Add interface to additional roles/permissions
This commit is contained in:
Nabeel Shahzad
@@ -74,11 +74,6 @@ class RolesPermissionsTables extends Migration
|
||||
'name' => 'admin',
|
||||
'display_name' => 'Administrators',
|
||||
],
|
||||
[
|
||||
'id' => 2,
|
||||
'name' => 'user',
|
||||
'display_name' => 'Pilot',
|
||||
],
|
||||
];
|
||||
|
||||
$this->addData('roles', $roles);
|
||||
|
||||
@@ -0,0 +1,37 @@
|
||||
<?php
|
||||
|
||||
use Illuminate\Support\Facades\Schema;
|
||||
use Illuminate\Database\Schema\Blueprint;
|
||||
use Illuminate\Database\Migrations\Migration;
|
||||
|
||||
class AddReadonlyToRoles extends Migration
|
||||
{
|
||||
/**
|
||||
* Run the migrations.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function up(): void
|
||||
{
|
||||
Schema::table('roles', static function (Blueprint $table) {
|
||||
$table->boolean('read_only');
|
||||
});
|
||||
|
||||
// Set the two main roles as read-only
|
||||
DB::table('roles')
|
||||
->whereIn('name', ['admin', 'user'])
|
||||
->update(['read_only' => true]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Reverse the migrations.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function down(): void
|
||||
{
|
||||
Schema::table('roles', static function (Blueprint $table) {
|
||||
$table->dropColumn('read_only');
|
||||
});
|
||||
}
|
||||
}
|
||||
@@ -5,17 +5,16 @@ use Illuminate\Database\Seeder;
|
||||
|
||||
class DatabaseSeeder extends Seeder
|
||||
{
|
||||
/**
|
||||
* Map these other environments to a specific seed file
|
||||
*
|
||||
* @var array
|
||||
*/
|
||||
public static $seed_mapper = [
|
||||
private static $seed_mapper = [
|
||||
'local' => 'dev',
|
||||
'qa' => 'dev',
|
||||
'staging' => 'dev',
|
||||
];
|
||||
|
||||
private static $always_seed = [
|
||||
'permissions',
|
||||
];
|
||||
|
||||
/**
|
||||
* Run the database seeds.
|
||||
*
|
||||
@@ -28,6 +27,7 @@ class DatabaseSeeder extends Seeder
|
||||
$env = self::$seed_mapper[$env];
|
||||
}
|
||||
|
||||
Log::info('Seeding from environment '.$env);
|
||||
$path = database_path('seeds/'.$env.'.yml');
|
||||
|
||||
if (!file_exists($path)) {
|
||||
@@ -36,5 +36,14 @@ class DatabaseSeeder extends Seeder
|
||||
|
||||
$svc = app(DatabaseService::class);
|
||||
$svc->seed_from_yaml_file($path);
|
||||
|
||||
// Always seed/sync these
|
||||
foreach (self::$always_seed as $file) {
|
||||
Log::info('Importing '.$file);
|
||||
$path = database_path('seeds/'.$file.'.yml');
|
||||
if (file_exists($path)) {
|
||||
$svc->seed_from_yaml_file($path);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
42
app/Database/seeds/permissions.yml
Normal file
42
app/Database/seeds/permissions.yml
Normal file
@@ -0,0 +1,42 @@
|
||||
# All of the different permissions that can be assigned to roles
|
||||
---
|
||||
permissions:
|
||||
- name: admin-access
|
||||
display_name: Admin Access
|
||||
description: Access the admin panel
|
||||
- name: airlines
|
||||
display_name: Airlines
|
||||
description: Create/edit airlines
|
||||
- name: airports
|
||||
display_name: Airports
|
||||
description: Create/edit airports
|
||||
- name: addons
|
||||
display_name: Addons
|
||||
description: Edit/view addons
|
||||
- name: awards
|
||||
display_name: Awards
|
||||
description: Create/edit award classes
|
||||
- name: flights
|
||||
display_name: Flights
|
||||
description: Create/edit flights
|
||||
- name: fleet
|
||||
display_name: Fleet
|
||||
description: Create/edit subfleets and fleets
|
||||
- name: fares
|
||||
display_name: Fares
|
||||
description: Create/edit fares
|
||||
- name: finances
|
||||
display_name: Finances
|
||||
description: Create/view finance related items
|
||||
- name: pireps
|
||||
display_name: PIREPs
|
||||
description: Accept/reject/edit PIREPs
|
||||
- name: ranks
|
||||
display_name: Ranks
|
||||
description: Create/edit ranks
|
||||
- name: users
|
||||
display_name: Users
|
||||
description: Create/edit users
|
||||
- name: settings
|
||||
display_name: Settings
|
||||
