Gallery permission rework

app/Http/Controllers/Campaign/GalleryController.php

@@ -51,7 +51,7 @@ public function show(Campaign $campaign)
      */
     public function store(GalleryImageStore $request, Campaign $campaign)
     {
-        $this->authorize('gallery', $campaign);
+        $this->authorize('create', [Image::class, $campaign]);
 
         $images = $this->service
             ->campaign($campaign)
@@ -80,7 +80,7 @@ public function store(GalleryImageStore $request, Campaign $campaign)
      */
     public function edit(Campaign $campaign, Image $image)
     {
-        $this->authorize('gallery', $campaign);
+        $this->authorize('view', [$image, $campaign]);
 
         $folders = $this->service->campaign($campaign)->folderList();
 
@@ -93,7 +93,7 @@ public function edit(Campaign $campaign, Image $image)
      */
     public function update(GalleryImageUpdate $request, Campaign $campaign, Image $image)
     {
-        $this->authorize('gallery', $campaign);
+        $this->authorize('edit', [$image, $campaign]);
 
         $originalFolderID = $image->folder_id;
         $this->service
@@ -122,7 +122,7 @@ public function update(GalleryImageUpdate $request, Campaign $campaign, Image $i
      */
     public function destroy(Campaign $campaign, Image $image)
     {
-        $this->authorize('gallery', $campaign);
+        $this->authorize('delete', [$image, $campaign]);
 
         $options = [$campaign];
         if ($image->folder_id) {

app/Http/Controllers/Campaign/RoleController.php

@@ -8,24 +8,24 @@
 use App\Http\Requests\StoreCampaignRole;
 use App\Models\Campaign;
 use App\Models\CampaignRole;
-use App\Services\PermissionService;
+use App\Services\Permissions\RolePermissionService;
 use Illuminate\Http\Request;
 
 class RoleController extends Controller
 {
     protected string $view = 'campaigns.roles';
 
-    protected PermissionService $service;
+    protected RolePermissionService $service;
 
     /**
      * Create a new controller instance.
      * @return void
      */
-    public function __construct(PermissionService $permissionService)
+    public function __construct(RolePermissionService $rolePermissionService)
     {
         $this->middleware('auth');
         $this->middleware('campaign.member');
-        $this->service = $permissionService;
+        $this->service = $rolePermissionService;
     }
 
     /**
@@ -111,7 +111,11 @@ public function store(StoreCampaignRole $request, Campaign $campaign)
         $data = $request->all() + ['campaign_id' => $campaign->id];
         $role = CampaignRole::create($data);
         if ($request->has('duplicate') && $request->get('duplicate') != 0) {
-            $this->service->role($role)->duplicate($request->get('role_id'));
+            /** @var CampaignRole $copy */
+            $copy = CampaignRole::where('id', $request->get('role_id'))->first();
+            if ($copy) {
+                $copy->duplicate($role);
+            }
         }
         return redirect()->route('campaign_roles.index', $campaign)
             ->with('success_raw', __($this->view . '.create.success', ['name' => $role->name]));
@@ -132,6 +136,7 @@ public function show(Campaign $campaign, CampaignRole $campaignRole)
             'role' => $campaignRole,
             'campaign' => $campaign,
             'members' => $members,
+            'permissionService' => $this->service->role($campaignRole)
         ]);
     }
 
@@ -176,7 +181,7 @@ public function savePermissions(Request $request, Campaign $campaign, CampaignRo
         $this->authorize('view', [$campaignRole, $campaign]);
         $this->authorize('update', $campaignRole);
 
-        $campaignRole->savePermissions($request->post('permissions', []));
+        $this->service->role($campaignRole)->savePermissions($request->post('permissions', []));
 
         return redirect()->route('campaign_roles.show', [$campaign, 'campaign_role' => $campaignRole])
             ->with('success', trans('crud.permissions.success'));
@@ -249,7 +254,7 @@ public function toggle(Campaign $campaign, CampaignRole $campaignRole, int $enti
             abort(404);
         }
 
