{
$this->bookRepo = $bookRepo;
$this->pageRepo = $pageRepo;
+ parent::__construct();
}
/**
*/
public function create()
{
+ $this->checkPermission('book-create');
return view('books/create');
}
/**
* Store a newly created book in storage.
*
- * @param Request $request
+ * @param Request $request
* @return Response
*/
public function store(Request $request)
{
+ $this->checkPermission('book-create');
$this->validate($request, [
- 'name' => 'required|string|max:255',
+ 'name' => 'required|string|max:255',
'description' => 'string|max:1000'
]);
$book = $this->bookRepo->newFromInput($request->all());
*/
public function edit($slug)
{
+ $this->checkPermission('book-update');
$book = $this->bookRepo->getBySlug($slug);
return view('books/edit', ['book' => $book, 'current' => $book]);
}
* Update the specified book in storage.
*
* @param Request $request
- * @param $slug
+ * @param $slug
* @return Response
*/
public function update(Request $request, $slug)
{
+ $this->checkPermission('book-update');
$book = $this->bookRepo->getBySlug($slug);
$this->validate($request, [
- 'name' => 'required|string|max:255',
+ 'name' => 'required|string|max:255',
'description' => 'string|max:1000'
]);
$book->fill($request->all());
*/
public function showDelete($bookSlug)
{
+ $this->checkPermission('book-delete');
$book = $this->bookRepo->getBySlug($bookSlug);
return view('books/delete', ['book' => $book, 'current' => $book]);
}
*/
public function destroy($bookSlug)
{
+ $this->checkPermission('book-delete');
$book = $this->bookRepo->getBySlug($bookSlug);
Activity::addMessage('book_delete', 0, $book->name);
$this->bookRepo->destroyBySlug($bookSlug);
* @param $bookRepo
* @param $chapterRepo
*/
- public function __construct(BookRepo $bookRepo,ChapterRepo $chapterRepo)
+ public function __construct(BookRepo $bookRepo, ChapterRepo $chapterRepo)
{
$this->bookRepo = $bookRepo;
$this->chapterRepo = $chapterRepo;
+ parent::__construct();
}
-
+
/**
* Show the form for creating a new chapter.
*/
public function create($bookSlug)
{
+ $this->checkPermission('chapter-create');
$book = $this->bookRepo->getBySlug($bookSlug);
return view('chapters/create', ['book' => $book, 'current' => $book]);
}
/**
* Store a newly created chapter in storage.
*
- * @param $bookSlug
+ * @param $bookSlug
* @param Request $request
* @return Response
*/
public function store($bookSlug, Request $request)
{
+ $this->checkPermission('chapter-create');
$this->validate($request, [
'name' => 'required|string|max:255'
]);
*/
public function edit($bookSlug, $chapterSlug)
{
+ $this->checkPermission('chapter-update');
$book = $this->bookRepo->getBySlug($bookSlug);
$chapter = $this->chapterRepo->getBySlug($chapterSlug, $book->id);
return view('chapters/edit', ['book' => $book, 'chapter' => $chapter, 'current' => $chapter]);
* Update the specified chapter in storage.
*
* @param Request $request
- * @param $bookSlug
- * @param $chapterSlug
+ * @param $bookSlug
+ * @param $chapterSlug
* @return Response
*/
public function update(Request $request, $bookSlug, $chapterSlug)
{
+ $this->checkPermission('chapter-update');
$book = $this->bookRepo->getBySlug($bookSlug);
$chapter = $this->chapterRepo->getBySlug($chapterSlug, $book->id);
$chapter->fill($request->all());
*/
public function showDelete($bookSlug, $chapterSlug)
{
+ $this->checkPermission('chapter-delete');
$book = $this->bookRepo->getBySlug($bookSlug);
$chapter = $this->chapterRepo->getBySlug($chapterSlug, $book->id);
return view('chapters/delete', ['book' => $book, 'chapter' => $chapter, 'current' => $chapter]);
*/
public function destroy($bookSlug, $chapterSlug)
{
+ $this->checkPermission('chapter-delete');
$book = $this->bookRepo->getBySlug($bookSlug);
$chapter = $this->chapterRepo->getBySlug($chapterSlug, $book->id);
- if(count($chapter->pages) > 0) {
- foreach($chapter->pages as $page) {
+ if (count($chapter->pages) > 0) {
+ foreach ($chapter->pages as $page) {
$page->chapter_id = 0;
$page->save();
}
namespace Oxbow\Http\Controllers;
+use HttpRequestException;
use Illuminate\Foundation\Bus\DispatchesJobs;
+use Illuminate\Http\Exception\HttpResponseException;
use Illuminate\Routing\Controller as BaseController;
use Illuminate\Foundation\Validation\ValidatesRequests;
use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Session;
use Oxbow\User;
abstract class Controller extends BaseController
{
use DispatchesJobs, ValidatesRequests;
+ /**
+ * @var User static
+ */
+ protected $currentUser;
+ /**
+ * @var bool
+ */
+ protected $signedIn;
+
/**
* Controller constructor.
