Added new Role Permissions. (#965)

* Added new Role Permissions. --------- Co-authored-by: spitfire305 <[email protected]>
owlchester · Sep 6, 2024 · b54c56e · b54c56e
1 parent 221ae0e
commit b54c56e
Show file tree

Hide file tree

Showing 11 changed files with 183 additions and 12 deletions.
diff --git a/app/Http/Controllers/Crud/BookmarkController.php b/app/Http/Controllers/Crud/BookmarkController.php
@@ -55,9 +55,10 @@ protected function setNavActions(): CrudController
     public function index(Request $request, Campaign $campaign)
     {
         // Check that the user has permission to actually be here
-        if (auth()->guest() || !auth()->user()->can('browse', new Bookmark())) {
+        if (!$this->authorize('browse', new Bookmark())) {
             return redirect()->route('dashboard', $campaign);
         }
+
         return $this->campaign($campaign)->crudIndex($request);
     }
 

diff --git a/app/Http/Controllers/Entity/Posts/TemplateController.php b/app/Http/Controllers/Entity/Posts/TemplateController.php
@@ -27,7 +27,7 @@ public function __construct(TemplateService $templateService)
      */
     public function update(Campaign $campaign, Post $post)
     {
-        $this->authorize('setTemplates', $campaign);
+        $this->authorize('setPostTemplates', $campaign);
         $this->service->post($post)->toggle();
         return redirect()->back()
             ->with(

diff --git a/app/Models/CampaignPermission.php b/app/Models/CampaignPermission.php
@@ -50,6 +50,10 @@ class CampaignPermission extends Model
     public const ACTION_GALLERY_BROWSE = 15;
     public const ACTION_GALLERY_UPLOAD = 16;
 
+    public const ACTION_TEMPLATES = 17;
+    public const ACTION_POST_TEMPLATES = 18;
+    public const ACTION_BOOKMARKS = 19;
+
     protected $fillable = [
         'campaign_role_id',
         'campaign_id',
@@ -143,4 +147,21 @@ public function isGallery(): bool
         ];
         return in_array($this->action, $galleryPermissions);
     }
+
+    public function isTemplate(): bool
+    {
+        $templatePermissions = [
+            self::ACTION_TEMPLATES,
+            self::ACTION_POST_TEMPLATES,
+        ];
+        return in_array($this->action, $templatePermissions);
+    }
+
+    public function isBookmark(): bool
+    {
+        $templatePermissions = [
+            self::ACTION_BOOKMARKS,
+        ];
+        return in_array($this->action, $templatePermissions);
+    }
 }
diff --git a/app/Policies/BookmarkPolicy.php b/app/Policies/BookmarkPolicy.php
@@ -4,34 +4,42 @@
 
 use App\Facades\UserCache;
 use App\Models\User;
+use App\Facades\EntityPermission;
+use App\Models\Campaign;
+use App\Models\CampaignPermission;
 use Illuminate\Auth\Access\HandlesAuthorization;
 
 class BookmarkPolicy
 {
     use HandlesAuthorization;
 
-    public function browse(User $user)
+    public function browse(User $user): bool
     {
-        return UserCache::user($user)->admin();
+        return UserCache::user($user)->admin() || $this->checkPermission(CampaignPermission::ACTION_BOOKMARKS, $user);
     }
 
     public function view(User $user): bool
     {
-        return UserCache::user($user)->admin();
+        return UserCache::user($user)->admin() || $this->checkPermission(CampaignPermission::ACTION_BOOKMARKS, $user);
     }
 
     public function create(User $user): bool
     {
-        return UserCache::user($user)->admin();
+        return UserCache::user($user)->admin() || $this->checkPermission(CampaignPermission::ACTION_BOOKMARKS, $user);
     }
 
     public function update(User $user): bool
     {
-        return UserCache::user($user)->admin();
+        return UserCache::user($user)->admin() || $this->checkPermission(CampaignPermission::ACTION_BOOKMARKS, $user);
     }
 
