
||||
parent::__construct();
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Display a listing of the users.
|
||||
*
|
||||
|
|
@ -42,6 +41,7 @@ class UserController extends Controller
|
|||
*/
|
||||
public function create()
|
||||
{
|
||||
$this->checkPermission('user-create');
|
||||
return view('users/create');
|
||||
}
|
||||
|
||||
|
|
@ -53,16 +53,20 @@ class UserController extends Controller
|
|||
*/
|
||||
public function store(Request $request)
|
||||
{
|
||||
$this->checkPermission('user-create');
|
||||
$this->validate($request, [
|
||||
'name' => 'required',
|
||||
'email' => 'required|email',
|
||||
'password' => 'required|min:5',
|
||||
'password-confirm' => 'required|same:password'
|
||||
'password-confirm' => 'required|same:password',
|
||||
'role' => 'required|exists:roles,id'
|
||||
]);
|
||||
|
||||
$user = $this->user->fill($request->all());
|
||||
$user->password = Hash::make($request->get('password'));
|
||||
$user->save();
|
||||
|
||||
$user->attachRoleId($request->get('role'));
|
||||
return redirect('/users');
|
||||
}
|
||||
|
||||
|
|
@ -75,6 +79,9 @@ class UserController extends Controller
|
|||
*/
|
||||
public function edit($id)
|
||||
{
|
||||
$this->checkPermissionOr('user-update', function () use ($id) {
|
||||
return $this->currentUser->id == $id;
|
||||
});
|
||||
$user = $this->user->findOrFail($id);
|
||||
return view('users/edit', ['user' => $user]);
|
||||
}
|
||||
|
|
@ -88,16 +95,24 @@ class UserController extends Controller
|
|||
*/
|
||||
public function update(Request $request, $id)
|
||||
{
|
||||
$this->checkPermissionOr('user-update', function () use ($id) {
|
||||
return $this->currentUser->id == $id;
|
||||
});
|
||||
$this->validate($request, [
|
||||
'name' => 'required',
|
||||
'email' => 'required|email',
|
||||
'password' => 'min:5',
|
||||
'password-confirm' => 'same:password'
|
||||
'password-confirm' => 'same:password',
|
||||
'role' => 'exists:roles,id'
|
||||
]);
|
||||
|
||||
$user = $this->user->findOrFail($id);
|
||||
$user->fill($request->all());
|
||||
|
||||
if ($this->currentUser->can('user-update') && $request->has('role')) {
|
||||
$user->attachRoleId($request->get('role'));
|
||||
}
|
||||
|
||||
if ($request->has('password') && $request->get('password') != '') {
|
||||
$password = $request->get('password');
|
||||
$user->password = Hash::make($password);
|
||||
|
|
@ -113,6 +128,9 @@ class UserController extends Controller
|
|||
*/
|
||||
public function delete($id)
|
||||
{
|
||||
$this->checkPermissionOr('user-delete', function () use ($id) {
|
||||
return $this->currentUser->id == $id;
|
||||
});
|
||||
$user = $this->user->findOrFail($id);
|
||||
return view('users/delete', ['user' => $user]);
|
||||
}
|
||||
|
|
@ -125,6 +143,9 @@ class UserController extends Controller
|
|||
*/
|
||||
public function destroy($id)
|
||||
{
|
||||
$this->checkPermissionOr('user-delete', function () use ($id) {
|
||||
return $this->currentUser->id == $id;
|
||||
});
|
||||
$user = $this->user->findOrFail($id);
|
||||
$user->delete();
|
||||
return redirect('/users');
|
||||
|
|
|
|||
|
|
@ -29,5 +29,6 @@ class Kernel extends HttpKernel
|
|||
'auth' => \Oxbow\Http\Middleware\Authenticate::class,
|
||||
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
|
||||
'guest' => \Oxbow\Http\Middleware\RedirectIfAuthenticated::class,
|
||||
'perm' => \Oxbow\Http\Middleware\PermissionMiddleware::class
|
||||
];
|
||||
}
|
||||
|
|
|
|||
28
app/Http/Middleware/PermissionMiddleware.php
Normal file
28
app/Http/Middleware/PermissionMiddleware.php
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
<?php
|
||||
|
||||
namespace Oxbow\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Support\Facades\Session;
|
||||
|
||||
class PermissionMiddleware
|
||||
{
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Closure $next
|
||||
* @param $permission
|
||||
* @return mixed
|
||||
*/
|
||||
public function handle($request, Closure $next, $permission)
|
||||
{
|
||||
|
||||
if (!$request->user() || !$request->user()->can($permission)) {
|
||||
Session::flash('error', trans('errors.permission'));
|
||||
return redirect()->back();
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
|
|
@ -11,7 +11,9 @@
|
|||
|
|
||||
*/
|
||||
|
||||
|
||||
Route::get('/test', function () {
|
||||
return Auth::user()->can('users-edit');
|
||||
});
|
||||
|
||||
// Authentication routes...