*/
public function __construct()
{
- view()->share('signedIn', Auth::check());
+ // Get a user instance for the current user
$user = Auth::user();
- if(!$user) {
+ if (!$user) {
$user = User::getDefault();
}
- view()->share('user', $user);
+ // Share variables with views
+ view()->share('signedIn', Auth::check());
+ view()->share('currentUser', $user);
+ // Share variables with controllers
+ $this->currentUser = $user;
+ $this->signedIn = Auth::check();
+ }
+
+ /**
+ * Checks for a permission.
+ *
+ * @param $permissionName
+ * @return bool|\Illuminate\Http\RedirectResponse
+ */
+ protected function checkPermission($permissionName)
+ {
+ if (!$this->currentUser || !$this->currentUser->can($permissionName)) {
+ Session::flash('error', trans('errors.permission'));
+ throw new HttpResponseException(
+ redirect()->back()
+ );
+ }
+
+ return true;
+ }
+
+ protected function checkPermissionOr($permissionName, $callback)
+ {
+ $callbackResult = $callback();
+ if ($callbackResult === false) $this->checkPermission($permissionName);
+ return true;
}
}
/**
* HomeController constructor.
* @param ActivityService $activityService
- * @param BookRepo $bookRepo
+ * @param BookRepo $bookRepo
*/
public function __construct(ActivityService $activityService, BookRepo $bookRepo)
{
$this->activityService = $activityService;
$this->bookRepo = $bookRepo;
+ parent::__construct();
}
/**
* ImageController constructor.
* @param Image $image
- * @param File $file
+ * @param File $file
*/
public function __construct(Image $image, File $file)
{
$this->image = $image;
$this->file = $file;
+ parent::__construct();
}
/**
*/
public function getImage(Request $request)
{
- $cacheTime = 60*60*24;
+ $cacheTime = 60 * 60 * 24;
$path = storage_path() . '/' . $request->path();
$modifiedTime = $this->file->lastModified($path);
$eTag = md5($modifiedTime . $path);
$headers = [
'Last-Modified' => $headerLastModified,
'Cache-Control' => 'must-revalidate',
- 'Pragma' => 'public',
- 'Expires' => $headerExpires,
- 'Etag' => $eTag
+ 'Pragma' => 'public',
+ 'Expires' => $headerExpires,
+ 'Etag' => $eTag
];
$browserModifiedSince = $request->header('If-Modified-Since');
$browserNoneMatch = $request->header('If-None-Match');
- if($browserModifiedSince !== null && file_exists($path) && ($browserModifiedSince == $headerLastModified || $browserNoneMatch == $eTag)) {
+ if ($browserModifiedSince !== null && file_exists($path) && ($browserModifiedSince == $headerLastModified || $browserNoneMatch == $eTag)) {
return response()->make('', 304, $headers);
}
- if(file_exists($path)) {
+ if (file_exists($path)) {
return response()->make(file_get_contents($path), 200, array_merge($headers, [
- 'Content-Type' => $this->file->mimeType($path),
+ 'Content-Type' => $this->file->mimeType($path),
'Content-Length' => filesize($path),
]));
}
{
$pageSize = 30;
$images = DB::table('images')->orderBy('created_at', 'desc')
- ->skip($page*$pageSize)->take($pageSize)->get();
- foreach($images as $image) {
+ ->skip($page * $pageSize)->take($pageSize)->get();
+ foreach ($images as $image) {
$image->thumbnail = $this->getThumbnail($image, 150, 150);
}
$hasMore = count(DB::table('images')->orderBy('created_at', 'desc')
- ->skip(($page+1)*$pageSize)->take($pageSize)->get()) > 0;
+ ->skip(($page + 1) * $pageSize)->take($pageSize)->get()) > 0;
return response()->json([
- 'images' => $images,
+ 'images' => $images,
'hasMore' => $hasMore
]);
}
/**
* Get the thumbnail for an image.
