Skip to content

Commit

Permalink
feat(authorization)!: remove method
Browse files Browse the repository at this point in the history
  • Loading branch information
@Mohammad-Alavi
Mohammad-Alavi committed Feb 7, 2025
1 parent 7d80dec commit 6dfaae2
Show file tree
Hide file tree
Showing 13 changed files with 0 additions and 206 deletions.
17 changes: 0 additions & 17 deletions config/apiato.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,23 +61,6 @@
],

'requests' => [
/*
|--------------------------------------------------------------------------
| Allow Roles to access all Routes
|--------------------------------------------------------------------------
|
| Define a list of roles that do not need to go through the "hasAccess"
| check in Requests. These roles automatically pass this check. This is
| useful, if you want to make all routes accessible for admin users.
|
| Usage: ['admin', 'editor']
| Default: []
|
*/
'allow-roles-to-access-all-routes' => [
env('ADMIN_ROLE', 'admin'),
],

/*
|--------------------------------------------------------------------------
| Force Request Header to Contain header
Expand Down
79 changes: 0 additions & 79 deletions src/Abstract/Requests/Request.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,20 +10,6 @@

abstract class Request extends LaravelRequest
{
/**
* Roles and/or Permissions that has access to this request.
*
* @example ['permissions' => 'create-users', 'roles' => 'admin|manager']
* @example ['permissions' => null, 'roles' => 'admin']
* @example ['permissions' => ['create-users'], 'roles' => null]
*
* @var array<string, string|null>
*/
protected array $access = [
'permissions' => null,
'roles' => null,
];

/**
* Id's that needs decoding before applying the validation rules.
*
Expand Down Expand Up @@ -70,16 +56,6 @@ public function withUrlParameters(array $properties): static
return $this;
}

/**
* Get the access array.
*
* @return array<string, string|null>
*/
public function getAccessArray(): array
{
return $this->access;
}

/**
* Get the decode array.
*
Expand All @@ -90,61 +66,6 @@ public function getDecodeArray(): array
return $this->decode;
}

/**
* check if a user has permission to perform an action.
* User can set multiple permissions (separated with "|") and if the user has
* any of the permissions, he will be authorized to proceed with this action.
*/
public function hasAccess(User|null $user = null): bool
{
// if not in parameters, take from the request object {$this}
$user = $user ?: $this->user();

if ($user) {
$autoAccessRoles = config('apiato.requests.allow-roles-to-access-all-routes');
// there are some roles defined that will automatically grant access
if (!empty($autoAccessRoles)) {
$hasAutoAccessByRole = $user->hasAnyRole($autoAccessRoles);
if ($hasAutoAccessByRole) {
return true;
}
}
}

// check if the user has any role / permission to access the route
$hasAccess = array_merge(
$this->hasAnyPermissionAccess($user),
$this->hasAnyRoleAccess($user),
);

// allow access if user has access to any of the defined roles or permissions.
return [] === $hasAccess || in_array(true, $hasAccess, true);
}

protected function hasAnyPermissionAccess($user): array
{
if (!array_key_exists('permissions', $this->access) || !$this->access['permissions']) {
return [];
}

$permissions = is_array($this->access['permissions']) ? $this->access['permissions'] :
explode('|', $this->access['permissions']);

return array_map(static fn ($permission) => $user->hasPermissionTo($permission), $permissions);
}

protected function hasAnyRoleAccess($user): array
{
if (!array_key_exists('roles', $this->access) || !$this->access['roles']) {
return [];
}

$roles = is_array($this->access['roles']) ? $this->access['roles'] :
explode('|', $this->access['roles']);

return array_map(static fn ($role) => $user->hasRole($role), $roles);
}

public function route($param = null, $default = null)
{
if (in_array($param, $this->decode, true) && config('apiato.hash-id')) {
Expand Down
10 changes: 0 additions & 10 deletions src/Generator/Stubs/requests/create.stub
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,6 @@ use App\Ship\Parents\Requests\Request as ParentRequest;

class {{class-name}} extends ParentRequest
{
protected array $access = [
'permissions' => null,
'roles' => null,
];

protected array $decode = [
// 'id',
];
Expand All @@ -21,9 +16,4 @@ class {{class-name}} extends ParentRequest
// 'id' => 'required',
];
}

public function authorize(): bool
{
return $this->hasAccess();
}
}
10 changes: 0 additions & 10 deletions src/Generator/Stubs/requests/delete.stub
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,6 @@ use App\Ship\Parents\Requests\Request as ParentRequest;

class {{class-name}} extends ParentRequest
{
protected array $access = [
'permissions' => null,
'roles' => null,
];

protected array $decode = [
'id',
];
Expand All @@ -21,9 +16,4 @@ class {{class-name}} extends ParentRequest
// 'id' => 'required',
];
}