|
||||
Route::group(['middleware' => 'auth'], function () {
|
||||
|
|
|
|||
16
app/Permission.php
Normal file
16
app/Permission.php
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
<?php
|
||||
|
||||
namespace Oxbow;
|
||||
|
||||
use Illuminate\Database\Eloquent\Model;
|
||||
|
||||
class Permission extends Model
|
||||
{
|
||||
/**
|
||||
* The roles that belong to the permission.
|
||||
*/
|
||||
public function roles()
|
||||
{
|
||||
return $this->belongsToMany('Oxbow\Permissions');
|
||||
}
|
||||
}
|
||||
|
|
@ -2,7 +2,9 @@
|
|||
|
||||
namespace Oxbow\Providers;
|
||||
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
use Illuminate\Support\ServiceProvider;
|
||||
use Oxbow\User;
|
||||
|
||||
class AppServiceProvider extends ServiceProvider
|
||||
{
|
||||
|
|
|
|||
34
app/Role.php
Normal file
34
app/Role.php
Normal file
|
|
@ -0,0 +1,34 @@
|
|||
<?php
|
||||
|
||||
namespace Oxbow;
|
||||
|
||||
use Illuminate\Database\Eloquent\Model;
|
||||
|
||||
class Role extends Model
|
||||
{
|
||||
/**
|
||||
* The roles that belong to the role.
|
||||
*/
|
||||
public function users()
|
||||
{
|
||||
return $this->belongsToMany('Oxbow\User');
|
||||
}
|
||||
|
||||
/**
|
||||
* The permissions that belong to the role.
|
||||
*/
|
||||
public function permissions()
|
||||
{
|
||||
return $this->belongsToMany('Oxbow\Permission');
|
||||
}
|
||||
|
||||
/**
|
||||
* Add a permission to this role.
|
||||
* @param Permission $permission
|
||||
*/
|
||||
public function attachPermission(Permission $permission)
|
||||
{
|
||||
$this->permissions()->attach($permission->id);
|
||||
}
|
||||
|
||||
}
|
||||
50
app/User.php
50
app/User.php
|
|
@ -44,9 +44,59 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
|
|||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Permissions and roles
|
||||
*/
|
||||
|
||||
/**
|
||||
* The roles that belong to the user.
|
||||
*/
|
||||
public function roles()
|
||||
{
|
||||
return $this->belongsToMany('Oxbow\Role');
|
||||
}
|
||||
|
||||
public function getRoleAttribute()
|
||||
{
|
||||
return $this->roles()->first();
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the user has a particular permission.
|
||||
* @param $permissionName
|
||||
* @return bool
|
||||
*/
|
||||
public function can($permissionName)
|
||||
{
|
||||
$permissions = $this->role->permissions()->get();
|
||||
$permissionSearch = $permissions->search(function ($item, $key) use ($permissionName) {
|
||||
return $item->name == $permissionName;
|
||||
});
|
||||
return $permissionSearch !== false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Attach a role to this user.