     public function delete(User $user): bool
     {
-        return UserCache::user($user)->admin();
+        return UserCache::user($user)->admin() || $this->checkPermission(CampaignPermission::ACTION_BOOKMARKS, $user);
+    }
+
+    protected function checkPermission(int $action, User $user, ?Campaign $campaign = null): bool
+    {
+        return EntityPermission::hasPermission(0, $action, $user, null, $campaign);
     }
 }
diff --git a/app/Policies/CampaignPolicy.php b/app/Policies/CampaignPolicy.php
@@ -293,6 +293,14 @@ public function useTemplates(?User $user, Campaign $campaign): bool
      */
     public function setTemplates(?User $user, Campaign $campaign): bool
     {
-        return $this->isAdmin($user);
+        return $this->isAdmin($user) || $this->checkPermission(CampaignPermission::ACTION_TEMPLATES, $user, $campaign);
+    }
+
+    /**
+     * Determine if the user can set post templates on the campaign
+     */
+    public function setPostTemplates(?User $user, Campaign $campaign): bool
+    {
+        return $this->isAdmin($user) || $this->checkPermission(CampaignPermission::ACTION_POST_TEMPLATES, $user, $campaign);
     }
 }
diff --git a/app/Services/Entity/RecoverySetupService.php b/app/Services/Entity/RecoverySetupService.php
@@ -8,7 +8,6 @@
 use App\Traits\UserAware;
 use Illuminate\Support\Collection;
 use Illuminate\Support\Facades\DB;
-use Illuminate\Support\Str;
 
 class RecoverySetupService
 {

diff --git a/app/Services/Permissions/RolePermissionService.php b/app/Services/Permissions/RolePermissionService.php
@@ -197,6 +197,85 @@ public function galleryPermissions(): array
         return $permissions;
     }
 
+    public function templatePermissions(): array
+    {
+        $permissions = [];
+
+        $campaignRolePermissions = [];
+        foreach ($this->role->permissions as $perm) {
+            if ($perm->entity_type_id || !$perm->isTemplate()) {
+                continue;
+            }
+            $campaignRolePermissions["campaign_" . $perm->action] = 1;
+        }
+
+        $entityActions = [
+            CampaignPermission::ACTION_TEMPLATES,
+            CampaignPermission::ACTION_POST_TEMPLATES,
+
+        ];
+        $icons = [
+            CampaignPermission::ACTION_TEMPLATES => [
+                'fa-solid fa-cog', 'entities',
+            ],
+            CampaignPermission::ACTION_POST_TEMPLATES => [
+                'fa-solid fa-cog', 'posts',
+            ],
+        ];
+
+        foreach ($entityActions as $action) {
+            if (!isset($permissions['campaign'])) {
+                $permissions['campaign'] = [];
+            }
+            $key = "campaign_{$action}";
+            $permissions['campaign'][] = [
+                'action' => $action,
+                'key' => $key,
+                'icon' => Arr::first($icons[$action]),
+                'label' => Arr::last($icons[$action]),
+                'enabled' => isset($campaignRolePermissions[$key]),
+            ];
+        }
+        return $permissions;
+    }
+
+    public function bookmarkPermissions(): array
+    {
+        $permissions = [];
+
+        $campaignRolePermissions = [];
+        foreach ($this->role->permissions as $perm) {
+            if ($perm->entity_type_id || !$perm->isBookmark()) {
+                continue;
+            }
+            $campaignRolePermissions["campaign_" . $perm->action] = 1;
+        }
+
+        $entityActions = [
+            CampaignPermission::ACTION_BOOKMARKS,
+        ];
+        $icons = [
+            CampaignPermission::ACTION_BOOKMARKS => [
+                'fa-solid fa-cog', 'manage',
+            ],
+        ];
+
+        foreach ($entityActions as $action) {
+            if (!isset($permissions['campaign'])) {
+                $permissions['campaign'] = [];
+            }
+            $key = "campaign_{$action}";
+            $permissions['campaign'][] = [
+                'action' => $action,
+                'key' => $key,
+                'icon' => Arr::first($icons[$action]),
+                'label' => Arr::last($icons[$action]),
+                'enabled' => isset($campaignRolePermissions[$key]),
+            ];
+        }
+        return $permissions;
+    }
+
     public function savePermissions(array $permissions = []): void
     {
         // Load existing

diff --git a/lang/en/entities.php b/lang/en/entities.php
@@ -99,6 +99,7 @@
     'relations'             => 'Connections',
     'tag'                   => 'Tag',
     'tags'                  => 'Tags',
+    'templates'             => 'Templates',
     'timeline'              => 'Timeline',
     'timeline_element'      => 'Timeline element',
     'timelines'             => 'Timelines',

