Merge permissions cache and inherited permissions #110
@ -47,43 +47,13 @@ class DbHelper
|
||||
{
|
||||
/* Admin users always get everything, therefore no filters are necessary */
|
||||
}
|
||||
else if (is_null($user))
|
||||
{
|
||||
/* Anonymous users need to check the album_anonymous_permissions table. If not in this table, you're not allowed! */
|
||||
|
||||
$albumsQuery = Album::join('album_anonymous_permissions', 'album_anonymous_permissions.album_id', '=', 'albums.id')
|
||||
->join('permissions', 'permissions.id', '=', 'album_anonymous_permissions.permission_id')
|
||||
->where([
|
||||
['permissions.section', 'album'],
|
||||
['permissions.description', $permission]
|
||||
]);
|
||||
}
|
||||
else
|
||||
{
|
||||
/*
|
||||
Other users need to check either the album_group_permissions or album_user_permissions table. If not in either of these tables,
|
||||
you're not allowed!
|
||||
*/
|
||||
|
||||
$albumsQuery = Album::leftJoin('album_group_permissions', 'album_group_permissions.album_id', '=', 'albums.id')
|
||||
->leftJoin('album_user_permissions', 'album_user_permissions.album_id', '=', 'albums.id')
|
||||
->leftJoin('permissions AS group_permissions', 'group_permissions.id', '=', 'album_group_permissions.permission_id')
|
||||
->leftJoin('permissions AS user_permissions', 'user_permissions.id', '=', 'album_user_permissions.permission_id')
|
||||
->leftJoin('user_groups', 'user_groups.group_id', '=', 'album_group_permissions.group_id')
|
||||
->where(function($query) use ($user, $permission)
|
||||
{
|
||||
$query->where('albums.user_id', $user->id)
|
||||
->orWhere([
|
||||
['group_permissions.section', 'album'],
|
||||
['group_permissions.description', $permission],
|
||||
['user_groups.user_id', $user->id]
|
||||
])
|
||||
->orWhere([
|
||||
['user_permissions.section', 'album'],
|
||||
['user_permissions.description', $permission],
|
||||
['album_user_permissions.user_id', $user->id]
|
||||
]);
|
||||
});
|
||||
$helper = new PermissionsHelper();
|
||||
$albumIDs = $helper->getAlbumIDs($permission, $user);
|
||||
//dd($albumIDs->toArray());
|
||||
$albumsQuery->whereIn('albums.id', $albumIDs);
|
||||
//
|
||||
}
|
||||
|
||||
$parentAlbumID = intval($parentAlbumID);
|
||||
|
@ -3,12 +3,54 @@
|
||||
namespace App\Helpers;
|
||||
|
||||
use App\Album;
|
||||
use App\Permission;
|
||||
use App\User;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
|
||||
class PermissionsHelper
|
||||
{
|
||||
public function getAlbumIDs($permission = 'list', $user)
|
||||
{
|
||||
$result = [];
|
||||
$query = DB::table('album_permissions_cache')
|
||||
->join('permissions', 'permissions.id', '=', 'album_permissions_cache.permission_id')
|
||||
->where([
|
||||
['album_permissions_cache.user_id', (is_null($user) ? null : $user->id)],
|
||||
['permissions.section', 'album'],
|
||||
['permissions.description', $permission]
|
||||
])
|
||||
->select('album_permissions_cache.album_id')
|
||||
->distinct()
|
||||
->get();
|
||||
|
||||
foreach ($query as $item)
|
||||
{
|
||||
$result[] = $item->album_id;
|
||||
}
|
||||
|
||||
return $result;
|
||||
}
|
||||
|
||||
public function rebuildCache()
|
||||
{
|
||||
$this->rebuildAlbumCache();
|
||||
}
|
||||
|
||||
public function userCan_Album(Album $album, User $user, $permission)
|
||||
{
|
||||
return DB::table('album_permissions_cache')
|
||||
->join('permissions', 'permissions.id', '=', 'album_permissions_cache.permission_id')
|
||||
->where([
|
||||
['album_permissions_cache.album_id', $album->id],
|
||||
['album_permissions_cache.user_id', (is_null($user) || $user->isAnonymous() ? null : $user->id)],
|
||||
['permissions.section', 'album'],
|
||||
['permissions.description', $permission]
|
||||
])
|
||||
->count() > 0;
|
||||
}
|
||||
|
||||
private function rebuildAlbumCache()
|
||||
{
|
||||
// Get a list of albums
|
||||
$albums = Album::all();
|
||||
|
@ -4,6 +4,7 @@ namespace App\Policies;
|
||||
|
||||
use App\Album;
|
||||
use App\Group;
|
||||
use App\Helpers\PermissionsHelper;
|
||||
use App\Permission;
|
||||
use App\User;
|
||||
use Illuminate\Auth\Access\HandlesAuthorization;
|
||||
@ -45,13 +46,7 @@ class AlbumPolicy
|
||||
return true;
|
||||
}
|
||||
|
||||
// Get the edit permission
|
||||
$permission = Permission::where([
|
||||
'section' => 'album',
|
||||
'description' => 'change-photo-metadata'
|
||||
])->first();
|
||||
|
||||