|
||||
* @param Role $role
|
||||
*/
|
||||
public function attachRole(Role $role)
|
||||
{
|
||||
$this->attachRoleId($role->id);
|
||||
}
|
||||
|
||||
/**
|
||||
* Attach a role id to this user.
|
||||
* @param $id
|
||||
*/
|
||||
public function attachRoleId($id)
|
||||
{
|
||||
$this->roles()->sync([$id]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the user's avatar,
|
||||
* Uses Gravatar as the avatar service.
|
||||
*
|
||||
* @param int $size
|
||||
* @return string
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -20,6 +20,12 @@ class CreateUsersTable extends Migration
|
|||
$table->rememberToken();
|
||||
$table->timestamps();
|
||||
});
|
||||
|
||||
\Oxbow\User::create([
|
||||
'name' => 'Admin',
|
||||
'email' => 'admin@admin.com',
|
||||
'password' => \Illuminate\Support\Facades\Hash::make('password')
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -0,0 +1,137 @@
|
|||
<?php
|
||||
|
||||
use Illuminate\Database\Schema\Blueprint;
|
||||
use Illuminate\Database\Migrations\Migration;
|
||||
|
||||
/**
|
||||
* Much of this code has been taken from entrust,
|
||||
* a role & permission management solution for Laravel.
|
||||
*
|
||||
* Full attribution of the database Schema shown below goes to the entrust project.
|
||||
*
|
||||
* @license MIT
|
||||
* @package Zizaco\Entrust
|
||||
* @url https://github.com/Zizaco/entrust
|
||||
*/
|
||||
class AddRolesAndPermissions extends Migration
|
||||
{
|
||||
/**
|
||||
* Run the migrations.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function up()
|
||||
{
|
||||
// Create table for storing roles
|
||||
Schema::create('roles', function (Blueprint $table) {
|
||||
$table->increments('id');
|
||||
$table->string('name')->unique();
|
||||
$table->string('display_name')->nullable();
|
||||
$table->string('description')->nullable();
|
||||
$table->timestamps();
|
||||
});
|
||||
|
||||
// Create table for associating roles to users (Many-to-Many)
|
||||
Schema::create('role_user', function (Blueprint $table) {
|
||||
$table->integer('user_id')->unsigned();
|
||||
$table->integer('role_id')->unsigned();
|
||||
|
||||
$table->foreign('user_id')->references('id')->on('users')
|
||||
->onUpdate('cascade')->onDelete('cascade');
|
||||
$table->foreign('role_id')->references('id')->on('roles')
|
||||
->onUpdate('cascade')->onDelete('cascade');
|
||||
|
||||
$table->primary(['user_id', 'role_id']);
|
||||
});
|
||||
|
||||
// Create table for storing permissions
|
||||
Schema::create('permissions', function (Blueprint $table) {
|
||||
$table->increments('id');
|
||||
$table->string('name')->unique();
|
||||
$table->string('display_name')->nullable();
|
||||
$table->string('description')->nullable();
|
||||
$table->timestamps();
|
||||
});
|
||||
|
||||
// Create table for associating permissions to roles (Many-to-Many)
|
||||
Schema::create('permission_role', function (Blueprint $table) {
|
||||
$table->integer('permission_id')->unsigned();
|
||||
$table->integer('role_id')->unsigned();
|
||||
|
||||
$table->foreign('permission_id')->references('id')->on('permissions')
|
||||
->onUpdate('cascade')->onDelete('cascade');
|
||||
$table->foreign('role_id')->references('id')->on('roles')
|
||||
->onUpdate('cascade')->onDelete('cascade');
|
||||
|
||||
$table->primary(['permission_id', 'role_id']);
|
||||
});
|
||||
|
||||
|
||||
// Create default roles
|
||||
$admin = new \Oxbow\Role();
|
||||
$admin->name = 'admin';
|
||||