- * @param $image
+ * @param $image
* @param int $width
* @param int $height
* @return string
$thumbFilePath = public_path() . $thumbPath;
// Return the thumbnail url path if already exists
- if(file_exists($thumbFilePath)) {
+ if (file_exists($thumbFilePath)) {
return $thumbPath;
}
$thumb->fit($width, $height);
// Create thumbnail folder if it does not exist
- if(!file_exists(dirname($thumbFilePath))) {
+ if (!file_exists(dirname($thumbFilePath))) {
mkdir(dirname($thumbFilePath), 0775, true);
}
*/
public function upload(Request $request)
{
+ $this->checkPermission('image-create');
$imageUpload = $request->file('file');
$name = str_replace(' ', '-', $imageUpload->getClientOriginalName());
$storageName = substr(sha1(time()), 0, 10) . '-' . $name;
- $imagePath = '/uploads/images/'.Date('Y-m-M').'/';
- $storagePath = public_path(). $imagePath;
+ $imagePath = '/uploads/images/' . Date('Y-m-M') . '/';
+ $storagePath = public_path() . $imagePath;
$fullPath = $storagePath . $storageName;
- while(file_exists($fullPath)) {
+ while (file_exists($fullPath)) {
$storageName = substr(sha1(rand()), 0, 3) . $storageName;
$fullPath = $storagePath . $storageName;
}
/**
* Update image details
- * @param $imageId
+ * @param $imageId
* @param Request $request
* @return \Illuminate\Http\JsonResponse
*/
public function update($imageId, Request $request)
{
+ $this->checkPermission('image-update');
$this->validate($request, [
'name' => 'required|min:2|string'
]);
*/
public function destroy($id)
{
+ $this->checkPermission('image-delete');
$image = $this->image->findOrFail($id);
// Delete files
$fileName = basename($image->url);
// Delete thumbnails
- foreach(glob($folder . '/*') as $file) {
- if(is_dir($file)) {
+ foreach (glob($folder . '/*') as $file) {
+ if (is_dir($file)) {
$thumbName = $file . '/' . $fileName;
- if(file_exists($file)) {
+ if (file_exists($file)) {
unlink($thumbName);
}
// Remove thumb folder if empty
- if(count(glob($file . '/*')) === 0) {
+ if (count(glob($file . '/*')) === 0) {
rmdir($file);
}
}
$image->delete();
// Delete parent folder if empty
- if(count(glob($folder . '/*')) === 0) {
+ if (count(glob($folder . '/*')) === 0) {
rmdir($folder);
}
return response()->json('Image Deleted');
/**
* PageController constructor.
- * @param PageRepo $pageRepo
- * @param BookRepo $bookRepo
+ * @param PageRepo $pageRepo
+ * @param BookRepo $bookRepo
* @param ChapterRepo $chapterRepo
*/
public function __construct(PageRepo $pageRepo, BookRepo $bookRepo, ChapterRepo $chapterRepo)
$this->pageRepo = $pageRepo;
$this->bookRepo = $bookRepo;
$this->chapterRepo = $chapterRepo;
+ parent::__construct();
}
/**
* Show the form for creating a new page.
*
- * @param $bookSlug
+ * @param $bookSlug
* @param bool $chapterSlug
* @return Response
* @internal param bool $pageSlug
*/
public function create($bookSlug, $chapterSlug = false)
{
+ $this->checkPermission('page-create');
$book = $this->bookRepo->getBySlug($bookSlug);
$chapter = $chapterSlug ? $this->chapterRepo->getBySlug($chapterSlug, $book->id) : false;
return view('pages/create', ['book' => $book, 'chapter' => $chapter]);
* Store a newly created page in storage.
