Mirrors/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-11-09 20:52:56 +01:00
Code Issues Releases Activity

Begin adding authorization policies

Browse Source
This commit is contained in:
Joshua Dwire 2016-04-23 11:52:36 -04:00
parent f9c36fd761
commit fdf1b25b16
8 changed files with 86 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
app/Http/Controllers/BaseController.php
View File

@ -22,39 +22,15 @@ class BaseController extends Controller
} }
} }
protected function checkViewPermission($object, &$response = null){ protected function authorizeUpdate($input){
if(!$object->canView()){
$response = response('Unauthorized.', 401);
return false;
}
return true;
}
protected function checkEditPermission($object, &$response = null){
if(!$object->canEdit()){
$response = response('Unauthorized.', 401);
return false;
}
return true;
}
protected function checkCreatePermission(&$response = null){
if(!call_user_func(array($this->model, 'canCreate'))){
$response = response('Unauthorized.', 401);
return false;
}
return true;
}
protected function checkUpdatePermission($input, &$response = null){
$creating = empty($input['public_id']) || $input['public_id'] == '-1'; $creating = empty($input['public_id']) || $input['public_id'] == '-1';
if($creating){ if($creating){
return $this->checkCreatePermission($response); $this->authorize('create', $this->model);
} }
else{ else{
$object = call_user_func(array($this->model, 'scope'), $input['public_id'])->firstOrFail(); $object = call_user_func(array($this->model, 'scope'), $input['public_id'])->firstOrFail();
return $this->checkEditPermission($object, $response); $this->authorize('edit', $object);
} }
} }
} }

4
app/Http/Controllers/InvoiceController.php
View File

@ -96,9 +96,7 @@ class InvoiceController extends BaseController
->withTrashed() ->withTrashed()
->firstOrFail(); ->firstOrFail();
if(!$this->checkEditPermission($invoice, $response)){ $this->authorize('edit', $invoice)
return $response;
}
$entityType = $invoice->getEntityType(); $entityType = $invoice->getEntityType();

52
app/Models/EntityModel.php
View File

@ -118,56 +118,4 @@ class EntityModel extends Eloquent
$name = $parts[count($parts)-1]; $name = $parts[count($parts)-1];
return strtolower($name) . '_id'; return strtolower($name) . '_id';
} }
public static function canCreate() {
return Auth::user()->hasPermission('create_all');
}
public function canEdit() {
return static::canEditItem($this);
}
public static function canEditItem($item) {
return Auth::user()->hasPermission('edit_all') || (isset($item->user_id) && Auth::user()->id == $item->user_id);
}
public static function canEditItemById($item_id) {
if(Auth::user()->hasPermission('edit_all')) {
return true;
}
return static::whereId($item_id)->first()->user_id == Auth::user()->id;
}
public static function canEditItemByOwner($user_id) {
if(Auth::user()->hasPermission('edit_all')) {
return true;
}
return Auth::user()->id == $user_id;
}
public function canView() {
return static::canViewItem($this);
}
public static function canViewItem($item) {
return Auth::user()->hasPermission('view_all') || (isset($item->user_id) && Auth::user()->id == $item->user_id);
}
public static function canViewItemById($item_id) {
if(Auth::user()->hasPermission('view_all')) {
return true;
}
return static::whereId($item_id)->first()->user_id == Auth::user()->id;
}
public static function canViewItemByOwner($user_id) {
if(Auth::user()->hasPermission('view_all')) {
return true;
}
return Auth::user()->id == $user_id;
}
} }

4
app/Models/User.php
View File

@ -326,6 +326,10 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
return false; return false;
} }
public function owns($entity) {
return !empty($entity->user_id) && $entity->user_id == $this->id;
}
} }
User::updating(function ($user) { User::updating(function ($user) {

25
app/Policies/EntityPolicy.php Normal file
View File

@ -0,0 +1,25 @@
<?php
namespace App\Policies;
use App\Models\User;
use App\Models\EntityModel;
use Illuminate\Auth\Access\HandlesAuthorization;
class InvoicePolicy extends EntityPolicy
{
use HandlesAuthorization;
public static function canCreate() {
return Auth::user()->hasPermission('create_all');
}
public static function edit($user, $item) {
$user->hasPermission('edit_all') || $user->owns($item);
}
public static function view($user, $item) {
$user->hasPermission('view_all') || $user->owns($item);
}
}

23
app/Policies/InvoicePolicy.php Normal file
View File

@ -0,0 +1,23 @@
<?php
namespace App\Policies;
use App\Models\User;
use App\Post;
use Illuminate\Auth\Access\HandlesAuthorization;
class InvoicePolicy extends EntityPolicy
{
use HandlesAuthorization;
/**
* Create a new policy instance.
*
* @return void
*/
public function __construct()
{
//
}
}

29
app/Providers/AuthServiceProvider.php Normal file
View File

@ -0,0 +1,29 @@
<?php
namespace App\Providers;
use Illuminate\Contracts\Auth\Access\Gate as GateContract;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
class AuthServiceProvider extends ServiceProvider
{
/**
* The policy mappings for the application.
*
* @var array
*/
protected $policies = [
Invoice::class => InvoicePolicy::class,
];
/**
* Register any application authentication / authorization services.
*
* @param \Illuminate\Contracts\Auth\Access\Gate $gate
* @return void
*/
public function boot(GateContract $gate)
{
$this->registerPolicies($gate);
}
}

1
config/app.php
View File

@ -157,6 +157,7 @@ return [
/* /*
* Application Service Providers... * Application Service Providers...
*/ */
'App\Providers\AuthServiceProvider',
'App\Providers\AppServiceProvider', 'App\Providers\AppServiceProvider',
//'App\Providers\BusServiceProvider', //'App\Providers\BusServiceProvider',
'App\Providers\ConfigServiceProvider', 'App\Providers\ConfigServiceProvider',