description: Edit VA settings
|
||||
@@ -9,6 +9,10 @@ airlines:
|
||||
created_at: now
|
||||
updated_at: now
|
||||
|
||||
roles:
|
||||
- name: fleet-only
|
||||
display_name: Edit Fleet
|
||||
|
||||
users:
|
||||
- id: 1
|
||||
name: Admin User
|
||||
|
||||
185
app/Http/Controllers/Admin/RolesController.php
Normal file
185
app/Http/Controllers/Admin/RolesController.php
Normal file
@@ -0,0 +1,185 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Controllers\Admin;
|
||||
|
||||
use App\Http\Requests\CreateAirlineRequest;
|
||||
use App\Http\Requests\CreateRoleRequest;
|
||||
use App\Http\Requests\UpdateAirlineRequest;
|
||||
use App\Http\Requests\UpdateRoleRequest;
|
||||
use App\Interfaces\Controller;
|
||||
use App\Repositories\RoleRepository;
|
||||
use App\Repositories\PermissionsRepository;
|
||||
use App\Support\Countries;
|
||||
use Flash;
|
||||
use Illuminate\Http\Request;
|
||||
use Prettus\Repository\Criteria\RequestCriteria;
|
||||
use Response;
|
||||
|
||||
/**
|
||||
* Class AirlinesController
|
||||
*/
|
||||
class RolesController extends Controller
|
||||
{
|
||||
private $permsRepo;
|
||||
private $rolesRepo;
|
||||
|
||||
/**
|
||||
* AirlinesController constructor.
|
||||
*
|
||||
* @param PermissionsRepository $permsRepo
|
||||
* @param RoleRepository $rolesRepo
|
||||
*/
|
||||
public function __construct(PermissionsRepository $permsRepo, RoleRepository $rolesRepo)
|
||||
{
|
||||
$this->permsRepo = $permsRepo;
|
||||
$this->rolesRepo = $rolesRepo;
|
||||
}
|
||||
|
||||
/**
|
||||
* Display a listing of the Airlines.
|
||||
*
|
||||
* @param Request $request
|
||||
*
|
||||
* @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
|
||||
*
|
||||
* @throws \Prettus\Repository\Exceptions\RepositoryException
|
||||
*/
|
||||
public function index(Request $request)
|
||||
{
|
||||
$this->rolesRepo->pushCriteria(new RequestCriteria($request));
|
||||
$roles = $this->rolesRepo->findWhere(['read_only' => false]);
|
||||
|
||||
return view('admin.roles.index', [
|
||||
'roles' => $roles,
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Show the form for creating a new Airlines.
|
||||
*/
|
||||
public function create()
|
||||
{
|
||||
return view('admin.roles.create', [
|
||||
'permissions' => $this->permsRepo->all(),
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Store a newly created Airlines in storage.
|
||||
*
|
||||
* @param CreateRoleRequest $request
|
||||
*
|
||||
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
|
||||
*
|
||||
* @throws \Prettus\Validator\Exceptions\ValidatorException
|
||||
*/
|
||||
public function store(CreateRoleRequest $request)
|
||||
{
|
||||
$input = $request->all();
|
||||
|
||||
// Create a slug using the display name provided
|
||||
$input['name'] = str_slug($input['display_name']);
|
||||
|
||||
$this->rolesRepo->create($input);
|
||||
|
||||
Flash::success('Role saved successfully.');
|
||||
return redirect(route('admin.roles.index'));
|
||||
}
|
||||
|
||||
/**
|
||||
* Display the specified role
|
||||
*
|
||||
* @param int $id
|
||||
*
|
||||
* @return mixed
|
||||
*/
|
||||
public function show($id)
|
||||
{
|
||||
$roles = $this->rolesRepo->findWithoutFail($id);
|
||||
|
||||
if (empty($roles)) {
|
||||
Flash::error('Role not found');
|
||||
return redirect(route('admin.roles.index'));
|
||||
}
|
||||
|
||||
return view('admin.roles.show', [
|
||||
'roles' => $roles,
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Show the form for editing the specified roles
|
||||
*
|
||||
* @param int $id
|
||||
*
|
||||
* @return Response
|
||||
*/
|
||||
public function edit($id)
|
||||
{
|
||||
$role = $this->rolesRepo->findWithoutFail($id);
|
||||
|
||||
if (empty($role)) {
|
||||
Flash::error('Role not found');
|
||||
return redirect(route('admin.role.index'));
|
||||
}
|
||||
|
||||
return view('admin.roles.edit', [
|
||||
'role' => $role,
|
||||
'permissions' => $this->permsRepo->all(),
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Update the specified Airlines in storage.