*
* @param Request $request
- * @param $bookSlug
+ * @param $bookSlug
* @return Response
*/
public function store(Request $request, $bookSlug)
{
+ $this->checkPermission('page-create');
$this->validate($request, [
- 'name' => 'required|string|max:255',
- 'html' => 'required|string',
+ 'name' => 'required|string|max:255',
+ 'html' => 'required|string',
'parent' => 'integer|exists:pages,id'
]);
$book = $this->bookRepo->getBySlug($bookSlug);
$page->slug = $this->pageRepo->findSuitableSlug($page->name, $book->id);
$page->priority = $this->bookRepo->getNewPriority($book);
- if($request->has('chapter') && $this->chapterRepo->idExists($request->get('chapter'))) {
+ if ($request->has('chapter') && $this->chapterRepo->idExists($request->get('chapter'))) {
$page->chapter_id = $request->get('chapter');
}
*/
public function edit($bookSlug, $pageSlug)
{
+ $this->checkPermission('page-update');
$book = $this->bookRepo->getBySlug($bookSlug);
$page = $this->pageRepo->getBySlug($pageSlug, $book->id);
return view('pages/edit', ['page' => $page, 'book' => $book, 'current' => $page]);
* Update the specified page in storage.
*
* @param Request $request
- * @param $bookSlug
- * @param $pageSlug
+ * @param $bookSlug
+ * @param $pageSlug
* @return Response
*/
public function update(Request $request, $bookSlug, $pageSlug)
{
+ $this->checkPermission('page-update');
$book = $this->bookRepo->getBySlug($bookSlug);
$page = $this->pageRepo->getBySlug($pageSlug, $book->id);
$this->pageRepo->updatePage($page, $book->id, $request->all());
public function searchAll(Request $request)
{
$searchTerm = $request->get('term');
- if(empty($searchTerm)) return redirect()->back();
+ if (empty($searchTerm)) return redirect()->back();
$pages = $this->pageRepo->getBySearch($searchTerm);
return view('pages/search-results', ['pages' => $pages, 'searchTerm' => $searchTerm]);
*/
public function sortPages($bookSlug)
{
+ $this->checkPermission('book-update');
$book = $this->bookRepo->getBySlug($bookSlug);
return view('pages/sort', ['book' => $book, 'current' => $book]);
}
/**
* Saves an array of sort mapping to pages and chapters.
*
- * @param $bookSlug
+ * @param $bookSlug
* @param Request $request
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
*/
public function savePageSort($bookSlug, Request $request)
{
+ $this->checkPermission('book-update');
$book = $this->bookRepo->getBySlug($bookSlug);
// Return if no map sent
- if(!$request->has('sort-tree')) {
+ if (!$request->has('sort-tree')) {
return redirect($book->getUrl());
}
// Sort pages and chapters
$sortMap = json_decode($request->get('sort-tree'));
- foreach($sortMap as $index => $bookChild) {
+ foreach ($sortMap as $index => $bookChild) {
$id = $bookChild->id;
$isPage = $bookChild->type == 'page';
$model = $isPage ? $this->pageRepo->getById($id) : $this->chapterRepo->getById($id);
$model->priority = $index;
- if($isPage) {
+ if ($isPage) {
$model->chapter_id = ($bookChild->parentChapter === false) ? 0 : $bookChild->parentChapter;
}
$model->save();
*/
public function showDelete($bookSlug, $pageSlug)
{
+ $this->checkPermission('page-delete');
$book = $this->bookRepo->getBySlug($bookSlug);
$page = $this->pageRepo->getBySlug($pageSlug, $book->id);
return view('pages/delete', ['book' => $book, 'page' => $page, 'current' => $page]);
*/
public function destroy($bookSlug, $pageSlug)
{
+ $this->checkPermission('page-delete');
$book = $this->bookRepo->getBySlug($bookSlug);
$page = $this->pageRepo->getBySlug($pageSlug, $book->id);
Activity::addMessage('page_delete', $book->id, $page->name);
public function restoreRevision($bookSlug, $pageSlug, $revisionId)
{
+ $this->checkPermission('page-update');
$book = $this->bookRepo->getBySlug($bookSlug);
$page = $this->pageRepo->getBySlug($pageSlug, $book->id);
$revision = $this->pageRepo->getRevisionById($revisionId);
use Illuminate\Support\Facades\Hash;
use Oxbow\Http\Requests;
-use Oxbow\Http\Controllers\Controller;
use Oxbow\User;
class UserController extends Controller
public function __construct(User $user)
{
$this->user = $user;
+ parent::__construct();
}
-
/**
* Display a listing of the users.