$admin->display_name = 'Admin';
|
||||
$admin->description = 'Administrator of the whole application';
|
||||
$admin->save();
|
||||
|
||||
$editor = new \Oxbow\Role();
|
||||
$editor->name = 'editor';
|
||||
$editor->display_name = 'Editor';
|
||||
$editor->description = 'User can edit Books, Chapters & Pages';
|
||||
$editor->save();
|
||||
|
||||
$viewer = new \Oxbow\Role();
|
||||
$viewer->name = 'viewer';
|
||||
$viewer->display_name = 'Viewer';
|
||||
$viewer->description = 'User can view books & their content behind authentication';
|
||||
$viewer->save();
|
||||
|
||||
// Create default CRUD permissions and allocate to admins and editors
|
||||
$entities = ['Book', 'Page', 'Chapter', 'Image'];
|
||||
$ops = ['Create', 'Update', 'Delete'];
|
||||
foreach ($entities as $entity) {
|
||||
foreach ($ops as $op) {
|
||||
$newPermission = new \Oxbow\Permission();
|
||||
$newPermission->name = strtolower($entity) . '-' . strtolower($op);
|
||||
$newPermission->display_name = $op . ' ' . $entity . 's';
|
||||
$newPermission->save();
|
||||
$admin->attachPermission($newPermission);
|
||||
$editor->attachPermission($newPermission);
|
||||
}
|
||||
}
|
||||
|
||||
// Create admin permissions
|
||||
$entities = ['Settings', 'User'];
|
||||
$ops = ['Create', 'Update', 'Delete'];
|
||||
foreach ($entities as $entity) {
|
||||
foreach ($ops as $op) {
|
||||
$newPermission = new \Oxbow\Permission();
|
||||
$newPermission->name = strtolower($entity) . '-' . strtolower($op);
|
||||
$newPermission->display_name = $op . ' ' . $entity;
|
||||
$newPermission->save();
|
||||
$admin->attachPermission($newPermission);
|
||||
}
|
||||
}
|
||||
|
||||
// Set all current users as admins
|
||||
// (At this point only the initially create user should be an admin)
|
||||
$users = \Oxbow\User::all();
|
||||
foreach ($users as $user) {
|
||||
$user->attachRole($admin);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Reverse the migrations.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function down()
|
||||
{
|
||||
Schema::drop('permission_role');
|
||||
Schema::drop('permissions');
|
||||
Schema::drop('role_user');
|
||||
Schema::drop('roles');
|
||||
}
|
||||
}
|
||||
|
|
@ -15,11 +15,6 @@ class DatabaseSeeder extends Seeder
|
|||
Model::unguard();
|
||||
|
||||
// $this->call(UserTableSeeder::class);
|
||||
\Oxbow\User::create([
|
||||
'name' => 'Admin',
|
||||
'email' => 'admin@admin.com',
|
||||
'password' => \Illuminate\Support\Facades\Hash::make('password')
|
||||
]);
|
||||
|
||||
Model::reguard();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -60,6 +60,11 @@
|
|||
&.large {
|
||||
padding: $-xl;
|
||||
}
|
||||
>h1, >h2, >h3, >h4 {
|
||||
&:first-child {
|
||||
margin-top: 0.1em;
|
||||
}
|
||||
}
|
||||
}
|
||||
.padded-vertical, .padded-top {
|
||||
padding-top: $-m;
|
||||
|
|
@ -67,6 +72,7 @@
|
|||
padding-top: $-xl;
|
||||
}
|
||||
}
|
||||
|
||||
.padded-vertical, .padded-bottom {
|
||||
padding-bottom: $-m;
|
||||
&.large {
|
||||
|
|
|
|||
|
|
@ -197,7 +197,7 @@ p.secondary, p .secondary, span.secondary, .text-secondary {
|
|||
*/
|
||||
ul {
|
||||
list-style: disc;
|
||||
margin-left: $-m;
|
||||
margin-left: $-m*1.5;
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
|||
11
resources/lang/en/errors.php
Normal file
11
resources/lang/en/errors.php
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
<?php
|
||||
|
||||
return [
|
||||
|
||||
/**
|
||||
* Error text strings.
