diff --git a/app/Helpers/DbHelper.php b/app/Helpers/DbHelper.php index bba7315..5673772 100644 --- a/app/Helpers/DbHelper.php +++ b/app/Helpers/DbHelper.php @@ -47,43 +47,13 @@ class DbHelper { /* Admin users always get everything, therefore no filters are necessary */ } - else if (is_null($user)) - { - /* Anonymous users need to check the album_anonymous_permissions table. If not in this table, you're not allowed! */ - - $albumsQuery = Album::join('album_anonymous_permissions', 'album_anonymous_permissions.album_id', '=', 'albums.id') - ->join('permissions', 'permissions.id', '=', 'album_anonymous_permissions.permission_id') - ->where([ - ['permissions.section', 'album'], - ['permissions.description', $permission] - ]); - } else { - /* - Other users need to check either the album_group_permissions or album_user_permissions table. If not in either of these tables, - you're not allowed! - */ - - $albumsQuery = Album::leftJoin('album_group_permissions', 'album_group_permissions.album_id', '=', 'albums.id') - ->leftJoin('album_user_permissions', 'album_user_permissions.album_id', '=', 'albums.id') - ->leftJoin('permissions AS group_permissions', 'group_permissions.id', '=', 'album_group_permissions.permission_id') - ->leftJoin('permissions AS user_permissions', 'user_permissions.id', '=', 'album_user_permissions.permission_id') - ->leftJoin('user_groups', 'user_groups.group_id', '=', 'album_group_permissions.group_id') - ->where(function($query) use ($user, $permission) - { - $query->where('albums.user_id', $user->id) - ->orWhere([ - ['group_permissions.section', 'album'], - ['group_permissions.description', $permission], - ['user_groups.user_id', $user->id] - ]) - ->orWhere([ - ['user_permissions.section', 'album'], - ['user_permissions.description', $permission], - ['album_user_permissions.user_id', $user->id] - ]); - }); + $helper = new PermissionsHelper(); + $albumIDs = $helper->getAlbumIDs($permission, $user); + //dd($albumIDs->toArray()); + $albumsQuery->whereIn('albums.id', $albumIDs); + // } $parentAlbumID = intval($parentAlbumID); diff --git a/app/Helpers/PermissionsHelper.php b/app/Helpers/PermissionsHelper.php index 8409cd0..8709631 100644 --- a/app/Helpers/PermissionsHelper.php +++ b/app/Helpers/PermissionsHelper.php @@ -3,12 +3,54 @@ namespace App\Helpers; use App\Album; +use App\Permission; use App\User; +use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\DB; class PermissionsHelper { + public function getAlbumIDs($permission = 'list', $user) + { + $result = []; + $query = DB::table('album_permissions_cache') + ->join('permissions', 'permissions.id', '=', 'album_permissions_cache.permission_id') + ->where([ + ['album_permissions_cache.user_id', (is_null($user) ? null : $user->id)], + ['permissions.section', 'album'], + ['permissions.description', $permission] + ]) + ->select('album_permissions_cache.album_id') + ->distinct() + ->get(); + + foreach ($query as $item) + { + $result[] = $item->album_id; + } + + return $result; + } + public function rebuildCache() + { + $this->rebuildAlbumCache(); + } + + public function userCan_Album(Album $album, User $user, $permission) + { + return DB::table('album_permissions_cache') + ->join('permissions', 'permissions.id', '=', 'album_permissions_cache.permission_id') + ->where([ + ['album_permissions_cache.album_id', $album->id], + ['album_permissions_cache.user_id', (is_null($user) || $user->isAnonymous() ? null : $user->id)], + ['permissions.section', 'album'], + ['permissions.description', $permission] + ]) + ->count() > 0; + } + + private function rebuildAlbumCache() { // Get a list of albums $albums = Album::all(); diff --git a/app/Policies/AlbumPolicy.php b/app/Policies/AlbumPolicy.php index 38f007c..2309121 100644 --- a/app/Policies/AlbumPolicy.php +++ b/app/Policies/AlbumPolicy.php @@ -4,6 +4,7 @@ namespace App\Policies; use App\Album; use App\Group; +use App\Helpers\PermissionsHelper; use