|
||||
*
|
||||
* @param int $id
|
||||
* @param UpdateRoleRequest $request
|
||||
*
|
||||
* @return Response
|
||||
*@throws \Prettus\Validator\Exceptions\ValidatorException
|
||||
*
|
||||
*/
|
||||
public function update($id, UpdateRoleRequest $request)
|
||||
{
|
||||
$role = $this->rolesRepo->findWithoutFail($id);
|
||||
|
||||
if (empty($role)) {
|
||||
Flash::error('Role not found');
|
||||
return redirect(route('admin.roles.index'));
|
||||
}
|
||||
|
||||
$this->rolesRepo->update($request->all(), $id);
|
||||
|
||||
// Update the permissions, filter out null/invalid values
|
||||
$perms = collect($request->permissions)->filter(static function ($v, $k) {
|
||||
return $v;
|
||||
});
|
||||
|
||||
$role->permissions()->sync($perms);
|
||||
|
||||
Flash::success('Roles updated successfully.');
|
||||
return redirect(route('admin.roles.index'));
|
||||
}
|
||||
|
||||
/**
|
||||
* Remove the specified Airlines from storage.
|
||||
*
|
||||
* @param int $id
|
||||
*
|
||||
* @return Response
|
||||
*/
|
||||
public function destroy($id)
|
||||
{
|
||||
$roles = $this->rolesRepo->findWithoutFail($id);
|
||||
|
||||
if (empty($roles)) {
|
||||
Flash::error('Role not found');
|
||||
return redirect(route('admin.roles.index'));
|
||||
}
|
||||
|
||||
$this->rolesRepo->delete($id);
|
||||
|
||||
Flash::success('Role deleted successfully.');
|
||||
return redirect(route('admin.roles.index'));
|
||||
}
|
||||
}
|
||||
@@ -122,7 +122,7 @@ class RegisterController extends Controller
|
||||
}
|
||||
|
||||
$user = User::create($opts);
|
||||
$user = $this->userService->createPilot($user);
|
||||
$user = $this->userService->createUser($user);
|
||||
|
||||
Log::info('User registered: ', $user->toArray());
|
||||
|
||||
|
||||
19
app/Http/Requests/CreateRoleRequest.php
Normal file
19
app/Http/Requests/CreateRoleRequest.php
Normal file
@@ -0,0 +1,19 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Requests;
|
||||
|
||||
use App\Models\Role;
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
|
||||
class CreateRoleRequest extends FormRequest
|
||||
{
|
||||
public function authorize(): bool
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
{
|
||||
return Role::$rules;
|
||||
}
|
||||
}
|
||||
32
app/Http/Requests/UpdateRoleRequest.php
Normal file
32
app/Http/Requests/UpdateRoleRequest.php
Normal file
@@ -0,0 +1,32 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Requests;
|
||||
|
||||
use App\Models\Role;
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
|
||||
/**
|
||||
* @property array permissions
|
||||
*/
|
||||
class UpdateRoleRequest extends FormRequest
|
||||
{
|
||||
/**
|
||||
* Determine if the user is authorized to make this request.
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
public function authorize(): bool
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the validation rules that apply to the request.
