From b9eb714f2e444fa3f9908dde3178c66a5801bcdf Mon Sep 17 00:00:00 2001 From: dogukanoksuz Date: Thu, 5 Sep 2024 18:53:09 +0300 Subject: [PATCH] feat-wip: Role based view customization system --- app/Classes/Authentication/Authenticator.php | 50 ++++++++++++++++--- .../API/Settings/RoleController.php | 31 ++++++++++-- app/Models/Permission.php | 2 +- config/liman.php | 12 ++++- routes/api.php | 3 ++ 5 files changed, 84 insertions(+), 14 deletions(-) diff --git a/app/Classes/Authentication/Authenticator.php b/app/Classes/Authentication/Authenticator.php index 29e55384..bcc30d36 100644 --- a/app/Classes/Authentication/Authenticator.php +++ b/app/Classes/Authentication/Authenticator.php @@ -20,13 +20,15 @@ class Authenticator */ public static function createNewToken($token, ?Request $request = null) { - User::find(auth('api')->user()->id)->update([ + $id = auth('api')->user()->id; + + User::find($id)->update([ 'last_login_at' => Carbon::now()->toDateTimeString(), 'last_login_ip' => $request->ip(), ]); AuthLog::create([ - 'user_id' => auth('api')->user()->id, + 'user_id' => $id, 'ip_address' => $request->ip(), 'user_agent' => $request->userAgent(), ]); @@ -34,7 +36,7 @@ public static function createNewToken($token, ?Request $request = null) $return = [ 'expired_at' => (auth('api')->factory()->getTTL() * 60 + time()) * 1000, 'user' => [ - ...User::find(auth('api')->user()->id, [ + ...User::find($id, [ 'id', 'name', 'email', @@ -45,11 +47,43 @@ public static function createNewToken($token, ?Request $request = null) 'last_login_at' => Carbon::now()->toDateTimeString(), 'last_login_ip' => $request->ip(), 'permissions' => [ - 'server_details' => Permission::can(auth('api')->user()->id, 'liman', 'id', 'server_details'), - 'server_services' => Permission::can(auth('api')->user()->id, 'liman', 'id', 'server_services'), - 'add_server' => Permission::can(auth('api')->user()->id, 'liman', 'id', 'add_server'), - 'update_server' => Permission::can(auth('api')->user()->id, 'liman', 'id', 'update_server'), - 'view_logs' => Permission::can(auth('api')->user()->id, 'liman', 'id', 'view_logs'), + 'server_details' => Permission::can($id, 'liman', 'id', 'server_details'), + 'server_services' => Permission::can($id, 'liman', 'id', 'server_services'), + 'add_server' => Permission::can($id, 'liman', 'id', 'add_server'), + 'update_server' => Permission::can($id, 'liman', 'id', 'update_server'), + 'view_logs' => Permission::can($id, 'liman', 'id', 'view_logs'), + 'view' => (function () { + $defaultPermissions = config('liman.default_views'); + + if (auth('api')->user()->isAdmin()) { + return $defaultPermissions; + } + + // TODO: Check priorities of permission values + // If something is different than default, it should be returned + $permissions = Permission::whereIn( + 'morph_id', + auth('api')->user()->roles->pluck('id')->toArray() + ) + ->where('morph_type', 'roles') + ->where('type', 'view') + ->get(); + + $customPermissions = $permissions->map(function ($item) { + return [ + $item->key => json_decode($item->value), + ]; + })->toArray(); + + $filteredPermissions = array_filter($customPermissions, function ($permission) use ($defaultPermissions) { + return !in_array($permission, $defaultPermissions); + }); + + return [ + ...$defaultPermissions, + ...$filteredPermissions, + ]; + })(), ], ], ]; diff --git a/app/Http/Controllers/API/Settings/RoleController.php b/app/Http/Controllers/API/Settings/RoleController.php index 852bf232..30ddfde1 100644 --- a/app/Http/Controllers/API/Settings/RoleController.php +++ b/app/Http/Controllers/API/Settings/RoleController.php @@ -49,6 +49,7 @@ public function show(Request $request) 'liman' => $role->permissions->where('type', 'liman')->count(), 'functions' => $role->permissions->where('type', 'function')->count(), 'variables' => $role->permissions->where('type', 'variable')->count(), + 'views' => $role->permissions->where('type', 'view')->count(), ]; return $role; @@ -605,12 +606,34 @@ public function deleteVariables(Request $request) */ public function views(Request $request) { + // View permission roles guide + // Options: + // - Sidebar: Shows server list / shows extension list that user has access + // - Sidebar [string]: servers, extensions + // - Sidebar [default_value]: servers + // - Dashboard [string[]]: Server count, extension count, user count, version, most used extensions, most used servers + // - Dashboard [string[]]: servers, extensions, users, version, most_used_extensions, most_used_servers + // - Dashboard [default_value]: servers, extensions, users, version, most_used_extensions, most_used_servers + // If sidebar has extensions, dashboard must have extensions + // If sidebar has servers, dashboard must have servers and extensions both + + $defaultViews = config('liman.default_views'); + $permissions = Permission::where([ 'morph_id' => $request->role_id, 'type' => 'view', ])->get(); - return response()->json($permissions); + $viewSettings = [ + ...$defaultViews, + ...$permissions->map(function ($item) { + return [ + $item->key => json_decode($item->value), + ]; + })->toArray(), + ]; + + return response()->json($viewSettings); } /** @@ -626,12 +649,12 @@ public function setViews(Request $request) 'type' => 'view', ])->delete(); - foreach ($request->views as $view) { + foreach ($request->views as $setting => $value) { Permission::grant( $request->role_id, 'view', - 'name', - $view, + $setting, + json_encode($value), null, 'roles' ); diff --git a/app/Models/Permission.php b/app/Models/Permission.php index 3b59a5b7..d649129c 100644 --- a/app/Models/Permission.php +++ b/app/Models/Permission.php @@ -76,7 +76,7 @@ public static function grant( $key, $value, $extra = null, - $morph_type = 'users' + $morph_type = 'roles' ) { try { diff --git a/config/liman.php b/config/liman.php index bad0a7c4..e5b9245b 100644 --- a/config/liman.php +++ b/config/liman.php @@ -2,7 +2,17 @@ return [ 'server_connection_timeout' => 5000, //ms - 'wizard_max_steps' => 4, + 'default_views' => [ + 'sidebar' => 'servers', + 'dashboard' => [ + 'servers', + 'extensions', + 'users', + 'version', + 'most_used_extensions', + 'most_used_servers', + ], + ], 'search' => [ 'admin' => [ [ diff --git a/routes/api.php b/routes/api.php index b9c68350..9c6ccde0 100644 --- a/routes/api.php +++ b/routes/api.php @@ -251,6 +251,9 @@ Route::get('/variables', [Settings\RoleController::class, 'variables']); Route::post('/variables', [Settings\RoleController::class, 'setVariables']); Route::delete('/variables', [Settings\RoleController::class, 'deleteVariables']); + + Route::get('/views', [Settings\RoleController::class, 'views']); + Route::post('/views', [Settings\RoleController::class, 'setViews']); }); });