-        $enabled = $campaignRole->toggle($entityType, $action);
+        $enabled = $this->service->role($campaignRole)->toggle($entityType, $action);
         return response()->json([
             'success' => true,
             'status' => $enabled,

app/Http/Controllers/Summernote/GalleryController.php

@@ -47,7 +47,9 @@ public function index(Campaign $campaign)
                 'url' => route('campaign.gallery.summernote', $image->folder_id ? [$campaign, 'folder_id' => $image->folder_id] : [$campaign]),
             ];
         }
-        $images = Image::where('is_default', false)
+        $canBrowse = auth()->user()->can('browse', [Image::class, $campaign]);
+        $images = Image::acl($canBrowse)
+            ->where('is_default', false)
             ->orderBy('is_folder', 'desc')
             ->orderBy('updated_at', 'desc')
             ->imageFolder($folderId)
@@ -85,7 +87,7 @@ public function index(Campaign $campaign)
      */
     public function upload(GalleryImageStore $request, Campaign $campaign): JsonResponse
     {
-        $this->authorize('gallery', $campaign);
+        $this->authorize('create', [Image::class, $campaign]);
 
         $images = $this->service
             ->campaign($campaign)

app/Models/CampaignPermission.php

@@ -46,10 +46,10 @@ class CampaignPermission extends Model
     public const ACTION_GALLERY = 13;
     public const ACTION_CAMPAIGN = 14;
 
-    /**
-     * @var bool|array
-     */
-    protected $cachedSegments = false;
+    public const ACTION_GALLERY_BROWSE = 15;
+    public const ACTION_GALLERY_UPLOAD = 16;
+
+    protected array $cachedSegments;
 
     /** @var string[]  */
     protected $fillable = [
@@ -152,7 +152,7 @@ public function type()
 
     protected function segments(): array
     {
-        if ($this->cachedSegments === false) {
+        if (!isset($this->cachedSegments)) {
             $this->cachedSegments = explode('_', $this->key);
         }
         return $this->cachedSegments;
@@ -213,4 +213,14 @@ public function invalidKey(): bool
         $end = last($segments);
         return is_numeric($end) && empty($this->entity_id);
     }
+
+    public function isGallery(): bool
+    {
+        $galleryPermissions = [
+            self::ACTION_GALLERY,
+            self::ACTION_GALLERY_BROWSE,
+            self::ACTION_GALLERY_UPLOAD,
+        ];
+        return in_array($this->action, $galleryPermissions);
+    }
 }

app/Models/CampaignRole.php

@@ -8,7 +8,6 @@
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Database\Eloquent\Relations\HasMany;
 use Illuminate\Database\Eloquent\Builder;
-use Illuminate\Support\Str;
 
 /**
  * Class Attribute
@@ -131,49 +130,6 @@ public function rolePermissions()
             ->whereNull('entity_id');
     }
 
-    /**
-     */
-    public function savePermissions(array $permissions = [])
-    {
-        // Load existing
-        $existing = [];
-        foreach ($this->rolePermissions as $permission) {
-            if (empty($permission->entity_type_id)) {
-                $existing['campaign_' . $permission->action] = $permission;
-                continue;
-            }
-            $existing[$permission->entity_type_id . '_' . $permission->action] = $permission;
-        }
-
-        // Loop on submitted form
-        if (empty($permissions)) {
-            $permissions = [];
-        }
-
-        foreach ($permissions as $key => $module) {
-            // Check if exists$
-            if (isset($existing[$key])) {
-                // Do nothing
-                unset($existing[$key]);
-            } else {
-                $action = Str::after($key, '_');
-                if ($module === 'campaign') {
-                    $module = 0;
-                }
-
-                $this->add($module, (int) $action);
-            }
-        }
-
-        // Delete existing that weren't updated
-        foreach ($existing as $permission) {
-            // Only delete if it's a "general" and not an entity specific permission
-            if (!is_numeric($permission->entityId())) {
-                $permission->delete();
-            }
-        }
-    }
-
     /**
      */
     public function scopeSearch(Builder $builder, string $search = null): Builder
@@ -183,47 +139,19 @@ public function scopeSearch(Builder $builder, string $search = null): Builder
     }
 
     /**
-     * Toggle an entity's action permission
      */
-    public function toggle(int $entityType, int $action): bool
+    public function url(string $sub): string
     {
-        $perm = $this->permissions()
-            ->where('entity_type_id', $entityType)
-            ->where('action', $action)
-            ->whereNull('entity_id')
-            ->first();
-
-        if ($perm) {
-            $perm->delete();
-            return false;
-        }
-
-        $this->add($entityType, $action);
-        return true;
+        return 'campaign_roles.' . $sub;
     }
 