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function rules(): array
|
||||
{
|
||||
return Role::$rules;
|
||||
}
|
||||
}
|
||||
@@ -4,6 +4,28 @@ namespace App\Models;
|
||||
|
||||
use Laratrust\Models\LaratrustRole;
|
||||
|
||||
/**
|
||||
* @method static where(string $string, $group)
|
||||
*/
|
||||
class Role extends LaratrustRole
|
||||
{
|
||||
protected $fillable = [
|
||||
'id',
|
||||
'name',
|
||||
'display_name',
|
||||
'read_only',
|
||||
];
|
||||
|
||||
protected $casts = [
|
||||
'read_only' => 'boolean',
|
||||
];
|
||||
|
||||
/**
|
||||
* Validation rules
|
||||
*
|
||||
* @var array
|
||||
*/
|
||||
public static $rules = [
|
||||
'display_name' => 'required',
|
||||
];
|
||||
}
|
||||
|
||||
48
app/Repositories/PermissionsRepository.php
Normal file
48
app/Repositories/PermissionsRepository.php
Normal file
@@ -0,0 +1,48 @@
|
||||
<?php
|
||||
|
||||
namespace App\Repositories;
|
||||
|
||||
use App\Interfaces\Repository;
|
||||
use App\Models\Permission;
|
||||
use Prettus\Repository\Contracts\CacheableInterface;
|
||||
use Prettus\Repository\Traits\CacheableRepository;
|
||||
|
||||
/**
|
||||
* Class RoleRepository
|
||||
*/
|
||||
class PermissionsRepository extends Repository implements CacheableInterface
|
||||
{
|
||||
use CacheableRepository;
|
||||
|
||||
protected $fieldSearchable = [
|
||||
'name' => 'like',
|
||||
];
|
||||
|
||||
public function model(): string
|
||||
{
|
||||
return Permission::class;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the list of roles formatted for a select box
|
||||
*
|
||||
* @param boolean $add_blank
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function selectBoxList($add_blank = false): array
|
||||
{
|
||||
$retval = [];
|
||||
$items = $this->all();
|
||||
|
||||
if ($add_blank) {
|
||||
$retval[''] = '';
|
||||
}
|
||||
|
||||
foreach ($items as $i) {
|
||||
$retval[$i->id] = $i->name;
|
||||
}
|
||||
|
||||
return $retval;
|
||||
}
|
||||
}
|
||||
55
app/Repositories/RoleRepository.php
Normal file
55
app/Repositories/RoleRepository.php
Normal file
@@ -0,0 +1,55 @@
|
||||
<?php
|
||||
|
||||
namespace App\Repositories;
|
||||
|
||||
use App\Interfaces\Repository;
|
||||
use App\Models\Role;
|
||||
use Prettus\Repository\Contracts\CacheableInterface;
|
||||
use Prettus\Repository\Traits\CacheableRepository;
|
||||
|
||||
/**
|
||||
* Class RoleRepository
|
||||
*/
|
||||
class RoleRepository extends Repository implements CacheableInterface
|
||||
{
|
||||
use CacheableRepository;
|
||||
|
||||
protected $fieldSearchable = [
|
||||
'name' => 'like',
|
||||
];
|
||||
|
||||
public function model(): string
|
||||
{
|
||||
return Role::class;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the list of roles formatted for a select box
|
||||
*
|
||||
* @param boolean $include_read_only
|
||||
* @param boolean $add_blank
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function selectBoxList($include_read_only = true, $add_blank = false): array
|
||||
{
|
||||
$retval = [];
|
||||
|
||||
$where = [];
|
||||
if ($include_read_only) {
|
||||
$where['read_only'] = true;
|
||||
}
|
||||
|
||||
$items = $this->findWhere($where);
|
||||
|
||||
if ($add_blank) {
|
||||
$retval[''] = '';
|
||||
}
|
||||
|
||||
foreach ($items as $i) {
|
||||
$retval[$i->id] = $i->name;
|
||||
}
|
||||
|
||||
return $retval;
|
||||
}
|
||||
}
|
||||
@@ -4,10 +4,14 @@
|
||||
*/
|
||||
Route::group([
|
||||
'namespace' => 'Admin', 'prefix' => 'admin', 'as' => 'admin.',
|
||||
'middleware' => ['role:admin'],
|
||||
], function () {
|
||||
'middleware' => ['ability:admin,admin-access'],
|
||||
], static function () {
|
||||
// CRUD for airlines
|
||||
Route::resource('airlines', 'AirlinesController');
|
||||
|
||||
// CRUD for roles
|
||||
Route::resource('roles', 'RolesController');
|
||||
|
||||
Route::get('airports/export', 'AirportController@export')->name('airports.export');
|
||||
Route::match(['get', 'post', 'put'], 'airports/fuel', 'AirportController@fuel');
|
||||
Route::match(['get', 'post'], 'airports/import', 'AirportController@import')->name('airports.import');
|
||||
|
||||
@@ -51,7 +51,7 @@ class UserService extends Service
|
||||
*
|
||||
* @return mixed
|
||||
*/
|
||||
public function createPilot(User $user, array $groups = null)
|
||||
public function createUser(User $user, array $groups = null)
|
||||
{
|
||||
// Determine if we want to auto accept
|
||||
if (setting('pilots.auto_accept') === true) {
|
||||
@@ -63,9 +63,10 @@ class UserService extends Service
|
||||
$user->save();
|
||||
|
||||
// Attach the user roles
|
||||
$role = Role::where('name', 'user')->first();
|
||||
$user->attachRole($role);
|
||||
// $role = Role::where('name', 'user')->first();
|
||||
// $user->attachRole($role);
|
||||
|
||||
// Attach any additional roles
|
||||
if (!empty($groups) && \is_array($groups)) {
|
||||
foreach ($groups as $group) {
|
||||
$role = Role::where('name', $group)->first();
|
||||
|
||||
Reference in New Issue
Block a user