*
public function index()
{
$users = $this->user->all();
- return view('users/index', ['users'=> $users]);
+ return view('users/index', ['users' => $users]);
}
/**
*/
public function create()
{
+ $this->checkPermission('user-create');
return view('users/create');
}
/**
* Store a newly created user in storage.
*
- * @param Request $request
+ * @param Request $request
* @return Response
*/
public function store(Request $request)
{
+ $this->checkPermission('user-create');
$this->validate($request, [
- 'name' => 'required',
- 'email' => 'required|email',
- 'password' => 'required|min:5',
- 'password-confirm' => 'required|same:password'
+ 'name' => 'required',
+ 'email' => 'required|email',
+ 'password' => 'required|min:5',
+ 'password-confirm' => 'required|same:password',
+ 'role' => 'required|exists:roles,id'
]);
$user = $this->user->fill($request->all());
$user->password = Hash::make($request->get('password'));
$user->save();
+
+ $user->attachRoleId($request->get('role'));
return redirect('/users');
}
/**
* Show the form for editing the specified user.
*
- * @param int $id
+ * @param int $id
* @return Response
*/
public function edit($id)
{
+ $this->checkPermissionOr('user-update', function () use ($id) {
+ return $this->currentUser->id == $id;
+ });
$user = $this->user->findOrFail($id);
return view('users/edit', ['user' => $user]);
}
/**
* Update the specified user in storage.
*
- * @param Request $request
- * @param int $id
+ * @param Request $request
+ * @param int $id
* @return Response
*/
public function update(Request $request, $id)
{
+ $this->checkPermissionOr('user-update', function () use ($id) {
+ return $this->currentUser->id == $id;
+ });
$this->validate($request, [
- 'name' => 'required',
- 'email' => 'required|email',
- 'password' => 'min:5',
- 'password-confirm' => 'same:password'
+ 'name' => 'required',
+ 'email' => 'required|email',
+ 'password' => 'min:5',
+ 'password-confirm' => 'same:password',
+ 'role' => 'exists:roles,id'
]);
$user = $this->user->findOrFail($id);
$user->fill($request->all());
- if($request->has('password') && $request->get('password') != '') {
+ if ($this->currentUser->can('user-update') && $request->has('role')) {
+ $user->attachRoleId($request->get('role'));
+ }
+
+ if ($request->has('password') && $request->get('password') != '') {
$password = $request->get('password');
$user->password = Hash::make($password);
}
*/
public function delete($id)
{
+ $this->checkPermissionOr('user-delete', function () use ($id) {
+ return $this->currentUser->id == $id;
+ });
$user = $this->user->findOrFail($id);
return view('users/delete', ['user' => $user]);
}
/**
* Remove the specified user from storage.
*
- * @param int $id
+ * @param int $id
* @return Response
*/
public function destroy($id)
{
+ $this->checkPermissionOr('user-delete', function () use ($id) {
+ return $this->currentUser->id == $id;
+ });
$user = $this->user->findOrFail($id);
$user->delete();
return redirect('/users');
* @var array
*/
protected $routeMiddleware = [
- 'auth' => \Oxbow\Http\Middleware\Authenticate::class,
+ 'auth' => \Oxbow\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
- 'guest' => \Oxbow\Http\Middleware\RedirectIfAuthenticated::class,
+ 'guest' => \Oxbow\Http\Middleware\RedirectIfAuthenticated::class,
+ 'perm' => \Oxbow\Http\Middleware\PermissionMiddleware::class
];
}
--- /dev/null
+<?php
+
+namespace Oxbow\Http\Middleware;
+
+use Closure;
+use Illuminate\Support\Facades\Session;
+
+class PermissionMiddleware
+{
+ /**
+ * Handle an incoming request.