|
||||
*/
|
||||
|
||||
// Pages
|
||||
'permission' => 'You do not have permission to access the requested page.',
|
||||
];
|
||||
15
resources/views/form/model-select.blade.php
Normal file
15
resources/views/form/model-select.blade.php
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
|
||||
<select id="{{ $name }}" name="{{ $name }}">
|
||||
@foreach($options as $option)
|
||||
<option value="{{$option->id}}"
|
||||
@if($errors->has($name)) class="neg" @endif
|
||||
@if(isset($model) || old($name)) @if(old($name) && old($name) === $option->id) selected @elseif(isset($model) && $model->id === $option->id) selected @endif @endif
|
||||
>
|
||||
{{ $option->$displayKey }}
|
||||
</option>
|
||||
@endforeach
|
||||
</select>
|
||||
|
||||
@if($errors->has($name))
|
||||
<div class="text-neg text-small">{{ $errors->first($name) }}</div>
|
||||
@endif
|
||||
|
|
@ -14,6 +14,7 @@
|
|||
|
||||
<div class="row">
|
||||
<div class="page-content">
|
||||
|
||||
<div class="row">
|
||||
<div class="col-md-6">
|
||||
<h1>Edit User</h1>
|
||||
|
|
@ -33,6 +34,24 @@
|
|||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<hr class="margin-top large">
|
||||
|
||||
<div class="row">
|
||||
<div class="col-md-12">
|
||||
<h3>Permissions</h3>
|
||||
<p>User Role: <strong>{{$user->role->display_name}}</strong>.</p>
|
||||
<ul class="text-muted">
|
||||
@foreach($user->role->permissions as $permission)
|
||||
<li>
|
||||
{{ $permission->display_name }}
|
||||
</li>
|
||||
@endforeach
|
||||
</ul>
|
||||
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
|
||||
<div class="form-group">
|
||||
<label for="name">Name</label>
|
||||
@include('form/text', ['name' => 'name'])
|
||||
|
|
@ -17,6 +16,13 @@
|
|||
</div>
|
||||
@endif
|
||||
|
||||
@if($currentUser->can('user-update'))
|
||||
<div class="form-group">
|
||||
<label for="role">User Role</label>
|
||||
@include('form/model-select', ['name' => 'role', 'options' => \Oxbow\Role::all(), 'displayKey' => 'display_name'])
|
||||
</div>
|
||||
@endif
|
||||
|
||||
<div class="form-group">
|
||||
<label for="password">Password</label>
|
||||
@include('form/password', ['name' => 'password'])
|
||||
|
|
|
|||
|
|
@ -8,7 +8,9 @@
|
|||
<div class="col-md-6"></div>
|
||||
<div class="col-md-6 faded">
|
||||
<div class="action-buttons">
|
||||
@if($currentUser->can('user-create'))
|
||||
<a href="/users/create" class="text-pos"><i class="zmdi zmdi-account-add"></i>New User</a>
|
||||
@endif
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
@ -21,12 +23,22 @@
|
|||
<th></th>
|
||||
<th>Name</th>
|
||||
<th>Email</th>
|
||||
<th>User Type</th>
|
||||
</tr>
|
||||
@foreach($users as $user)
|
||||
<tr>
|
||||
<td style="line-height: 0;"><img class="avatar" src="{{$user->getAvatar(40)}}" alt="{{$user->name}}"></td>
|
||||
<td><a href="/users/{{$user->id}}">{{$user->name}}</a></td>
|
||||
<td>
|
||||
@if($currentUser->can('user-update') || $currentUser->id == $user->id)
|
||||
<a href="/users/{{$user->id}}">
|
||||
@endif
|
||||
{{$user->name}}
|
||||
@if($currentUser->can('user-update') || $currentUser->id == $user->id)
|
||||
</a>
|
||||
@endif
|
||||
</td>
|
||||
<td>{{$user->email}}</td>
|
||||
<td>{{ $user->role->display_name }}</td>
|
||||
</tr>
|
||||
@endforeach
|
||||
</table>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue