Skip to content

Instantly share code, notes, and snippets.

@unstoppablecarl

unstoppablecarl/UserPermissionsHelper.php

Created March 6, 2017 15:51
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save unstoppablecarl/64188b4fbb77dd9cc47df366cf3dcf73 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save unstoppablecarl/64188b4fbb77dd9cc47df366cf3dcf73 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. unstoppablecarl created this gist Mar 6, 2017.
    271 changes: 271 additions & 0 deletions UserPermissionsHelper.php
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,271 @@
    <?php

    namespace App\Services\Auth;

    use App\Exceptions\PrimaryRoleNotFoundException;
    use App\Exceptions\RoleNotFoundException;
    use App\Models\Role;
    use App\Models\User;

    class UserPermissionsHelper {

    const PERM_canGrantRolesToUsersWithPrimaryRole = 'users.grant_role_to?primary_role=';
    const PERM_canRevokeRolesFromUsersWithPrimaryRole = 'users.revoke_role_from?primary_role=';
    const PERM_canChangePrimaryRoleOfUsersTo = 'users.change_primary_role_to?primary_role=';
    const PERM_canChangePrimaryRoleOfUsersWithPrimaryRole = 'users.change_primary_role_from?primary_role=';
    const PERM_canGrantRole = 'roles.grant_to_user?role=';
    const PERM_canRevokeRole = 'roles.revoke_from_user?role=';

    const PERM_canViewUsersWithPrimaryRole = 'users.view?primary_role=';
    const PERM_canCreateUsersWithPrimaryRole = 'users.create?primary_role=';
    const PERM_canUpdateUsersWithPrimaryRole = 'users.update?primary_role=';
    const PERM_canDeleteUsersWithPrimaryRole = 'users.delete?primary_role=';

    protected $primaryRoles;
    protected $roles;

    protected function primaryRoles($forceRefresh = false) {
    if ($forceRefresh || !$this->primaryRoles) {
    $this->primaryRoles = Role::where('is_primary', 1)->get();
    }
    return $this->primaryRoles;
    }

    protected function roles($forceRefresh = false) {
    if ($forceRefresh || !$this->roles) {
    $this->roles = Role::where('is_primary', 0)->get();
    }
    return $this->roles;
    }

    protected function toPrimaryRole($primaryRole) {
    if ($primaryRole instanceof Role) {
    $exists = $this->primaryRoles()->where('name', $primaryRole->name)->count();
    if (!$exists) {
    throw new PrimaryRoleNotFoundException($primaryRole->name);
    }
    return $primaryRole->name;
    }

    $exists = $this->primaryRoles()->where('name', $primaryRole)->first();
    if (!$exists) {
    throw new PrimaryRoleNotFoundException($primaryRole);
    }
    return $primaryRole;
    }

    protected function toRole($role) {
    if ($role instanceof Role) {
    $exists = $this->roles()->where('name', $role->name)->count();
    if (!$exists) {
    throw new RoleNotFoundException($role->name);
    }
    return $role->name;
    }

    $exists = $this->roles()->where('name', $role)->first();
    if (!$exists) {
    throw new RoleNotFoundException($role);
    }
    return $role;
    }

    // view
    public function canViewUser(User $user, User $target) {
    $targetPrimaryRole = $target->getPrimaryRole();
    return $this->canViewUsersWithPrimaryRole($user, $targetPrimaryRole);
    }

    public function canViewUsersWithPrimaryRole(User $user, $primaryRole) {
    $primaryRole = $this->toPrimaryRole($primaryRole);
    $perm = static::PERM_canViewUsersWithPrimaryRole . $primaryRole;
    return $user->can($perm);
    }

    public function canViewAnyUsers(User $user) {
    return $this->getCanViewUsersWithPrimaryRoles($user)->count() > 0;
    }

    public function getCanViewUsersWithPrimaryRoles(User $user) {
    return $this->primaryRoles()
    ->filter(function ($role) use ($user) {
    return $this->canViewUsersWithPrimaryRole($user, $role);
    });
    }

    // create
    public function canCreateUsersWithPrimaryRole(User $user, $primaryRole) {
    $primaryRole = $this->toPrimaryRole($primaryRole);
    $perm = static::PERM_canCreateUsersWithPrimaryRole . $primaryRole;
    return $user->can($perm);
    }

    public function canCreateAnyUsers(User $user) {
    return $this->getCanCreateUsersWithPrimaryRoles($user)->count() > 0;
    }

    public function getCanCreateUsersWithPrimaryRoles(User $user) {
    return $this->primaryRoles()
    ->filter(function ($role) use ($user) {
    return $this->canCreateUsersWithPrimaryRole($user, $role);
    });
    }

    // update
    public function canUpdateUser(User $user, User $target) {
    $targetPrimaryRole = $target->getPrimaryRole();
    return $this->canUpdateUsersWithPrimaryRole($user, $targetPrimaryRole);
    }

    public function canUpdateUsersWithPrimaryRole(User $user, $primaryRole) {
    $primaryRole = $this->toPrimaryRole($primaryRole);
    $perm = static::PERM_canUpdateUsersWithPrimaryRole . $primaryRole;
    return $user->can($perm);
    }

    public function canUpdateAnyUsers(User $user) {
    return $this->getCanUpdateUsersWithPrimaryRoles($user)->count() > 0;
    }

    public function getCanUpdateUsersWithPrimaryRoles(User $user) {
    return $this->primaryRoles()
    ->filter(function ($role) use ($user) {
    return $this->canUpdateUsersWithPrimaryRole($user, $role);
    });
    }

