Merge permissions cache and inherited permissions #110
@ -47,43 +47,13 @@ class DbHelper
|
|||||||
{
|
{
|
||||||
/* Admin users always get everything, therefore no filters are necessary */
|
/* Admin users always get everything, therefore no filters are necessary */
|
||||||
}
|
}
|
||||||
else if (is_null($user))
|
|
||||||
{
|
|
||||||
/* Anonymous users need to check the album_anonymous_permissions table. If not in this table, you're not allowed! */
|
|
||||||
|
|
||||||
$albumsQuery = Album::join('album_anonymous_permissions', 'album_anonymous_permissions.album_id', '=', 'albums.id')
|
|
||||||
->join('permissions', 'permissions.id', '=', 'album_anonymous_permissions.permission_id')
|
|
||||||
->where([
|
|
||||||
['permissions.section', 'album'],
|
|
||||||
['permissions.description', $permission]
|
|
||||||
]);
|
|
||||||
}
|
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
/*
|
$helper = new PermissionsHelper();
|
||||||
Other users need to check either the album_group_permissions or album_user_permissions table. If not in either of these tables,
|
$albumIDs = $helper->getAlbumIDs($permission, $user);
|
||||||
you're not allowed!
|
//dd($albumIDs->toArray());
|
||||||
*/
|
$albumsQuery->whereIn('albums.id', $albumIDs);
|
||||||
|
//
|
||||||
$albumsQuery = Album::leftJoin('album_group_permissions', 'album_group_permissions.album_id', '=', 'albums.id')
|
|
||||||
->leftJoin('album_user_permissions', 'album_user_permissions.album_id', '=', 'albums.id')
|
|
||||||
->leftJoin('permissions AS group_permissions', 'group_permissions.id', '=', 'album_group_permissions.permission_id')
|
|
||||||
->leftJoin('permissions AS user_permissions', 'user_permissions.id', '=', 'album_user_permissions.permission_id')
|
|
||||||
->leftJoin('user_groups', 'user_groups.group_id', '=', 'album_group_permissions.group_id')
|
|
||||||
->where(function($query) use ($user, $permission)
|
|
||||||
{
|
|
||||||
$query->where('albums.user_id', $user->id)
|
|
||||||
->orWhere([
|
|
||||||
['group_permissions.section', 'album'],
|
|
||||||
['group_permissions.description', $permission],
|
|
||||||
['user_groups.user_id', $user->id]
|
|
||||||
])
|
|
||||||
->orWhere([
|
|
||||||
['user_permissions.section', 'album'],
|
|
||||||
['user_permissions.description', $permission],
|
|
||||||
['album_user_permissions.user_id', $user->id]
|
|
||||||
]);
|
|
||||||
});
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$parentAlbumID = intval($parentAlbumID);
|
$parentAlbumID = intval($parentAlbumID);
|
||||||
|
@ -3,12 +3,54 @@
|
|||||||
namespace App\Helpers;
|
namespace App\Helpers;
|
||||||
|
|
||||||
use App\Album;
|
use App\Album;
|
||||||
|
use App\Permission;
|
||||||
use App\User;
|
use App\User;
|
||||||
|
use Illuminate\Support\Facades\Auth;
|
||||||
use Illuminate\Support\Facades\DB;
|
use Illuminate\Support\Facades\DB;
|
||||||
|
|
||||||
class PermissionsHelper
|
class PermissionsHelper
|
||||||
{
|
{
|
||||||
|
public function getAlbumIDs($permission = 'list', $user)
|
||||||
|
{
|
||||||
|
$result = [];
|
||||||
|
$query = DB::table('album_permissions_cache')
|
||||||
|
->join('permissions', 'permissions.id', '=', 'album_permissions_cache.permission_id')
|
||||||
|
->where([
|
||||||
|
['album_permissions_cache.user_id', (is_null($user) ? null : $user->id)],
|
||||||
|
['permissions.section', 'album'],
|
||||||
|
['permissions.description', $permission]
|
||||||
|
])
|
||||||
|
->select('album_permissions_cache.album_id')
|
||||||
|
->distinct()
|
||||||
|
->get();
|
||||||
|
|
||||||
|
foreach ($query as $item)
|
||||||
|
{
|
||||||
|
$result[] = $item->album_id;
|
||||||
|
}
|
||||||
|
|
||||||
|
return $result;
|
||||||
|
}
|
||||||
|
|
||||||
public function rebuildCache()
|
public function rebuildCache()
|
||||||
|
{
|
||||||
|
$this->rebuildAlbumCache();
|
||||||
|
}
|
||||||
|
|
||||||
|
public function userCan_Album(Album $album, User $user, $permission)
|
||||||
|
{
|
||||||
|
return DB::table('album_permissions_cache')
|
||||||
|
->join('permissions', 'permissions.id', '=', 'album_permissions_cache.permission_id')
|
||||||
|
->where([
|
||||||
|
['album_permissions_cache.album_id', $album->id],
|
||||||
|
['album_permissions_cache.user_id', (is_null($user) || $user->isAnonymous() ? null : $user->id)],
|
||||||
|
['permissions.section', 'album'],
|
||||||
|
['permissions.description', $permission]
|
||||||
|
])
|
||||||
|
->count() > 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
private function rebuildAlbumCache()
|
||||||
{
|
{
|
||||||
// Get a list of albums
|
// Get a list of albums
|
||||||
$albums = Album::all();
|
$albums = Album::all();
|
||||||
|
@ -4,6 +4,7 @@ namespace App\Policies;
|
|||||||
|
|
||||||
use App\Album;
|
use App\Album;
|
||||||
use App\Group;
|
use App\Group;
|
||||||
|
use App\Helpers\PermissionsHelper;
|
||||||
use App\Permission;
|
use App\Permission;
|
||||||
use App\User;
|
use App\User;
|
||||||
use Illuminate\Auth\Access\HandlesAuthorization;
|
use Illuminate\Auth\Access\HandlesAuthorization;
|
||||||
@ -45,13 +46,7 @@ class AlbumPolicy
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get the edit permission
|
return $this->userHasPermission($user, $album, 'change-photo-metadata');
|
||||||
$permission = Permission::where([
