aboutsummaryrefslogtreecommitdiffhomepage
path: root/main/app/sprinkles/account/src/Database/Migrations/v400/PermissionsTable.php
diff options
context:
space:
mode:
Diffstat (limited to 'main/app/sprinkles/account/src/Database/Migrations/v400/PermissionsTable.php')
-rw-r--r--main/app/sprinkles/account/src/Database/Migrations/v400/PermissionsTable.php260
1 files changed, 0 insertions, 260 deletions
diff --git a/main/app/sprinkles/account/src/Database/Migrations/v400/PermissionsTable.php b/main/app/sprinkles/account/src/Database/Migrations/v400/PermissionsTable.php
deleted file mode 100644
index efc014b..0000000
--- a/main/app/sprinkles/account/src/Database/Migrations/v400/PermissionsTable.php
+++ /dev/null
@@ -1,260 +0,0 @@
-<?php
-/**
- * UserFrosting (http://www.userfrosting.com)
- *
- * @link https://github.com/userfrosting/UserFrosting
- * @license https://github.com/userfrosting/UserFrosting/blob/master/licenses/UserFrosting.md (MIT License)
- */
-
-namespace UserFrosting\Sprinkle\Account\Database\Migrations\v400;
-
-use Illuminate\Database\Schema\Blueprint;
-use Illuminate\Database\Schema\Builder;
-use UserFrosting\Sprinkle\Account\Database\Models\Permission;
-use UserFrosting\Sprinkle\Account\Database\Models\Role;
-use UserFrosting\System\Bakery\Migration;
-
-/**
- * Permissions table migration
- * Permissions now replace the 'authorize_group' and 'authorize_user' tables.
- * Also, they now map many-to-many to roles.
- * Version 4.0.0
- *
- * See https://laravel.com/docs/5.4/migrations#tables
- * @extends Migration
- * @author Alex Weissman (https://alexanderweissman.com)
- */
-class PermissionsTable extends Migration
-{
- /**
- * {@inheritDoc}
- */
- public $dependencies = [
- '\UserFrosting\Sprinkle\Account\Database\Migrations\v400\RolesTable',
- '\UserFrosting\Sprinkle\Account\Database\Migrations\v400\PermissionRolesTable'
- ];
-
- /**
- * {@inheritDoc}
- */
- public function up() {
- if (!$this->schema->hasTable('permissions')) {
- $this->schema->create('permissions', function (Blueprint $table) {
- $table->increments('id');
- $table->string('slug')->comment('A code that references a specific action or URI that an assignee of this permission has access to.');
- $table->string('name');
- $table->text('conditions')->comment('The conditions under which members of this group have access to this hook.');
- $table->text('description')->nullable();
- $table->timestamps();
-
- $table->engine = 'InnoDB';
- $table->collation = 'utf8_unicode_ci';
- $table->charset = 'utf8';
- });
- }
- }
-
- /**
- * {@inheritDoc}
- */
- public function down() {
- $this->schema->drop('permissions');
- }
-
- /**
- * {@inheritDoc}
- */
- public function seed() {
- // Skip this if table is not empty
- if (Permission::count() == 0) {
-
- $defaultRoleIds = [
- 'user' => Role::where('slug', 'user')->first()->id,
- 'group-admin' => Role::where('slug', 'group-admin')->first()->id,
- 'site-admin' => Role::where('slug', 'site-admin')->first()->id
- ];
-
- // Add default permissions
- $permissions = [
- 'create_group' => new Permission([
- 'slug' => 'create_group',
- 'name' => 'Create group',
- 'conditions' => 'always()',
- 'description' => 'Create a new group.'
- ]),
- 'create_user' => new Permission([
- 'slug' => 'create_user',
- 'name' => 'Create user',
- 'conditions' => 'always()',
- 'description' => 'Create a new user in your own group and assign default roles.'
- ]),
- 'create_user_field' => new Permission([
- 'slug' => 'create_user_field',
- 'name' => 'Set new user group',
- 'conditions' => "subset(fields,['group'])",
- 'description' => 'Set the group when creating a new user.'
- ]),
- 'delete_group' => new Permission([
- 'slug' => 'delete_group',
- 'name' => 'Delete group',
- 'conditions' => "always()",
- 'description' => 'Delete a group.'
- ]),
- 'delete_user' => new Permission([
- 'slug' => 'delete_user',
- 'name' => 'Delete user',
- 'conditions' => "!has_role(user.id,{$defaultRoleIds['site-admin']}) && !is_master(user.id)",
- 'description' => 'Delete users who are not Site Administrators.'
- ]),
- 'update_account_settings' => new Permission([
- 'slug' => 'update_account_settings',
- 'name' => 'Edit user',
- 'conditions' => 'always()',
- 'description' => 'Edit your own account settings.'
- ]),
- 'update_group_field' => new Permission([
- 'slug' => 'update_group_field',
- 'name' => 'Edit group',
- 'conditions' => 'always()',
- 'description' => 'Edit basic properties of any group.'
- ]),
- 'update_user_field' => new Permission([
- 'slug' => 'update_user_field',
- 'name' => 'Edit user',
- 'conditions' => "!has_role(user.id,{$defaultRoleIds['site-admin']}) && subset(fields,['name','email','locale','group','flag_enabled','flag_verified','password'])",
- 'description' => 'Edit users who are not Site Administrators.'
