Skip to content

Commit

Permalink
Добавлена проверка прав доступа на работу с разделом.
Browse files Browse the repository at this point in the history 
По умолчанию проверка прав отключена и доступ к разделам можно отключать посредством методов

$model->disableDisplay();
$model->disableCreating();
$model->disableEditing();
$model->disableDeleting();
$model->disableRestoring();

Также можно включить проверку прав с помощью Policies
Для этого необходимо включить ее

$model->enableAccessCheck();

После чего создать для модели Policy класс для модели, которая используется в текущем разделе https://laravel.com/docs/5.2/authorization#policies

И в класс Policy добавить методы

public function display(User $user, Model $model);
public function create(User $user, Model $model);
public function edit(User $user, Model $model);
public function restore(User $user, Model $model);
public function delete(User $user, Model $model);

После чего проверка прав будет дополнительно осуществляться на его основе

issue #7
  • Loading branch information
@butschster
butschster committed Feb 23, 2016
1 parent 9e6842b commit 8e2d969
Show file tree
Hide file tree
Showing 5 changed files with 228 additions and 24 deletions.
21 changes: 18 additions & 3 deletions src/Display/Column/Control.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,12 @@ protected function isTrashed()
*/
protected function isEditable()
{
return ! $this->isTrashed() && ! is_null($this->getModelConfiguration()->fireEdit($this->getModelKey()));
return
! $this->isTrashed()
&&
$this->getModelConfiguration()->isEditable(
$this->getModel()
);
}

/**
Expand All @@ -70,7 +75,12 @@ protected function getEditUrl()
*/
protected function isDeletable()
{
return ! $this->isTrashed() && ! is_null($this->getModelConfiguration()->fireDelete($this->getModelKey()));
return
! $this->isTrashed()
&&
$this->getModelConfiguration()->isDeletable(
$this->getModel()
);
}

/**
Expand All @@ -90,7 +100,12 @@ protected function getDeleteUrl()
*/
protected function isRestorable()
{
return $this->isTrashed() && ! is_null($this->getModelConfiguration()->fireRestore($this->getModelKey()));
return
$this->isTrashed()
&&
$this->getModelConfiguration()->isRestorable(
$this->getModel()
);
}

/**
Expand Down
2 changes: 1 addition & 1 deletion src/Display/DisplayTable.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -418,7 +418,7 @@ public function getParams()
return [
'title' => $this->getTitle(),
'columns' => $this->getAllColumns(),
'creatable' => ! is_null($model->fireCreate()),
'creatable' => $model->isCreatable(),
'createUrl' => $model->getCreateUrl($this->getParameters() + Request::all()),
'actions' => $this->getActions(),
'attributes' => $this->getAttributes()
Expand Down
38 changes: 24 additions & 14 deletions src/Http/Controllers/AdminController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,10 @@ class AdminController extends Controller
*/
public function getDisplay(ModelConfiguration $model)
{
if (! $model->isDisplayable()) {
abort(404);
}

return $this->render($model, $model->fireDisplay());
}

Expand All @@ -30,11 +34,11 @@ public function getDisplay(ModelConfiguration $model)
*/
public function getCreate(ModelConfiguration $model)
{
$create = $model->fireCreate();
if (is_null($create)) {
if (! $model->isCreatable()) {
abort(404);
}

$create = $model->fireCreate();
return $this->render($model, $create);
}

Expand All @@ -45,11 +49,11 @@ public function getCreate(ModelConfiguration $model)
*/
public function postStore(ModelConfiguration $model)
{
$createForm = $model->fireCreate();
if (is_null($createForm)) {
if (! $model->isCreatable()) {
abort(404);
}

$createForm = $model->fireCreate();
$nextAction = Request::get('next_action');

if ($createForm instanceof FormInterface) {
Expand All @@ -75,12 +79,13 @@ public function postStore(ModelConfiguration $model)
*/
public function getEdit(ModelConfiguration $model, $id)
{
$edit = $model->fireFullEdit($id);
if (is_null($edit)) {
$item = $model->getRepository()->find($id);

if (is_null($item) || ! $model->isEditable($item)) {
abort(404);
}

return $this->render($model, $edit);
return $this->render($model, $model->fireFullEdit($id));
}

/**
Expand All @@ -91,11 +96,13 @@ public function getEdit(ModelConfiguration $model, $id)
*/
public function postUpdate(ModelConfiguration $model, $id)
{
$editForm = $model->fireFullEdit($id);
if (is_null($editForm)) {
$item = $model->getRepository()->find($id);

if (is_null($item) || ! $model->isEditable($item)) {
abort(404);
}

$editForm = $model->fireFullEdit($id);
$nextAction = Request::get('next_action');

if ($editForm instanceof FormInterface) {
Expand All @@ -119,14 +126,15 @@ public function postUpdate(ModelConfiguration $model, $id)
*
* @return \Illuminate\Http\RedirectResponse
*/
public function postDestroy(ModelConfiguration $model, $id)
public function deleteDestroy(ModelConfiguration $model, $id)
{
$delete = $model->fireDelete($id);
$item = $model->getRepository()->find($id);

if (is_null($delete)) {
if (is_null($item) || ! $model->isDeletable($item)) {
abort(404);
}