|
|
||||||
'section' => 'album',
|
|
||||||
'description' => 'change-photo-metadata'
|
|
||||||
])->first();
|
|
||||||
|
|
||||||
return $this->userHasPermission($user, $album, $permission);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function delete(User $user, Album $album)
|
public function delete(User $user, Album $album)
|
||||||
@ -62,13 +57,7 @@ class AlbumPolicy
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get the edit permission
|
return $this->userHasPermission($user, $album, 'delete');
|
||||||
$permission = Permission::where([
|
|
||||||
'section' => 'album',
|
|
||||||
'description' => 'delete'
|
|
||||||
])->first();
|
|
||||||
|
|
||||||
return $this->userHasPermission($user, $album, $permission);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function deletePhotos(User $user, Album $album)
|
public function deletePhotos(User $user, Album $album)
|
||||||
@ -79,13 +68,7 @@ class AlbumPolicy
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get the edit permission
|
return $this->userHasPermission($user, $album, 'delete-photos');
|
||||||
$permission = Permission::where([
|
|
||||||
'section' => 'album',
|
|
||||||
'description' => 'delete-photos'
|
|
||||||
])->first();
|
|
||||||
|
|
||||||
return $this->userHasPermission($user, $album, $permission);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function edit(User $user, Album $album)
|
public function edit(User $user, Album $album)
|
||||||
@ -96,13 +79,7 @@ class AlbumPolicy
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get the edit permission
|
return $this->userHasPermission($user, $album, 'edit');
|
||||||
$permission = Permission::where([
|
|
||||||
'section' => 'album',
|
|
||||||
'description' => 'edit'
|
|
||||||
])->first();
|
|
||||||
|
|
||||||
return $this->userHasPermission($user, $album, $permission);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function manipulatePhotos(User $user, Album $album)
|
public function manipulatePhotos(User $user, Album $album)
|
||||||
@ -113,13 +90,7 @@ class AlbumPolicy
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get the edit permission
|
return $this->userHasPermission($user, $album, 'manipulate-photos');
|
||||||
$permission = Permission::where([
|
|
||||||
'section' => 'album',
|
|
||||||
'description' => 'manipulate-photos'
|
|
||||||
])->first();
|
|
||||||
|
|
||||||
return $this->userHasPermission($user, $album, $permission);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function uploadPhotos(User $user, Album $album)
|
public function uploadPhotos(User $user, Album $album)
|
||||||
@ -130,13 +101,7 @@ class AlbumPolicy
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get the edit permission
|
return $this->userHasPermission($user, $album, 'upload-photos');
|
||||||
$permission = Permission::where([
|
|
||||||
'section' => 'album',
|
|
||||||
'description' => 'upload-photos'
|
|
||||||
])->first();
|
|
||||||
|
|
||||||
return $this->userHasPermission($user, $album, $permission);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function view(User $user, Album $album)
|
public function view(User $user, Album $album)
|
||||||
@ -147,56 +112,12 @@ class AlbumPolicy
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get the edit permission
|
return $this->userHasPermission($user, $album, 'view');
|
||||||
$permission = Permission::where([
|
|
||||||
'section' => 'album',
|
|
||||||
'description' => 'view'
|
|
||||||
])->first();
|
|
||||||
|
|
||||||
return $this->userHasPermission($user, $album, $permission);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private function userHasPermission(User $user, Album $album, Permission $permission)
|
private function userHasPermission(User $user, Album $album, $permission)
|
||||||
{
|
{
|
||||||
if ($user->isAnonymous())
|
$helper = new PermissionsHelper();
|
||||||
{
|
return $helper->userCan_Album($album, $user, $permission);
|
||||||
$query = Album::query()->join('album_anonymous_permissions', 'album_anonymous_permissions.album_id', '=', 'albums.id')
|
|
||||||
->join('permissions', 'permissions.id', '=', 'album_anonymous_permissions.permission_id')
|
|
||||||
->where([
|
|
||||||
['albums.id', $album->id],
|
|
||||||
['permissions.id', $permission->id]
|
|
||||||
]);
|
|
||||||
|
|
||||||
return $query->count() > 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
// If any of the user's groups are granted the permission
|
|
||||||
/** @var Group $group */
|
|
||||||
foreach ($user->groups as $group)
|
|
||||||
{
|
|
||||||
$groupPermission = $album->groupPermissions()->where([
|
|
||||||
'group_id' => $group->id,
|
|
||||||
'permission_id' => $permission->id
|
|
||||||
])->first();
|
|
||||||
|
|
||||||
if (!is_null($groupPermission))
|
|
||||||
{
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// If the user is directly granted the permission
|
|
||||||
$userPermission = $album->userPermissions()->where([
|
|
||||||
'user_id' => $user->id,
|
|
||||||
'permission_id' => $permission->id
|
|
||||||
])->first();
|
|
||||||
|
|
||||||
if (!is_null($userPermission))
|
|
||||||
{
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Nope, no permission
|
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user