App\Permission; use App\User; use Illuminate\Auth\Access\HandlesAuthorization; @@ -45,13 +46,7 @@ class AlbumPolicy return true; } - // Get the edit permission - $permission = Permission::where([ - 'section' => 'album', - 'description' => 'change-photo-metadata' - ])->first(); - - return $this->userHasPermission($user, $album, $permission); + return $this->userHasPermission($user, $album, 'change-photo-metadata'); } public function delete(User $user, Album $album) @@ -62,13 +57,7 @@ class AlbumPolicy return true; } - // Get the edit permission - $permission = Permission::where([ - 'section' => 'album', - 'description' => 'delete' - ])->first(); - - return $this->userHasPermission($user, $album, $permission); + return $this->userHasPermission($user, $album, 'delete'); } public function deletePhotos(User $user, Album $album) @@ -79,13 +68,7 @@ class AlbumPolicy return true; } - // Get the edit permission - $permission = Permission::where([ - 'section' => 'album', - 'description' => 'delete-photos' - ])->first(); - - return $this->userHasPermission($user, $album, $permission); + return $this->userHasPermission($user, $album, 'delete-photos'); } public function edit(User $user, Album $album) @@ -96,13 +79,7 @@ class AlbumPolicy return true; } - // Get the edit permission - $permission = Permission::where([ - 'section' => 'album', - 'description' => 'edit' - ])->first(); - - return $this->userHasPermission($user, $album, $permission); + return $this->userHasPermission($user, $album, 'edit'); } public function manipulatePhotos(User $user, Album $album) @@ -113,13 +90,7 @@ class AlbumPolicy return true; } - // Get the edit permission - $permission = Permission::where([ - 'section' => 'album', - 'description' => 'manipulate-photos' - ])->first(); - - return $this->userHasPermission($user, $album, $permission); + return $this->userHasPermission($user, $album, 'manipulate-photos'); } public function uploadPhotos(User $user, Album $album) @@ -130,13 +101,7 @@ class AlbumPolicy return true; } - // Get the edit permission - $permission = Permission::where([ - 'section' => 'album', - 'description' => 'upload-photos' - ])->first(); - - return $this->userHasPermission($user, $album, $permission); + return $this->userHasPermission($user, $album, 'upload-photos'); } public function view(User $user, Album $album) @@ -147,56 +112,12 @@ class AlbumPolicy return true; } - // Get the edit permission - $permission = Permission::where([ - 'section' => 'album', - 'description' => 'view' - ])->first(); - - return $this->userHasPermission($user, $album, $permission); + return $this->userHasPermission($user, $album, 'view'); } - private function userHasPermission(User $user, Album $album, Permission $permission) + private function userHasPermission(User $user, Album $album, $permission) { - if ($user->isAnonymous()) - { - $query = Album::query()->join('album_anonymous_permissions', 'album_anonymous_permissions.album_id', '=', 'albums.id') - ->join('permissions', 'permissions.id', '=', 'album_anonymous_permissions.permission_id') - ->where([ - ['albums.id', $album->id], - ['permissions.id', $permission->id] - ]); - - return $query->count() > 0; - } - - // If any of the user's groups are granted the permission - /** @var Group $group */ - foreach ($user->groups as $group) - { - $groupPermission = $album->groupPermissions()->where([ - 'group_id' => $group->id, - 'permission_id' => $permission->id - ])->first(); - - if (!is_null($groupPermission)) - { - return true; - } - } - - // If the user is directly granted the permission - $userPermission = $album->userPermissions()->where([ - 'user_id' => $user->id, - 'permission_id' => $permission->id - ])->first(); - - if (!is_null($userPermission)) - { - return true; - } - - // Nope, no permission - return false; + $helper = new PermissionsHelper(); + return $helper->userCan_Album($album, $user, $permission); } }