    // delete
    public function canDeleteUser(User $user, User $target) {
    $targetPrimaryRole = $target->getPrimaryRole();
    return $this->canDeleteUsersWithPrimaryRole($user, $targetPrimaryRole);
    }

    public function canDeleteUsersWithPrimaryRole(User $user, $primaryRole) {
    $primaryRole = $this->toPrimaryRole($primaryRole);
    $perm = static::PERM_canDeleteUsersWithPrimaryRole . $primaryRole;
    return $user->can($perm);
    }

    public function canDeleteAnyUsers(User $user) {
    return $this->getCanDeleteUsersWithPrimaryRoles($user)->count() > 0;
    }

    public function getCanDeleteUsersWithPrimaryRoles(User $user) {
    return $this->primaryRoles()
    ->filter(function ($role) use ($user) {
    return $this->canDeleteUsersWithPrimaryRole($user, $role);
    });
    }

    // change primary role
    public function canChangePrimaryRoleOfUserTo(User $user, User $target, $newPrimaryRole) {
    return (
    $this->canChangePrimaryRoleOfUser($user, $target) &&
    $this->canChangePrimaryRoleOfUsersTo($user, $newPrimaryRole)
    );
    }

    public function canChangePrimaryRoleOfUsersTo(User $user, $primaryRole) {
    $primaryRole = $this->toPrimaryRole($primaryRole);
    $perm = static::PERM_canChangePrimaryRoleOfUsersTo . $primaryRole;
    return $user->can($perm);
    }

    public function canChangePrimaryRoleOfUser(User $user, User $target) {
    $targetPrimaryRole = $target->getPrimaryRole();
    return $this->canChangePrimaryRoleOfUsersWithPrimaryRole($user, $targetPrimaryRole);
    }

    public function canChangePrimaryRoleOfUsersWithPrimaryRole(User $user, $primaryRole) {
    $primaryRole = $this->toPrimaryRole($primaryRole);
    $perm = static::PERM_canChangePrimaryRoleOfUsersWithPrimaryRole . $primaryRole;
    return $user->can($perm);
    }

    public function canChangePrimaryRoleOfAnyUsers(User $user) {
    return $this->getCanChangePrimaryRoleOfUsersWithPrimaryRoles($user)->count() > 0;
    }

    public function getCanChangePrimaryRoleOfUsersWithPrimaryRoles(User $user) {
    return $this->primaryRoles()
    ->filter(function ($role) use ($user) {
    return $this->canChangePrimaryRoleOfUsersWithPrimaryRole($user, $role);
    });
    }


    // grant role

    public function canGrantRoleToUser(User $user, User $target, $newRole) {
    return (
    $this->canGrantRolesToUser($user, $target) &&
    $this->canGrantRole($user, $newRole)
    );
    }

    public function canGrantRolesToUser(User $user, User $target) {
    $targetPrimaryRole = $target->getPrimaryRole();
    return $this->canGrantRolesToUsersWithPrimaryRole($user, $targetPrimaryRole);
    }

    public function canGrantRolesToUsersWithPrimaryRole(User $user, $primaryRole) {
    $primaryRole = $this->toPrimaryRole($primaryRole);
    $perm = static::PERM_canGrantRolesToUsersWithPrimaryRole . $primaryRole;
    return $user->can($perm);
    }

    public function canGrantRole(User $user, $role) {
    $role = $this->toRole($role);
    $perm = static::PERM_canGrantRole . $role;
    return $user->can($perm);
    }

    public function canGrantAnyRoles(User $user) {
    return $this->getCanGrantRoles($user)->count() > 0;
    }

    public function getCanGrantRoles(User $user) {
    return $this->roles()
    ->filter(function ($role) use ($user) {
    return $this->canGrantRole($user, $role);
    });
    }

    // revoke role
    public function canRevokeRoleFromUser(User $user, User $target, $revokeRole) {
    $revokeRole = $this->toRole($revokeRole);
    return (
    $this->canRevokeRolesFromUser($user, $target) &&
    $this->canRevokeRole($user, $revokeRole)
    );
    }

    public function canRevokeRolesFromUser(User $user, User $target) {
    $targetPrimaryRole = $target->getPrimaryRole();
    return $this->canRevokeRolesFromUsersWithPrimaryRole($user, $targetPrimaryRole);
    }

    public function canRevokeRolesFromUsersWithPrimaryRole(User $user, $primaryRole) {
    $primaryRole = $this->toPrimaryRole($primaryRole);
    $perm = static::PERM_canRevokeRolesFromUsersWithPrimaryRole . $primaryRole;
    return $user->can($perm);
    }

    public function canRevokeRole(User $user, $role) {
    $role = $this->toRole($role);
    $perm = static::PERM_canRevokeRole . $role;
    return $user->can($perm);
    }

    public function canRevokeAnyRoles(User $user) {
    return $this->getCanRevokeRoles($user)->count() > 0;
    }

    public function getCanRevokeRoles(User $user) {
    return $this->roles()
    ->filter(function ($role) use ($user) {
    return $this->canRevokeRole($user, $role);
    });
    }

    }