- ]),
- 'update_user_field_group' => new Permission([
- 'slug' => 'update_user_field',
- 'name' => 'Edit group user',
- 'conditions' => "equals_num(self.group_id,user.group_id) && !is_master(user.id) && !has_role(user.id,{$defaultRoleIds['site-admin']}) && (!has_role(user.id,{$defaultRoleIds['group-admin']}) || equals_num(self.id,user.id)) && subset(fields,['name','email','locale','flag_enabled','flag_verified','password'])",
- 'description' => 'Edit users in your own group who are not Site or Group Administrators, except yourself.'
- ]),
- 'uri_account_settings' => new Permission([
- 'slug' => 'uri_account_settings',
- 'name' => 'Account settings page',
- 'conditions' => 'always()',
- 'description' => 'View the account settings page.'
- ]),
- 'uri_activities' => new Permission([
- 'slug' => 'uri_activities',
- 'name' => 'Activity monitor',
- 'conditions' => 'always()',
- 'description' => 'View a list of all activities for all users.'
- ]),
- 'uri_dashboard' => new Permission([
- 'slug' => 'uri_dashboard',
- 'name' => 'Admin dashboard',
- 'conditions' => 'always()',
- 'description' => 'View the administrative dashboard.'
- ]),
- 'uri_group' => new Permission([
- 'slug' => 'uri_group',
- 'name' => 'View group',
- 'conditions' => 'always()',
- 'description' => 'View the group page of any group.'
- ]),
- 'uri_group_own' => new Permission([
- 'slug' => 'uri_group',
- 'name' => 'View own group',
- 'conditions' => 'equals_num(self.group_id,group.id)',
- 'description' => 'View the group page of your own group.'
- ]),
- 'uri_groups' => new Permission([
- 'slug' => 'uri_groups',
- 'name' => 'Group management page',
- 'conditions' => 'always()',
- 'description' => 'View a page containing a list of groups.'
- ]),
- 'uri_user' => new Permission([
- 'slug' => 'uri_user',
- 'name' => 'View user',
- 'conditions' => 'always()',
- 'description' => 'View the user page of any user.'
- ]),
- 'uri_user_in_group' => new Permission([
- 'slug' => 'uri_user',
- 'name' => 'View user',
- 'conditions' => "equals_num(self.group_id,user.group_id) && !is_master(user.id) && !has_role(user.id,{$defaultRoleIds['site-admin']}) && (!has_role(user.id,{$defaultRoleIds['group-admin']}) || equals_num(self.id,user.id))",
- 'description' => 'View the user page of any user in your group, except the master user and Site and Group Administrators (except yourself).'
- ]),
- 'uri_users' => new Permission([
- 'slug' => 'uri_users',
- 'name' => 'User management page',
- 'conditions' => 'always()',
- 'description' => 'View a page containing a table of users.'
- ]),
- 'view_group_field' => new Permission([
- 'slug' => 'view_group_field',
- 'name' => 'View group',
- 'conditions' => "in(property,['name','icon','slug','description','users'])",
- 'description' => 'View certain properties of any group.'
- ]),
- 'view_group_field_own' => new Permission([
- 'slug' => 'view_group_field',
- 'name' => 'View group',
- 'conditions' => "equals_num(self.group_id,group.id) && in(property,['name','icon','slug','description','users'])",
- 'description' => 'View certain properties of your own group.'
- ]),
- 'view_user_field' => new Permission([
- 'slug' => 'view_user_field',
- 'name' => 'View user',
- 'conditions' => "in(property,['user_name','name','email','locale','theme','roles','group','activities'])",
- 'description' => 'View certain properties of any user.'
- ]),
- 'view_user_field_group' => new Permission([
- 'slug' => 'view_user_field',
- 'name' => 'View user',
- 'conditions' => "equals_num(self.group_id,user.group_id) && !is_master(user.id) && !has_role(user.id,{$defaultRoleIds['site-admin']}) && (!has_role(user.id,{$defaultRoleIds['group-admin']}) || equals_num(self.id,user.id)) && in(property,['user_name','name','email','locale','roles','group','activities'])",
- 'description' => 'View certain properties of any user in your own group, except the master user and Site and Group Administrators (except yourself).'
- ])
- ];
-
- foreach ($permissions as $slug => $permission) {
- $permission->save();
- }
-
- // Add default mappings to permissions
- $roleUser = Role::where('slug', 'user')->first();
- if ($roleUser) {
- $roleUser->permissions()->sync([
- $permissions['update_account_settings']->id,
- $permissions['uri_account_settings']->id,
- $permissions['uri_dashboard']->id
- ]);
- }
-
- $roleSiteAdmin = Role::where('slug', 'site-admin')->first();
- if ($roleSiteAdmin) {
- $roleSiteAdmin->permissions()->sync([
- $permissions['create_group']->id,
- $permissions['create_user']->id,
- $permissions['create_user_field']->id,
- $permissions['delete_group']->id,
- $permissions['delete_user']->id,
- $permissions['update_user_field']->id,
- $permissions['update_group_field']->id,
- $permissions['uri_activities']->id,
- $permissions['uri_group']->id,
- $permissions['uri_groups']->id,
- $permissions['uri_user']->id,
- $permissions['uri_users']->id,
- $permissions['view_group_field']->id,
- $permissions['view_user_field']->id
- ]);
- }
-
- $roleGroupAdmin = Role::where('slug', 'group-admin')->first();
- if ($roleGroupAdmin) {
- $roleGroupAdmin->permissions()->sync([
- $permissions['create_user']->id,
- $permissions['update_user_field_group']->id,
- $permissions['uri_group_own']->id,
- $permissions['uri_user_in_group']->id,
- $permissions['view_group_field_own']->id,
- $permissions['view_user_field_group']->id
- ]);
- }
- }
- }
-}