-    /**
-     * Add a campaign permission for the role
-     */
-    protected function add(int $entityType, int $action): CampaignPermission
+    public function duplicate(CampaignRole $campaignRole): self
     {
-        if ($entityType === 0) {
-            $entityType = null;
+        foreach ($this->permissions as $permission) {
+            $newPermission = $permission->replicate(['campaign_role_id']);
+            $newPermission->campaign_role_id = $campaignRole->id;
+            $newPermission->save();
         }
-        return CampaignPermission::create([
-            //'key' => $key,
-            'campaign_role_id' => $this->id,
-            //'table_name' => $value,
-            'access' => true,
-            'action' => $action,
-            'entity_type_id' => $entityType
-            //'campaign_id' => $campaign->id,
-        ]);
-    }
-    /**
-     */
-    public function url(string $sub): string
-    {
-        return 'campaign_roles.' . $sub;
+        return $this;
     }
 }

app/Models/EntityType.php

@@ -10,9 +10,13 @@
 /**
  * @property int $id
  * @property string $code
+ *
+ * @method static self|Builder exclude(array $ids)
  */
 class EntityType extends Model
 {
+    protected string $cachedPluralCode;
+
     public $fillable = [
         'id',
         'code',
@@ -30,6 +34,11 @@ public function scopeEnabled(Builder $query)
             ->orderBy('position');
     }
 
+    public function scopeExclude(Builder $query, array $exclude): Builder
+    {
+        return $query->whereNotIn('id', $exclude);
+    }
+
     /**
      * Get the class model of the entity type
      */
@@ -47,6 +56,25 @@ public function name(): string
         return Module::singular($this->id, __('entities.' . $this->code));
     }
 
+    /**
+     * Get the translated name of the entity
+     */
+    public function plural(): string
+    {
+        return Module::plural($this->id, __('entities.' . $this->pluralCode()));
+    }
+
+    /**
+     * Get the translated name of the entity
+     */
+    public function pluralCode(): string
+    {
+        if (isset($this->cachedPluralCode)) {
+            return $this->cachedPluralCode;
+        }
+        return $this->cachedPluralCode = Str::plural($this->code);
+    }
+
     /**
      */
     public function getNameAttribute(): string

app/Models/Image.php

@@ -50,6 +50,8 @@
  *
  *
  * @property int $_usageCount
+ *
+ * @method static Builder|self acl(bool $browse)
  */
 class Image extends Model
 {
@@ -225,6 +227,14 @@ public function scopeFolders(Builder $query): Builder
             ->orderBy('name', 'asc');
     }
 
+    public function scopeAcl(Builder $query, bool $browse): Builder
+    {
+        if (!$browse) {
+            return $query->where('created_by', auth()->user()->id);
+        }
+        return $query;
+    }
+
     /**
      */
     public function hasNoFolders(): bool

app/Models/Quest.php

@@ -114,6 +114,7 @@ public function scopePreparedWith(Builder $query): Builder
             'entity',
             'entity.image',
             'entity.calendarDateEvents',
+            'entity.calendarDate',
             'quests',
             'instigator',
             //'elements',

app/Models/Relations/CampaignRelations.php

@@ -111,6 +111,14 @@ public function members()
         return $this->hasMany('App\Models\CampaignUser');
     }
 
+    public function nonAdmins()
+    {
+        return $this
+            ->members()
+            ->withoutAdmins()
+            ->with(['user', 'user.campaignRoles'])
+        ;
+    }
     /**
      */
     public function roles()

app/Policies/CampaignPolicy.php

@@ -213,7 +213,9 @@ public function submissions(?User $user)
     public function gallery(?User $user, Campaign $campaign): bool
     {
         return $user && (
-            UserCache::user($user)->admin() || $this->checkPermission(CampaignPermission::ACTION_GALLERY, $user, $campaign)
+            UserCache::user($user)->admin() ||
+            $this->checkPermission(CampaignPermission::ACTION_GALLERY, $user, $campaign) ||
+            $this->checkPermission(CampaignPermission::ACTION_GALLERY_BROWSE, $user, $campaign)
         );
     }