$model->fireDelete($id);
$model->getRepository()->delete($id);

return redirect()->back();
Expand All @@ -140,11 +148,13 @@ public function postDestroy(ModelConfiguration $model, $id)
*/
public function postRestore($model, $id)
{
$restore = $model->fireRestore($id);
if (is_null($restore)) {
$item = $model->getRepository()->find($id);

if (is_null($item) || ! $model->isRestorable($item)) {
abort(404);
}

$model->fireRestore($id);
$model->getRepository()->restore($id);

return redirect()->back();
Expand Down
2 changes: 1 addition & 1 deletion src/Http/routes.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@

Route::delete('{adminModel}/{adminModelId}/delete', [
'as' => 'model.destroy',
'uses' => 'AdminController@postDestroy',
'uses' => 'AdminController@deleteDestroy',
]);

Route::post('{adminModel}/{adminModelId}/restore', [
Expand Down
189 changes: 184 additions & 5 deletions src/Model/ModelConfiguration.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,10 @@

namespace SleepingOwl\Admin\Model;

use Gate;
use Closure;
use Illuminate\Support\Str;
use Illuminate\Database\Eloquent\Model;
use SleepingOwl\Admin\Contracts\FormInterface;
use SleepingOwl\Admin\Repository\BaseRepository;
use SleepingOwl\Admin\Contracts\DisplayInterface;
Expand Down Expand Up @@ -35,6 +37,36 @@ class ModelConfiguration
*/
protected $create;

/**
* @var bool
*/
protected $displayable = true;

/**
* @var bool
*/
protected $creatable = true;

/**
* @var bool
*/
protected $editable = true;

/**
* @var bool
*/
protected $restorable = true;

/**
* @var bool
*/
protected $deletable = true;

/**
* @var bool
*/
protected $checkAccess = false;

/**
* @var Closure|null
*/
Expand Down Expand Up @@ -230,6 +262,145 @@ public function onDisplay(Closure $callback)
return $this;
}

/**
* @return boolean
*/
public function isDisplayable()
{
return $this->displayable && $this->can('display', $this->makeModel());
}

/**
* @return $this
*/
public function disableDisplay()
{
$this->displayable = false;

return $this;
}

/**
* @return boolean
*/
public function isCreatable()
{
if (! is_callable($this->getCreate())) {
return false;
}

return $this->creatable && $this->can('create', $this->makeModel());
}

/**
* @return $this
*/
public function disableCreating()
{
$this->creatable = false;

return $this;
}

/**
* @param Model $model
*
* @return bool
*/
public function isEditable(Model $model)
{
if (! is_callable($this->getEdit())) {
return false;
}

return $this->editable && $this->can('edit', $model);
}

/**
* @return $this
*/
public function disableEditing()
{
$this->editable = false;

return $this;
}

/**
* @param Model $model
*
* @return bool
*/
public function isDeletable(Model $model)
{
return $this->deletable && $this->can('delete', $model);
}

/**
* @return $this
*/
public function disableDeleting()
{
$this->deletable = false;

return $this;
}

/**
* @param Model $model
*
* @return boolean
*/
public function isRestorable(Model $model)
{
return $this->restorable && $this->can('restore', $model);
}

/**
* @return $this
*/
public function disableRestoring()
{
$this->restorable = false;

return $this;
}

/**
* @param string $action
* @param Model $model
*
* @return bool
*/
public function can($action, Model $model)
{
if (! $this->checkAccess) {
return true;
}

return Gate::allows($action, $model);
}

/**
* @return $this
*/
public function enableAccessCheck()
{
$this->checkAccess = true;

return $this;
}

/**
* @return $this
*/
public function disableAccessCheck()
{
$this->checkAccess = false;

return $this;
}

/**
* @return DisplayInterface|mixed
*/
Expand Down Expand Up @@ -313,8 +484,8 @@ public function fireFullEdit($id)
*/
public function fireDelete($id)
{
if (is_callable($this->delete)) {
return app()->call($this->delete, [$id]);
if (is_callable($this->getDelete())) {
return app()->call($this->getDelete(), [$id]);
}
}

Expand All @@ -325,11 +496,11 @@ public function fireDelete($id)
*/
public function fireRestore($id)
{
if (is_callable($this->restore)) {
return app()->call($this->restore, [$id]);
if (is_callable($this->getRestore())) {
return app()->call($this->getRestore(), [$id]);
}

return $this->restore;
return $this->getRestore();
}

/**
Expand Down Expand Up @@ -409,4 +580,12 @@ protected function setDefaultAlias()
$alias = Str::snake(Str::plural(class_basename($this->getClass())));
$this->setAlias($alias);
}

/**
* @return Model
*/
protected function makeModel()
{
return app()->make($this->getClass());
}
}

0 comments on commit 8e2d969

Please sign in to comment.