+ *
+ * @param \Illuminate\Http\Request $request
+ * @param \Closure $next
+ * @param $permission
+ * @return mixed
+ */
+ public function handle($request, Closure $next, $permission)
+ {
+
+ if (!$request->user() || !$request->user()->can($permission)) {
+ Session::flash('error', trans('errors.permission'));
+ return redirect()->back();
+ }
+
+ return $next($request);
+ }
+}
|
*/
-
+Route::get('/test', function () {
+ return Auth::user()->can('users-edit');
+});
// Authentication routes...
-Route::group(['middleware' => 'auth'], function() {
+Route::group(['middleware' => 'auth'], function () {
- Route::group(['prefix' => 'books'], function() {
+ Route::group(['prefix' => 'books'], function () {
// Books
Route::get('/', 'BookController@index');
--- /dev/null
+<?php
+
+namespace Oxbow;
+
+use Illuminate\Database\Eloquent\Model;
+
+class Permission extends Model
+{
+ /**
+ * The roles that belong to the permission.
+ */
+ public function roles()
+ {
+ return $this->belongsToMany('Oxbow\Permissions');
+ }
+}
namespace Oxbow\Providers;
+use Illuminate\Support\Facades\Auth;
use Illuminate\Support\ServiceProvider;
+use Oxbow\User;
class AppServiceProvider extends ServiceProvider
{
--- /dev/null
+<?php
+
+namespace Oxbow;
+
+use Illuminate\Database\Eloquent\Model;
+
+class Role extends Model
+{
+ /**
+ * The roles that belong to the role.
+ */
+ public function users()
+ {
+ return $this->belongsToMany('Oxbow\User');
+ }
+
+ /**
+ * The permissions that belong to the role.
+ */
+ public function permissions()
+ {
+ return $this->belongsToMany('Oxbow\Permission');
+ }
+
+ /**
+ * Add a permission to this role.
+ * @param Permission $permission
+ */
+ public function attachPermission(Permission $permission)
+ {
+ $this->permissions()->attach($permission->id);
+ }
+
+}
{
return new static([
'email' => 'guest',
- 'name' => 'Guest'
+ 'name' => 'Guest'
]);
}
+ /**
+ * Permissions and roles
+ */
+
+ /**
+ * The roles that belong to the user.
+ */
+ public function roles()
+ {
+ return $this->belongsToMany('Oxbow\Role');
+ }
+
+ public function getRoleAttribute()
+ {
+ return $this->roles()->first();
+ }
+
+ /**
+ * Check if the user has a particular permission.
+ * @param $permissionName
+ * @return bool
+ */
+ public function can($permissionName)
+ {
+ $permissions = $this->role->permissions()->get();
+ $permissionSearch = $permissions->search(function ($item, $key) use ($permissionName) {
+ return $item->name == $permissionName;
+ });
+ return $permissionSearch !== false;
+ }
+
+ /**
+ * Attach a role to this user.
+ * @param Role $role
+ */
+ public function attachRole(Role $role)
+ {
+ $this->attachRoleId($role->id);
+ }
+
+ /**
+ * Attach a role id to this user.
+ * @param $id
+ */
+ public function attachRoleId($id)
+ {
+ $this->roles()->sync([$id]);
+ }
+
/**
* Returns the user's avatar,
* Uses Gravatar as the avatar service.
+ *
* @param int $size
* @return string
*/
$table->rememberToken();
$table->timestamps();
});
+
+ \Oxbow\User::create([
+ 'name' => 'Admin',
+ 'email' => 'admin@admin.com',
+ 'password' => \Illuminate\Support\Facades\Hash::make('password')
+ ]);
}
/**
--- /dev/null
+<?php
+
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Database\Migrations\Migration;
+
+/**
+ * Much of this code has been taken from entrust,
+ * a role & permission management solution for Laravel.
+ *
+ * Full attribution of the database Schema shown below goes to the entrust project.