public function authorize(): bool
{
return $this->hasAccess();
}
}
10 changes: 0 additions & 10 deletions src/Generator/Stubs/requests/edit.stub
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,6 @@ use App\Ship\Parents\Requests\Request as ParentRequest;

class {{class-name}} extends ParentRequest
{
protected array $access = [
'permissions' => null,
'roles' => null,
];

protected array $decode = [
'id',
];
Expand All @@ -21,9 +16,4 @@ class {{class-name}} extends ParentRequest
// 'id' => 'required',
];
}

public function authorize(): bool
{
return $this->hasAccess();
}
}
10 changes: 0 additions & 10 deletions src/Generator/Stubs/requests/find.stub
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,6 @@ use App\Ship\Parents\Requests\Request as ParentRequest;

class {{class-name}} extends ParentRequest
{
protected array $access = [
'permissions' => null,
'roles' => null,
];

protected array $decode = [
'id',
];
Expand All @@ -21,9 +16,4 @@ class {{class-name}} extends ParentRequest
// 'id' => 'required',
];
}

public function authorize(): bool
{
return $this->hasAccess();
}
}
10 changes: 0 additions & 10 deletions src/Generator/Stubs/requests/generic.stub
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,6 @@ use App\Ship\Parents\Requests\Request as ParentRequest;

class {{class-name}} extends ParentRequest
{
protected array $access = [
'permissions' => null,
'roles' => null,
];

protected array $decode = [
// 'id',
];
Expand All @@ -21,9 +16,4 @@ class {{class-name}} extends ParentRequest
// 'id' => 'required',
];
}

public function authorize(): bool
{
return $this->hasAccess();
}
}
10 changes: 0 additions & 10 deletions src/Generator/Stubs/requests/list.stub
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,6 @@ use App\Ship\Parents\Requests\Request as ParentRequest;

class {{class-name}} extends ParentRequest
{
protected array $access = [
'permissions' => null,
'roles' => null,
];

protected array $decode = [
// 'id',
];
Expand All @@ -21,9 +16,4 @@ class {{class-name}} extends ParentRequest
// 'id' => 'required',
];
}

public function authorize(): bool
{
return $this->hasAccess();
}
}
10 changes: 0 additions & 10 deletions src/Generator/Stubs/requests/store.stub
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,6 @@ use App\Ship\Parents\Requests\Request as ParentRequest;

class {{class-name}} extends ParentRequest
{
protected array $access = [
'permissions' => null,
'roles' => null,
];

protected array $decode = [
// 'id',
];
Expand All @@ -21,9 +16,4 @@ class {{class-name}} extends ParentRequest
// 'id' => 'required',
];
}

public function authorize(): bool
{
return $this->hasAccess();
}
}
10 changes: 0 additions & 10 deletions src/Generator/Stubs/requests/update.stub
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,6 @@ use App\Ship\Parents\Requests\Request as ParentRequest;

class {{class-name}} extends ParentRequest
{
protected array $access = [
'permissions' => null,
'roles' => null,
];

protected array $decode = [
'id',
];
Expand All @@ -21,9 +16,4 @@ class {{class-name}} extends ParentRequest
// 'id' => 'required',
];
}

public function authorize(): bool
{
return $this->hasAccess();
}
}
10 changes: 0 additions & 10 deletions workbench/app/Containers/MySection/Book/UI/API/Requests/CreateBookRequest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,6 @@

class CreateBookRequest extends ParentRequest
{
protected array $access = [
'permissions' => null,
'roles' => null,
];

protected array $decode = [
// 'id',
];
Expand All @@ -21,9 +16,4 @@ public function rules(): array
// 'id' => 'required',
];
}

public function authorize(): bool
{
return $this->hasAccess();
}
}
10 changes: 0 additions & 10 deletions workbench/app/Containers/MySection/Book/UI/API/Requests/UpdateBookRequest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,6 @@

class UpdateBookRequest extends ParentRequest
{
protected array $access = [
'permissions' => null,
'roles' => null,
];

protected array $decode = [
'id',
'author_id',
Expand All @@ -36,9 +31,4 @@ public function rules(): array
'nested.ids.*' => Rule::when($hashIdEnabled, 'integer', 'string'),
];
}

public function authorize(): bool
{
return $this->hasAccess();
}
}
10 changes: 0 additions & 10 deletions workbench/app/Containers/MySection/Book/UI/WEB/Requests/CreateBookRequest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,6 @@

class CreateBookRequest extends ParentRequest
{
protected array $access = [
'permissions' => null,
'roles' => null,
];

protected array $decode = [
// 'id',
];
Expand All @@ -21,9 +16,4 @@ public function rules(): array
// 'id' => 'required',
];
}

public function authorize(): bool
{
return $this->hasAccess();
}
}

0 comments on commit 6dfaae2

Please sign in to comment.