Merge permissions cache and inherited permissions #110

Merged
aheathershaw merged 10 commits from feature/71-permissions-cache into master 2018-09-16 22:19:38 +01:00
3 changed files with 58 additions and 125 deletions
Showing only changes of commit 90e9061ebc - Show all commits

View File

@ -47,43 +47,13 @@ class DbHelper
{ {
/* Admin users always get everything, therefore no filters are necessary */ /* Admin users always get everything, therefore no filters are necessary */
} }
else if (is_null($user))
{
/* Anonymous users need to check the album_anonymous_permissions table. If not in this table, you're not allowed! */
$albumsQuery = Album::join('album_anonymous_permissions', 'album_anonymous_permissions.album_id', '=', 'albums.id')
->join('permissions', 'permissions.id', '=', 'album_anonymous_permissions.permission_id')
->where([
['permissions.section', 'album'],
['permissions.description', $permission]
]);
}
else else
{ {
/* $helper = new PermissionsHelper();
Other users need to check either the album_group_permissions or album_user_permissions table. If not in either of these tables, $albumIDs = $helper->getAlbumIDs($permission, $user);
you're not allowed! //dd($albumIDs->toArray());
*/ $albumsQuery->whereIn('albums.id', $albumIDs);
//
$albumsQuery = Album::leftJoin('album_group_permissions', 'album_group_permissions.album_id', '=', 'albums.id')
->leftJoin('album_user_permissions', 'album_user_permissions.album_id', '=', 'albums.id')
->leftJoin('permissions AS group_permissions', 'group_permissions.id', '=', 'album_group_permissions.permission_id')
->leftJoin('permissions AS user_permissions', 'user_permissions.id', '=', 'album_user_permissions.permission_id')
->leftJoin('user_groups', 'user_groups.group_id', '=', 'album_group_permissions.group_id')
->where(function($query) use ($user, $permission)
{
$query->where('albums.user_id', $user->id)
->orWhere([
['group_permissions.section', 'album'],
['group_permissions.description', $permission],
['user_groups.user_id', $user->id]
])
->orWhere([
['user_permissions.section', 'album'],
['user_permissions.description', $permission],
['album_user_permissions.user_id', $user->id]
]);
});
} }
$parentAlbumID = intval($parentAlbumID); $parentAlbumID = intval($parentAlbumID);

View File

@ -3,12 +3,54 @@
namespace App\Helpers; namespace App\Helpers;
use App\Album; use App\Album;
use App\Permission;
use App\User; use App\User;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\DB; use Illuminate\Support\Facades\DB;
class PermissionsHelper class PermissionsHelper
{ {
public function getAlbumIDs($permission = 'list', $user)
{
$result = [];
$query = DB::table('album_permissions_cache')
->join('permissions', 'permissions.id', '=', 'album_permissions_cache.permission_id')
->where([
['album_permissions_cache.user_id', (is_null($user) ? null : $user->id)],
['permissions.section', 'album'],
['permissions.description', $permission]
])
->select('album_permissions_cache.album_id')
->distinct()
->get();
foreach ($query as $item)
{
$result[] = $item->album_id;
}
return $result;
}
public function rebuildCache() public function rebuildCache()
{
$this->rebuildAlbumCache();
}
public function userCan_Album(Album $album, User $user, $permission)
{
return DB::table('album_permissions_cache')
->join('permissions', 'permissions.id', '=', 'album_permissions_cache.permission_id')
->where([
['album_permissions_cache.album_id', $album->id],
['album_permissions_cache.user_id', (is_null($user) || $user->isAnonymous() ? null : $user->id)],
['permissions.section', 'album'],
['permissions.description', $permission]
])
->count() > 0;
}
private function rebuildAlbumCache()
{ {
// Get a list of albums // Get a list of albums
$albums = Album::all(); $albums = Album::all();