+ *
+ * @license MIT
+ * @package Zizaco\Entrust
+ * @url https://github.com/Zizaco/entrust
+ */
+class AddRolesAndPermissions extends Migration
+{
+ /**
+ * Run the migrations.
+ *
+ * @return void
+ */
+ public function up()
+ {
+ // Create table for storing roles
+ Schema::create('roles', function (Blueprint $table) {
+ $table->increments('id');
+ $table->string('name')->unique();
+ $table->string('display_name')->nullable();
+ $table->string('description')->nullable();
+ $table->timestamps();
+ });
+
+ // Create table for associating roles to users (Many-to-Many)
+ Schema::create('role_user', function (Blueprint $table) {
+ $table->integer('user_id')->unsigned();
+ $table->integer('role_id')->unsigned();
+
+ $table->foreign('user_id')->references('id')->on('users')
+ ->onUpdate('cascade')->onDelete('cascade');
+ $table->foreign('role_id')->references('id')->on('roles')
+ ->onUpdate('cascade')->onDelete('cascade');
+
+ $table->primary(['user_id', 'role_id']);
+ });
+
+ // Create table for storing permissions
+ Schema::create('permissions', function (Blueprint $table) {
+ $table->increments('id');
+ $table->string('name')->unique();
+ $table->string('display_name')->nullable();
+ $table->string('description')->nullable();
+ $table->timestamps();
+ });
+
+ // Create table for associating permissions to roles (Many-to-Many)
+ Schema::create('permission_role', function (Blueprint $table) {
+ $table->integer('permission_id')->unsigned();
+ $table->integer('role_id')->unsigned();
+
+ $table->foreign('permission_id')->references('id')->on('permissions')
+ ->onUpdate('cascade')->onDelete('cascade');
+ $table->foreign('role_id')->references('id')->on('roles')
+ ->onUpdate('cascade')->onDelete('cascade');
+
+ $table->primary(['permission_id', 'role_id']);
+ });
+
+
+ // Create default roles
+ $admin = new \Oxbow\Role();
+ $admin->name = 'admin';
+ $admin->display_name = 'Admin';
+ $admin->description = 'Administrator of the whole application';
+ $admin->save();
+
+ $editor = new \Oxbow\Role();
+ $editor->name = 'editor';
+ $editor->display_name = 'Editor';
+ $editor->description = 'User can edit Books, Chapters & Pages';
+ $editor->save();
+
+ $viewer = new \Oxbow\Role();
+ $viewer->name = 'viewer';
+ $viewer->display_name = 'Viewer';
+ $viewer->description = 'User can view books & their content behind authentication';
+ $viewer->save();
+
+ // Create default CRUD permissions and allocate to admins and editors
+ $entities = ['Book', 'Page', 'Chapter', 'Image'];
+ $ops = ['Create', 'Update', 'Delete'];
+ foreach ($entities as $entity) {
+ foreach ($ops as $op) {
+ $newPermission = new \Oxbow\Permission();
+ $newPermission->name = strtolower($entity) . '-' . strtolower($op);
+ $newPermission->display_name = $op . ' ' . $entity . 's';
+ $newPermission->save();
+ $admin->attachPermission($newPermission);
+ $editor->attachPermission($newPermission);
+ }
+ }
+
+ // Create admin permissions
+ $entities = ['Settings', 'User'];
+ $ops = ['Create', 'Update', 'Delete'];
+ foreach ($entities as $entity) {
+ foreach ($ops as $op) {
+ $newPermission = new \Oxbow\Permission();
+ $newPermission->name = strtolower($entity) . '-' . strtolower($op);
+ $newPermission->display_name = $op . ' ' . $entity;
+ $newPermission->save();
+ $admin->attachPermission($newPermission);
+ }
+ }
+
+ // Set all current users as admins
+ // (At this point only the initially create user should be an admin)
+ $users = \Oxbow\User::all();
+ foreach ($users as $user) {
+ $user->attachRole($admin);
+ }
+
+ }
+
+ /**
+ * Reverse the migrations.