return $this->userHasPermission($user, $album, $permission);
|
||||
return $this->userHasPermission($user, $album, 'change-photo-metadata');
|
||||
}
|
||||
|
||||
public function delete(User $user, Album $album)
|
||||
@ -62,13 +57,7 @@ class AlbumPolicy
|
||||
return true;
|
||||
}
|
||||
|
||||
// Get the edit permission
|
||||
$permission = Permission::where([
|
||||
'section' => 'album',
|
||||
'description' => 'delete'
|
||||
])->first();
|
||||
|
||||
return $this->userHasPermission($user, $album, $permission);
|
||||
return $this->userHasPermission($user, $album, 'delete');
|
||||
}
|
||||
|
||||
public function deletePhotos(User $user, Album $album)
|
||||
@ -79,13 +68,7 @@ class AlbumPolicy
|
||||
return true;
|
||||
}
|
||||
|
||||
// Get the edit permission
|
||||
$permission = Permission::where([
|
||||
'section' => 'album',
|
||||
'description' => 'delete-photos'
|
||||
])->first();
|
||||
|
||||
return $this->userHasPermission($user, $album, $permission);
|
||||
return $this->userHasPermission($user, $album, 'delete-photos');
|
||||
}
|
||||
|
||||
public function edit(User $user, Album $album)
|
||||
@ -96,13 +79,7 @@ class AlbumPolicy
|
||||
return true;
|
||||
}
|
||||
|
||||
// Get the edit permission
|
||||
$permission = Permission::where([
|
||||
'section' => 'album',
|
||||
'description' => 'edit'
|
||||
])->first();
|
||||
|
||||
return $this->userHasPermission($user, $album, $permission);
|
||||
return $this->userHasPermission($user, $album, 'edit');
|
||||
}
|
||||
|
||||
public function manipulatePhotos(User $user, Album $album)
|
||||
@ -113,13 +90,7 @@ class AlbumPolicy
|
||||
return true;
|
||||
}
|
||||
|
||||
// Get the edit permission
|
||||
$permission = Permission::where([
|
||||
'section' => 'album',
|
||||
'description' => 'manipulate-photos'
|
||||
])->first();
|
||||
|
||||
return $this->userHasPermission($user, $album, $permission);
|
||||
return $this->userHasPermission($user, $album, 'manipulate-photos');
|
||||
}
|
||||
|
||||
public function uploadPhotos(User $user, Album $album)
|
||||
@ -130,13 +101,7 @@ class AlbumPolicy
|
||||
return true;
|
||||
}
|
||||
|
||||
// Get the edit permission
|
||||
$permission = Permission::where([
|
||||
'section' => 'album',
|
||||
'description' => 'upload-photos'
|
||||
])->first();
|
||||
|
||||
return $this->userHasPermission($user, $album, $permission);
|
||||
return $this->userHasPermission($user, $album, 'upload-photos');
|
||||
}
|
||||
|
||||
public function view(User $user, Album $album)
|
||||
@ -147,56 +112,12 @@ class AlbumPolicy
|
||||
return true;
|
||||
}
|
||||
|
||||
// Get the edit permission
|
||||
$permission = Permission::where([
|
||||
'section' => 'album',
|
||||
'description' => 'view'
|
||||
])->first();
|
||||
|
||||
return $this->userHasPermission($user, $album, $permission);
|
||||
return $this->userHasPermission($user, $album, 'view');
|
||||
}
|
||||
|
||||
private function userHasPermission(User $user, Album $album, Permission $permission)
|
||||
private function userHasPermission(User $user, Album $album, $permission)
|
||||
{
|
||||
if ($user->isAnonymous())
|
||||
{
|
||||
$query = Album::query()->join('album_anonymous_permissions', 'album_anonymous_permissions.album_id', '=', 'albums.id')
|
||||
->join('permissions', 'permissions.id', '=', 'album_anonymous_permissions.permission_id')
|
||||
->where([
|
||||
['albums.id', $album->id],
|
||||
['permissions.id', $permission->id]
|
||||
]);
|
||||
|
||||
return $query->count() > 0;
|
||||
}
|
||||
|
||||
// If any of the user's groups are granted the permission
|
||||
/** @var Group $group */
|
||||
foreach ($user->groups as $group)
|
||||
{
|
||||
$groupPermission = $album->groupPermissions()->where([
|
||||
'group_id' => $group->id,
|
||||
'permission_id' => $permission->id
|
||||
])->first();
|
||||
|
||||
if (!is_null($groupPermission))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
// If the user is directly granted the permission
|
||||
$userPermission = $album->userPermissions()->where([
|
||||
'user_id' => $user->id,
|
||||
'permission_id' => $permission->id
|
||||
])->first();
|
||||
|
||||
if (!is_null($userPermission))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
// Nope, no permission
|
||||
return false;
|
||||
$helper = new PermissionsHelper();
|
||||
return $helper->userCan_Album($album, $user, $permission);
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user