diff --git a/resources/views/campaigns/roles/_pretty.blade.php b/resources/views/campaigns/roles/_pretty.blade.php
@@ -135,3 +135,57 @@
         @endforeach
     @endforeach
 </div>
+
+<div class="grid grid-cols-3 md:grid-cols-4 gap-2">
+    <div class="col-span-3 md:col-span-1">
+        <strong>{{ __('entities.templates') }}</strong>
+    </div>
+    @foreach ($permissionService->templatePermissions() as $entity => $permissions)
+        @foreach ($permissions as $perm)
+            <div class="md:w-40 overflow-hidden">
+                <div class="pretty p-icon p-toggle p-plain" data-title="{{ __('entities.' . $perm['label']) }}" data-toggle="tooltip">
+                    <input type="checkbox" name="permissions[{{ $perm['key'] }}]" value="{{ $entity }}" @if ($perm['enabled']) checked="checked" @endif data-action="{{ $perm['action'] }}" />
+                    <div class="state p-success-o p-on">
+                        <x-icon class="icon {{ $perm['icon'] }}" />
+                        <label class="sm:hidden">
+                            {{ __('entities.' . $perm['label']) }}
+                        </label>
+                    </div>
+                    <div class="state p-off">
+                        <x-icon class="icon {{ $perm['icon'] }}" />
+                        <label class="sm:hidden">
+                            {{ __('entities.' . $perm['label']) }}
+                        </label>
+                    </div>
+                </div>
+            </div>
+        @endforeach
+    @endforeach
+</div>
+
+<div class="grid grid-cols-3 md:grid-cols-4 gap-2">
+    <div class="col-span-3 md:col-span-1">
+        <strong>{{ __('entities.bookmarks') }}</strong>
+    </div>
+    @foreach ($permissionService->bookmarkPermissions() as $entity => $permissions)
+        @foreach ($permissions as $perm)
+            <div class="md:w-40 overflow-hidden">
+                <div class="pretty p-icon p-toggle p-plain" data-title="{{ __('campaigns.roles.permissions.actions.' . $perm['label']) }}" data-toggle="tooltip">
+                    <input type="checkbox" name="permissions[{{ $perm['key'] }}]" value="{{ $entity }}" @if ($perm['enabled']) checked="checked" @endif data-action="{{ $perm['action'] }}" />
+                    <div class="state p-success-o p-on">
+                        <x-icon class="icon {{ $perm['icon'] }}" />
+                        <label class="sm:hidden">
+                            {{ __('campaigns.roles.permissions.actions.' . $perm['label']) }}
+                        </label>
+                    </div>
+                    <div class="state p-off">
+                        <x-icon class="icon {{ $perm['icon'] }}" />
+                        <label class="sm:hidden">
+                            {{ __('campaigns.roles.permissions.actions.' . $perm['label']) }}
+                        </label>
+                    </div>
+                </div>
+            </div>
+        @endforeach
+    @endforeach
+</div>
diff --git a/resources/views/entities/pages/posts/_actions.blade.php b/resources/views/entities/pages/posts/_actions.blade.php
@@ -33,7 +33,7 @@
         {{ __('entities/notes.move.move') }}
     </x-dropdowns.item>
 @endif
-@can('setTemplates', $campaign)
+@can('setPostTemplates', $campaign)
     <x-dropdowns.item :link="route('posts.template', [$campaign, 'post' => $post])" :icon="($post->isTemplate() ? 'fa-regular' : 'fa-solid') . ' fa-star'">
         @if ($post->isTemplate())
             {{ __('entities/actions.templates.unset') }}

diff --git a/resources/views/layouts/sidebars/quick-links.blade.php b/resources/views/layouts/sidebars/quick-links.blade.php
@@ -1,6 +1,6 @@
 <li class="px-2 {{ $sidebar->active('bookmarks') }} sidebar-quick-links">
     <x-sidebar.element
-        :url="auth()->check() && auth()->user()->isAdmin() ? route('bookmarks.index', $campaign) : null"
+        :url="auth()->check() && auth()->user()->can('browse', new App\Models\Bookmark()) ? route('bookmarks.index', $campaign) : null"
         :icon="$element['custom_icon'] ?? $element['icon']"
         :text="$element['custom_label'] ?? $element['label'] ?? __($element['label_key'])"
     ></x-sidebar.element>