+ *
+ * @return void
+ */
+ public function down()
+ {
+ Schema::drop('permission_role');
+ Schema::drop('permissions');
+ Schema::drop('role_user');
+ Schema::drop('roles');
+ }
+}
Model::unguard();
// $this->call(UserTableSeeder::class);
- \Oxbow\User::create([
- 'name' => 'Admin',
- 'email' => 'admin@admin.com',
- 'password' => \Illuminate\Support\Facades\Hash::make('password')
- ]);
Model::reguard();
}
&.large {
padding: $-xl;
}
+ >h1, >h2, >h3, >h4 {
+ &:first-child {
+ margin-top: 0.1em;
+ }
+ }
}
.padded-vertical, .padded-top {
padding-top: $-m;
padding-top: $-xl;
}
}
+
.padded-vertical, .padded-bottom {
padding-bottom: $-m;
&.large {
*/
ul {
list-style: disc;
- margin-left: $-m;
+ margin-left: $-m*1.5;
}
/*
--- /dev/null
+<?php
+
+return [
+
+ /**
+ * Error text strings.
+ */
+
+ // Pages
+ 'permission' => 'You do not have permission to access the requested page.',
+];
\ No newline at end of file
--- /dev/null
+
+<select id="{{ $name }}" name="{{ $name }}">
+ @foreach($options as $option)
+ <option value="{{$option->id}}"
+ @if($errors->has($name)) class="neg" @endif
+ @if(isset($model) || old($name)) @if(old($name) && old($name) === $option->id) selected @elseif(isset($model) && $model->id === $option->id) selected @endif @endif
+ >
+ {{ $option->$displayKey }}
+ </option>
+ @endforeach
+</select>
+
+@if($errors->has($name))
+ <div class="text-neg text-small">{{ $errors->first($name) }}</div>
+@endif
\ No newline at end of file
<div class="row">
<div class="page-content">
+
<div class="row">
<div class="col-md-6">
<h1>Edit User</h1>
</div>
</div>
</div>
+
+ <hr class="margin-top large">
+
+ <div class="row">
+ <div class="col-md-12">
+ <h3>Permissions</h3>
+ <p>User Role: <strong>{{$user->role->display_name}}</strong>.</p>
+ <ul class="text-muted">
+ @foreach($user->role->permissions as $permission)
+ <li>
+ {{ $permission->display_name }}
+ </li>
+ @endforeach
+ </ul>
+
+ </div>
+ </div>
+
</div>
</div>
-
<div class="form-group">
<label for="name">Name</label>
@include('form/text', ['name' => 'name'])
</div>
@if(isset($model))
-<div class="form-group">
+
<div class="form-group">
<span class="text-muted">
Only fill the below if you would like <br>to change your password:
</span>
-</div>
+ </div>
+@endif
+
+@if($currentUser->can('user-update'))
+ <div class="form-group">
+ <label for="role">User Role</label>
+ @include('form/model-select', ['name' => 'role', 'options' => \Oxbow\Role::all(), 'displayKey' => 'display_name'])
+ </div>
@endif
<div class="form-group">
<div class="col-md-6"></div>
<div class="col-md-6 faded">
<div class="action-buttons">
- <a href="/users/create" class="text-pos"><i class="zmdi zmdi-account-add"></i>New User</a>
+ @if($currentUser->can('user-create'))
+ <a href="/users/create" class="text-pos"><i class="zmdi zmdi-account-add"></i>New User</a>
+ @endif
</div>
</div>
</div>
<th></th>
<th>Name</th>
<th>Email</th>
+ <th>User Type</th>
</tr>
@foreach($users as $user)
<tr>
<td style="line-height: 0;"><img class="avatar" src="{{$user->getAvatar(40)}}" alt="{{$user->name}}"></td>
- <td><a href="/users/{{$user->id}}">{{$user->name}}</a></td>
+ <td>
+ @if($currentUser->can('user-update') || $currentUser->id == $user->id)
+ <a href="/users/{{$user->id}}">
+ @endif
+ {{$user->name}}
+ @if($currentUser->can('user-update') || $currentUser->id == $user->id)
+ </a>
+ @endif
+ </td>
<td>{{$user->email}}</td>
+ <td>{{ $user->role->display_name }}</td>
</tr>
@endforeach
</table>
projects / bookstack / commitdiff