auth/src/Auth/UsesRoles.php at 730e6ebcd42a041481a6b879d39717ae0934ea20 · leafsphp/auth · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
<?php

namespace Leaf\Auth;

use Throwable;

/**
 * Functionality for user permissions
 * ----
 * Addition to user class
 *
 * @version 0.1.0
 * @since 3.0.0
 */
trait UsesRoles
{
    /**
     * User Permissions
     */
    protected array $permissions = [];

    /**
     * User Roles
     */
    protected array $roles = [];

    /**
     * Assign new role to user
     *
     * @param string|array $role The role to assign
     * @return bool
     */
    public function assign($role): bool
    {
        $this->setRolesAndPermissions($role);

        $roleKey = Config::get('roles.key');

        if (!($this->data[$roleKey] ?? null)) {
            $this->db->query('ALTER TABLE ' . Config::get('db.table') . " ADD COLUMN $roleKey TEXT NOT NULL")->execute();
        }

        try {
            $this->db
                ->update(Config::get('db.table'))
                ->params([
                    $roleKey => json_encode($this->roles)
                ])
                ->where(Config::get('id.key'), $this->data[Config::get('id.key')])
                ->execute();
        } catch (Throwable $th) {
            return false;
        }

        return true;
    }

    /**
     * Check if user has a permission
     * @param string|array $permission The permission(s) to check
     * @return bool
     */
    public function can($permission): bool
    {
        if (is_array($permission)) {
            return count(array_intersect($permission, $this->permissions)) > 0;
        }

        return in_array($permission, $this->permissions);
    }

    /**
     * Check if a user does not have a permission
     */
    public function cannot($permission): bool
    {
        return !$this->can($permission);
    }

    /**
     * Check if user has a role
     * @param string|array $role The role(s) to check
     * @return bool
     */
    public function is($role): bool
    {
        if (is_array($role)) {
            return count(array_intersect($role, $this->roles)) > 0;
        }

        return in_array($role, $this->roles);
    }

    /**
     * Check if user does not have a role
     */
    public function isNot($role): bool
    {
        return !$this->is($role);
    }

    /**
     * Return the user's roles
     * @return array
     */
    public function roles(): array
    {
        return $this->roles;
    }

    /**
     * Return the user's permissions
     * @return array
     */
    public function permissions(): array
    {
        return $this->permissions;
    }

    /**
     * Remove a role from a user
     * @param string|array $role The role(s) to revoke
     */
    public function unassign($role): void
    {
        $this->roles = array_diff(
            $this->roles,
            is_array($role) ? $role : [$role]
        );

        $this->permissions = $this->getRolePermissions($this->roles);

        $this->db
            ->update(Config::get('db.table'))
            ->params([
                Config::get('roles.key') => json_encode($this->roles)
            ])
            ->where(Config::get('id.key'), $this->data[Config::get('id.key')])
            ->execute();
    }

    /**
     * Set the roles and permissions for a user
     *
     * @param string|array $roles The role(s) to set
     */
    protected function setRolesAndPermissions($roles): void
    {
        if (is_string($roles)) {
            $roles = [$roles];
        }

        foreach ($roles as $role) {
            if (!array_key_exists($role, Config::get('roles'))) {
                continue;
            }

            if (in_array($role, $this->roles)) {
                continue;
            }

            $this->roles[] = $role;
        }

        $this->permissions = $this->getRolePermissions($this->roles);
    }

    /**
     * Get the permissions for a role
     *
     * @param string|array $role
     * @return array
     */
    protected function getRolePermissions($roles): array
    {
        $allRoles = Config::get('roles');

        if (is_string($roles)) {
            return $allRoles[$roles] ?? [];
        }

        return array_values(array_unique(array_reduce($roles, function ($carry, $role) use ($allRoles) {
            if (isset($allRoles[$role])) {
                $carry = array_merge($carry, $allRoles[$role]); // Merge permissions for the selected role
            }

            return $carry;
        }, [])));
    }
}