Created
March 6, 2017 15:51
-
-
Save unstoppablecarl/64188b4fbb77dd9cc47df366cf3dcf73 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| namespace App\Services\Auth; | |
| use App\Exceptions\PrimaryRoleNotFoundException; | |
| use App\Exceptions\RoleNotFoundException; | |
| use App\Models\Role; | |
| use App\Models\User; | |
| class UserPermissionsHelper { | |
| const PERM_canGrantRolesToUsersWithPrimaryRole = 'users.grant_role_to?primary_role='; | |
| const PERM_canRevokeRolesFromUsersWithPrimaryRole = 'users.revoke_role_from?primary_role='; | |
| const PERM_canChangePrimaryRoleOfUsersTo = 'users.change_primary_role_to?primary_role='; | |
| const PERM_canChangePrimaryRoleOfUsersWithPrimaryRole = 'users.change_primary_role_from?primary_role='; | |
| const PERM_canGrantRole = 'roles.grant_to_user?role='; | |
| const PERM_canRevokeRole = 'roles.revoke_from_user?role='; | |
| const PERM_canViewUsersWithPrimaryRole = 'users.view?primary_role='; | |
| const PERM_canCreateUsersWithPrimaryRole = 'users.create?primary_role='; | |
| const PERM_canUpdateUsersWithPrimaryRole = 'users.update?primary_role='; | |
| const PERM_canDeleteUsersWithPrimaryRole = 'users.delete?primary_role='; | |
| protected $primaryRoles; | |
| protected $roles; | |
| protected function primaryRoles($forceRefresh = false) { | |
| if ($forceRefresh || !$this->primaryRoles) { | |
| $this->primaryRoles = Role::where('is_primary', 1)->get(); | |
| } | |
| return $this->primaryRoles; | |
| } | |
| protected function roles($forceRefresh = false) { | |
| if ($forceRefresh || !$this->roles) { | |
| $this->roles = Role::where('is_primary', 0)->get(); | |
| } | |
| return $this->roles; | |
| } | |
| protected function toPrimaryRole($primaryRole) { | |
| if ($primaryRole instanceof Role) { | |
| $exists = $this->primaryRoles()->where('name', $primaryRole->name)->count(); | |
| if (!$exists) { | |
| throw new PrimaryRoleNotFoundException($primaryRole->name); | |
| } | |
| return $primaryRole->name; | |
| } | |
| $exists = $this->primaryRoles()->where('name', $primaryRole)->first(); | |
| if (!$exists) { | |
| throw new PrimaryRoleNotFoundException($primaryRole); | |
| } | |
| return $primaryRole; | |
| } | |
| protected function toRole($role) { | |
| if ($role instanceof Role) { | |
| $exists = $this->roles()->where('name', $role->name)->count(); | |
| if (!$exists) { | |
| throw new RoleNotFoundException($role->name); | |
| } | |
| return $role->name; | |
| } | |
| $exists = $this->roles()->where('name', $role)->first(); | |
| if (!$exists) { | |
| throw new RoleNotFoundException($role); | |
| } | |
| return $role; | |
| } | |
| // view | |
| public function canViewUser(User $user, User $target) { | |
| $targetPrimaryRole = $target->getPrimaryRole(); | |
| return $this->canViewUsersWithPrimaryRole($user, $targetPrimaryRole); | |
| } | |
| public function canViewUsersWithPrimaryRole(User $user, $primaryRole) { | |
| $primaryRole = $this->toPrimaryRole($primaryRole); | |
| $perm = static::PERM_canViewUsersWithPrimaryRole . $primaryRole; | |
| return $user->can($perm); | |
| } | |
| public function canViewAnyUsers(User $user) { | |
| return $this->getCanViewUsersWithPrimaryRoles($user)->count() > 0; | |
| } | |
| public function getCanViewUsersWithPrimaryRoles(User $user) { | |
| return $this->primaryRoles() | |
| ->filter(function ($role) use ($user) { | |
| return $this->canViewUsersWithPrimaryRole($user, $role); | |
| }); | |
| } | |
| // create | |
| public function canCreateUsersWithPrimaryRole(User $user, $primaryRole) { | |
| $primaryRole = $this->toPrimaryRole($primaryRole); | |
| $perm = static::PERM_canCreateUsersWithPrimaryRole . $primaryRole; | |
| return $user->can($perm); | |
| } | |
| public function canCreateAnyUsers(User $user) { | |
| return $this->getCanCreateUsersWithPrimaryRoles($user)->count() > 0; | |
| } | |
| public function getCanCreateUsersWithPrimaryRoles(User $user) { | |
| return $this->primaryRoles() | |
| ->filter(function ($role) use ($user) { | |
| return $this->canCreateUsersWithPrimaryRole($user, $role); | |
| }); | |
| } | |
| // update | |
| public function canUpdateUser(User $user, User $target) { | |
| $targetPrimaryRole = $target->getPrimaryRole(); | |
| return $this->canUpdateUsersWithPrimaryRole($user, $targetPrimaryRole); | |
| } | |
| public function canUpdateUsersWithPrimaryRole(User $user, $primaryRole) { | |
| $primaryRole = $this->toPrimaryRole($primaryRole); | |
| $perm = static::PERM_canUpdateUsersWithPrimaryRole . $primaryRole; | |
| return $user->can($perm); | |
| } | |
| public function canUpdateAnyUsers(User $user) { | |
| return $this->getCanUpdateUsersWithPrimaryRoles($user)->count() > 0; | |
| } | |
| public function getCanUpdateUsersWithPrimaryRoles(User $user) { | |
| return $this->primaryRoles() | |
| ->filter(function ($role) use ($user) { | |
