Added inheritance back into users/groups

This commit is contained in:
snipe
2016-06-15 20:45:45 -07:00
parent 464ecc7cc6
commit 6a277a5391
5 changed files with 40 additions and 25 deletions
+2 -1
View File
@@ -373,6 +373,7 @@ class Helper
public static function selectedPermissionsArray($permissions, $selected_arr = array())
{
$permissions_arr = array();
foreach ($permissions as $permission) {
@@ -384,7 +385,7 @@ class Helper
if ($selected_arr) {
if (array_key_exists($permission_name,$selected_arr)) {
$permissions_arr[$permission_name] = ($selected_arr[$permission_name] == 1) ? '1': '0';
$permissions_arr[$permission_name] = $selected_arr[$permission_name];
} else {
$permissions_arr[$permission_name] = '0';
}
+10 -6
View File
@@ -278,7 +278,6 @@ class UsersController extends Controller
return redirect()->route('users')->with('error', $error);
}
$user_groups = array ($request->input('groups'));
// Update the user
$user->first_name = e($request->input('first_name'));
$user->last_name = e($request->input('last_name'));
@@ -297,11 +296,8 @@ class UsersController extends Controller
$user->manager_id = e($request->input('manager_id'));
$user->notes = e($request->input('notes'));
$user->permissions = json_encode($request->input('permission'));
if ($request->has('groups')) {
$user->groups()->sync($request->input('groups'));
} else {
$user->groups()->sync(array());
}
if ($user->manager_id == "") {
@@ -312,6 +308,12 @@ class UsersController extends Controller
$user->location_id = null;
}
if ($request->has('groups')) {
$user->groups()->sync($request->input('groups'));
} else {
$user->groups()->sync(array());
}
// Do we want to update the user password?
if (($request->has('password')) && (!config('app.lock_passwords'))) {
@@ -330,6 +332,8 @@ class UsersController extends Controller
// Was the user updated?
if ($user->save()) {
// Prepare the success message
$success = trans('admin/users/message.success.update');
+3
View File
@@ -6,6 +6,7 @@ use Closure;
use Config;
use Route;
use Gate;
use Log;
class CheckPermissions
{
@@ -19,8 +20,10 @@ class CheckPermissions
*/
public function handle($request, Closure $next, $section = null)
{
Log::debug($section .' is the section');
if (Gate::allows($section)) {
return $next($request);
}
+12 -12
View File
@@ -45,7 +45,7 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
if ($this->isSuperUser()) {
return true;
}
$permitted = false;
$user_groups = $this->groups;
@@ -55,19 +55,25 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
$user_permissions = json_decode($this->permissions, true);
//If the user is explicitly granted, return false
if (($user_permissions!='') && ((array_key_exists($section, $user_permissions)) && ($user_permissions[$section]=='1')) ) {
$permitted = true;
return true;
}
// If the user is explicitly denied, return false
if (($user_permissions=='') || array_key_exists($section, $user_permissions) && ($user_permissions[$section]=='-1')) {
return false;
}
// Loop through the groups to see if any of them grant this permission
foreach ($user_groups as $user_group) {
$group_permissions = json_decode($user_group->permissions, true);
if (((array_key_exists($section, $group_permissions)) && ($group_permissions[$section]=='1'))) {
$permitted = true;
return true;
}
}
return $permitted;
return false;
}
public function isSuperUser() {
@@ -211,13 +217,7 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
*/
public function groups()
{
static $static_cache = null;
if (!$static_cache) {
$static_cache = $this->belongsToMany('\App\Models\Group', 'users_groups');
}
return $static_cache;
//return $this->belongsToMany('\App\Models\Group', 'users_groups');
return $this->belongsToMany('\App\Models\Group', 'users_groups');
}
+13 -6
View File
@@ -30,7 +30,9 @@ input[type='text'][disabled], input[disabled], textarea[disabled], input[readonl
color: #555555;
cursor:text;
}
.radio-padding {
padding-left: 50px;
}
</style>
<div class="row">
@@ -242,7 +244,7 @@ input[type='text'][disabled], input[disabled], textarea[disabled], input[readonl
</div>
<!-- Notes -->
<div class="form-group {!! $errors->has('notes') ? ' has-error' : '' !!}">
<div class="form-group{!! $errors->has('notes') ? ' has-error' : '' !!}">
<label for="notes" class="col-md-3 control-label">{{ trans('admin/users/table.notes') }}</label>
<div class="col-md-9">
<textarea class="form-control" id="notes" name="notes">{{ Input::old('notes', $user->notes) }}</textarea>
@@ -251,7 +253,7 @@ input[type='text'][disabled], input[disabled], textarea[disabled], input[readonl
</div>
<!-- Groups -->
<div class="form-group {{ $errors->has('groups') ? 'has-error' : '' }}">
<div class="form-group{{ $errors->has('groups') ? ' has-error' : '' }}">
<label class="col-md-3 control-label" for="groups"> {{ trans('general.groups') }}</label>
<div class="col-md-5">
<div class="controls">
@@ -295,6 +297,7 @@ input[type='text'][disabled], input[disabled], textarea[disabled], input[readonl
</div><!-- /.tab-pane -->
<div class="tab-pane" id="tab_2">
<div class="col-md-10 col-md-offset-2">
@foreach ($permissions as $area => $permission)
@for ($i = 0; $i < count($permission); $i++)
@@ -308,14 +311,18 @@ input[type='text'][disabled], input[disabled], textarea[disabled], input[readonl
<!-- radio -->
<div class="form-group" style="padding-left: 15px;">
<label class="radio-padding">
{{ Form::radio('permission['.$permission_name.']', 1, $userPermissions[$permission_name], ['class' => 'minimal']) }}
{{ Form::radio('permission['.$permission_name.']', '1', $userPermissions[$permission_name] == '1', ['class' => 'minimal']) }}
Grant</label>
<label class="radio-padding">
{{ Form::radio('permission['.$permission_name.']', 0, !$userPermissions[$permission_name], ['class' => 'minimal']) }}
{{ Form::radio('permission['.$permission_name.']', '-1', $userPermissions[$permission_name] == '-1', ['class' => 'minimal']) }}
Deny</label>
<label class="radio-padding">
{{ Form::radio('permission['.$permission_name.']', '0', $userPermissions[$permission_name] =='0', ['class' => 'minimal']) }}
Inherit</label>
</div>
<hr>
@endif