View File

@ -4,6 +4,7 @@ namespace App\Policies;
use App\Album; use App\Album;
use App\Group; use App\Group;
use App\Helpers\PermissionsHelper;
use App\Permission; use App\Permission;
use App\User; use App\User;
use Illuminate\Auth\Access\HandlesAuthorization; use Illuminate\Auth\Access\HandlesAuthorization;
@ -45,13 +46,7 @@ class AlbumPolicy
return true; return true;
} }
// Get the edit permission return $this->userHasPermission($user, $album, 'change-photo-metadata');
$permission = Permission::where([
'section' => 'album',
'description' => 'change-photo-metadata'
])->first();
return $this->userHasPermission($user, $album, $permission);
} }
public function delete(User $user, Album $album) public function delete(User $user, Album $album)
@ -62,13 +57,7 @@ class AlbumPolicy
return true; return true;
} }
// Get the edit permission return $this->userHasPermission($user, $album, 'delete');
$permission = Permission::where([
'section' => 'album',
'description' => 'delete'
])->first();
return $this->userHasPermission($user, $album, $permission);
} }
public function deletePhotos(User $user, Album $album) public function deletePhotos(User $user, Album $album)
@ -79,13 +68,7 @@ class AlbumPolicy
return true; return true;
} }
// Get the edit permission return $this->userHasPermission($user, $album, 'delete-photos');
$permission = Permission::where([
'section' => 'album',
'description' => 'delete-photos'
])->first();
return $this->userHasPermission($user, $album, $permission);
} }
public function edit(User $user, Album $album) public function edit(User $user, Album $album)
@ -96,13 +79,7 @@ class AlbumPolicy
return true; return true;
} }
// Get the edit permission return $this->userHasPermission($user, $album, 'edit');
$permission = Permission::where([
'section' => 'album',
'description' => 'edit'
])->first();
return $this->userHasPermission($user, $album, $permission);
} }
public function manipulatePhotos(User $user, Album $album) public function manipulatePhotos(User $user, Album $album)
@ -113,13 +90,7 @@ class AlbumPolicy
return true; return true;
} }
// Get the edit permission return $this->userHasPermission($user, $album, 'manipulate-photos');
$permission = Permission::where([
'section' => 'album',
'description' => 'manipulate-photos'
])->first();
return $this->userHasPermission($user, $album, $permission);
} }
public function uploadPhotos(User $user, Album $album) public function uploadPhotos(User $user, Album $album)
@ -130,13 +101,7 @@ class AlbumPolicy
return true; return true;
} }
// Get the edit permission return $this->userHasPermission($user, $album, 'upload-photos');
$permission = Permission::where([
'section' => 'album',
'description' => 'upload-photos'
])->first();
return $this->userHasPermission($user, $album, $permission);
} }
public function view(User $user, Album $album) public function view(User $user, Album $album)
@ -147,56 +112,12 @@ class AlbumPolicy
return true; return true;
} }
// Get the edit permission return $this->userHasPermission($user, $album, 'view');
$permission = Permission::where([
'section' => 'album',
'description' => 'view'
])->first();
return $this->userHasPermission($user, $album, $permission);
} }
private function userHasPermission(User $user, Album $album, Permission $permission) private function userHasPermission(User $user, Album $album, $permission)
{ {
if ($user->isAnonymous()) $helper = new PermissionsHelper();
{ return $helper->userCan_Album($album, $user, $permission);
$query = Album::query()->join('album_anonymous_permissions', 'album_anonymous_permissions.album_id', '=', 'albums.id')
->join('permissions', 'permissions.id', '=', 'album_anonymous_permissions.permission_id')
->where([
['albums.id', $album->id],
['permissions.id', $permission->id]
]);
return $query->count() > 0;
}
// If any of the user's groups are granted the permission
/** @var Group $group */
foreach ($user->groups as $group)
{
$groupPermission = $album->groupPermissions()->where([
'group_id' => $group->id,
'permission_id' => $permission->id
])->first();
if (!is_null($groupPermission))
{
return true;
}
}
// If the user is directly granted the permission
$userPermission = $album->userPermissions()->where([
'user_id' => $user->id,
'permission_id' => $permission->id
])->first();
if (!is_null($userPermission))
{
return true;
}
// Nope, no permission
return false;
} }
} }