| return $this->canUpdateUsersWithPrimaryRole($user, $role); | |
| }); | |
| } | |
| // delete | |
| public function canDeleteUser(User $user, User $target) { | |
| $targetPrimaryRole = $target->getPrimaryRole(); | |
| return $this->canDeleteUsersWithPrimaryRole($user, $targetPrimaryRole); | |
| } | |
| public function canDeleteUsersWithPrimaryRole(User $user, $primaryRole) { | |
| $primaryRole = $this->toPrimaryRole($primaryRole); | |
| $perm = static::PERM_canDeleteUsersWithPrimaryRole . $primaryRole; | |
| return $user->can($perm); | |
| } | |
| public function canDeleteAnyUsers(User $user) { | |
| return $this->getCanDeleteUsersWithPrimaryRoles($user)->count() > 0; | |
| } | |
| public function getCanDeleteUsersWithPrimaryRoles(User $user) { | |
| return $this->primaryRoles() | |
| ->filter(function ($role) use ($user) { | |
| return $this->canDeleteUsersWithPrimaryRole($user, $role); | |
| }); | |
| } | |
| // change primary role | |
| public function canChangePrimaryRoleOfUserTo(User $user, User $target, $newPrimaryRole) { | |
| return ( | |
| $this->canChangePrimaryRoleOfUser($user, $target) && | |
| $this->canChangePrimaryRoleOfUsersTo($user, $newPrimaryRole) | |
| ); | |
| } | |
| public function canChangePrimaryRoleOfUsersTo(User $user, $primaryRole) { | |
| $primaryRole = $this->toPrimaryRole($primaryRole); | |
| $perm = static::PERM_canChangePrimaryRoleOfUsersTo . $primaryRole; | |
| return $user->can($perm); | |
| } | |
| public function canChangePrimaryRoleOfUser(User $user, User $target) { | |
| $targetPrimaryRole = $target->getPrimaryRole(); | |
| return $this->canChangePrimaryRoleOfUsersWithPrimaryRole($user, $targetPrimaryRole); | |
| } | |
| public function canChangePrimaryRoleOfUsersWithPrimaryRole(User $user, $primaryRole) { | |
| $primaryRole = $this->toPrimaryRole($primaryRole); | |
| $perm = static::PERM_canChangePrimaryRoleOfUsersWithPrimaryRole . $primaryRole; | |
| return $user->can($perm); | |
| } | |
| public function canChangePrimaryRoleOfAnyUsers(User $user) { | |
| return $this->getCanChangePrimaryRoleOfUsersWithPrimaryRoles($user)->count() > 0; | |
| } | |
| public function getCanChangePrimaryRoleOfUsersWithPrimaryRoles(User $user) { | |
| return $this->primaryRoles() | |
| ->filter(function ($role) use ($user) { | |
| return $this->canChangePrimaryRoleOfUsersWithPrimaryRole($user, $role); | |
| }); | |
| } | |
| // grant role | |
| public function canGrantRoleToUser(User $user, User $target, $newRole) { | |
| return ( | |
| $this->canGrantRolesToUser($user, $target) && | |
| $this->canGrantRole($user, $newRole) | |
| ); | |
| } | |
| public function canGrantRolesToUser(User $user, User $target) { | |
| $targetPrimaryRole = $target->getPrimaryRole(); | |
| return $this->canGrantRolesToUsersWithPrimaryRole($user, $targetPrimaryRole); | |
| } | |
| public function canGrantRolesToUsersWithPrimaryRole(User $user, $primaryRole) { | |
| $primaryRole = $this->toPrimaryRole($primaryRole); | |
| $perm = static::PERM_canGrantRolesToUsersWithPrimaryRole . $primaryRole; | |
| return $user->can($perm); | |
| } | |
| public function canGrantRole(User $user, $role) { | |
| $role = $this->toRole($role); | |
| $perm = static::PERM_canGrantRole . $role; | |
| return $user->can($perm); | |
| } | |
| public function canGrantAnyRoles(User $user) { | |
| return $this->getCanGrantRoles($user)->count() > 0; | |
| } | |
| public function getCanGrantRoles(User $user) { | |
| return $this->roles() | |
| ->filter(function ($role) use ($user) { | |
| return $this->canGrantRole($user, $role); | |
| }); | |
| } | |
| // revoke role | |
| public function canRevokeRoleFromUser(User $user, User $target, $revokeRole) { | |
| $revokeRole = $this->toRole($revokeRole); | |
| return ( | |
| $this->canRevokeRolesFromUser($user, $target) && | |
| $this->canRevokeRole($user, $revokeRole) | |
| ); | |
| } | |
| public function canRevokeRolesFromUser(User $user, User $target) { | |
| $targetPrimaryRole = $target->getPrimaryRole(); | |
| return $this->canRevokeRolesFromUsersWithPrimaryRole($user, $targetPrimaryRole); | |
| } | |
| public function canRevokeRolesFromUsersWithPrimaryRole(User $user, $primaryRole) { | |
| $primaryRole = $this->toPrimaryRole($primaryRole); | |
| $perm = static::PERM_canRevokeRolesFromUsersWithPrimaryRole . $primaryRole; | |
| return $user->can($perm); | |
| } | |
| public function canRevokeRole(User $user, $role) { | |
| $role = $this->toRole($role); | |
| $perm = static::PERM_canRevokeRole . $role; | |
| return $user->can($perm); | |
| } | |
| public function canRevokeAnyRoles(User $user) { | |
| return $this->getCanRevokeRoles($user)->count() > 0; | |
| } | |
| public function getCanRevokeRoles(User $user) { | |
| return $this->roles() | |
| ->filter(function ($role) use ($user) { | |
| return $this->canRevokeRole($user, $role); | |
| }); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment