Merge branch 'dev'

Author: kodeine

composer.json

@@ -11,7 +11,8 @@
     ],
     "require": {
         "php": ">=5.4.0",
-        "illuminate/support": "4.2.x|~5.0"
+        "illuminate/support": "4.2.x|~5.0",
+        "illuminate/database": "4.2.x|~5.0"
     },
     "autoload": {
         "classmap": [

src/Kodeine/Acl/Helper/Helper.php

@@ -35,20 +35,37 @@ protected function toDotPermissions(array $permissions)
     |
     */
 
+    protected function parseOperator($str)
+    {
+        // if its an array lets use
+        // and operator by default
+        if (is_array($str)) {
+            $str = implode(',', $str);
+        }
+
+        if (preg_match('/([,|])(?:\s+)?/', $str, $m)) {
+            return $m[1] == '|' ? 'or' : 'and';
+        }
+
+        return false;
+    }
+
     /**
      * Converts strings having comma
-     * or pipe to an array
+     * or pipe to an array in
+     * lowercase
      *
      * @param $str
      * @return array
      */
     protected function hasDelimiterToArray($str)
     {
         if ( is_string($str) && preg_match('/[,|]/is', $str) ) {
-            $str = preg_split('/ ?[,|] ?/', $str);
+            return preg_split('/ ?[,|] ?/', strtolower($str));
         }
 
-        return $str;
+        return is_array($str) ?
+            array_filter($str, 'strtolower') : strtolower($str);
     }
 
     /**

src/Kodeine/Acl/Middleware/HasPermission.php

@@ -36,9 +36,9 @@ public function handle($request, Closure $next)
     {
         $this->request = $request;
 
-        if ( ( ! $this->getAction('is') or $this->hasRole())
-            and ( ! $this->getAction('can') and ! $this->getAction('protect_alias')
-                or $this->hasPermission())
+        if ( ( ! $this->getAction('is') or $this->hasRole() ) and
+             ( ! $this->getAction('can') or $this->hasPermission() ) and
+             ( ! $this->getAction('protect_alias') or $this->protectMethods() )
         ) {
             return $next($request);
         }
@@ -79,11 +79,6 @@ protected function hasPermission()
         $request = $this->request;
         $do = $this->getAction('can');
 
-        // if method protection is needed.
-        if ( ! $do && $this->getAction('protect_alias') ) {
-            return $this->protectMethods();
-        }
-
         return ! $this->forbiddenRoute() && $request->user()->can($do);
     }
 

src/Kodeine/Acl/Models/Eloquent/Permission.php

@@ -1,6 +1,5 @@
 <?php namespace Kodeine\Acl\Models\Eloquent;
 
-use Config;
 use Illuminate\Database\Eloquent\Model;
 
 class Permission extends Model
@@ -10,7 +9,7 @@ class Permission extends Model
      *
      * @var array
      */
-    protected $fillable = ['name', 'slug', 'description'];
+    protected $fillable = ['name', 'slug', 'description', 'inherit_id'];
 
     /**
      * The database table used by the model.
@@ -26,7 +25,8 @@ class Permission extends Model
      */
     public function roles()
     {
-        $model = Config::get('acl.role', 'Kodeine\Acl\Models\Eloquent\Role');
+        $model = config('acl.role', 'Kodeine\Acl\Models\Eloquent\Role');
+
         return $this->belongsToMany($model)->withTimestamps();
     }
 
@@ -37,7 +37,7 @@ public function roles()
      */
     public function users()
     {
-        return $this->belongsToMany(Config::get('auth.model'))->withTimestamps();
+        return $this->belongsToMany(config('auth.model'))->withTimestamps();
     }
 
     /**

src/Kodeine/Acl/Models/Eloquent/Role.php

@@ -1,6 +1,5 @@
 <?php namespace Kodeine\Acl\Models\Eloquent;
 
-use Config;
 use Illuminate\Database\Eloquent\Model;
 use Kodeine\Acl\Traits\HasPermission;
 
@@ -29,7 +28,7 @@ class Role extends Model
      */
     public function users()
     {
-        return $this->belongsToMany(Config::get('auth.model'))->withTimestamps();
+        return $this->belongsToMany(config('auth.model'))->withTimestamps();
     }
 
     /**
@@ -39,7 +38,7 @@ public function users()
      */
     public function getPermissions()
     {
-        return $this->permissions->lists('slug', 'name');
+        return $this->getPermissionsInherited();
     }
 
     /**
@@ -49,22 +48,64 @@ public function getPermissions()
      * @param array  $mergePermissions
      * @return bool
      */
-    public function can($permission, $mergePermissions = [])
+    public function can($permission, $operator = null, $mergePermissions = [])
     {
+        $operator = is_null(null) ? $this->parseOperator($permission) : $operator;
+
         $permission = $this->hasDelimiterToArray($permission);
         $permissions = $this->getPermissions() + $mergePermissions;
 
         // make permissions to dot notation.
         // create.user, delete.admin etc.
         $permissions = $this->toDotPermissions($permissions);
 
+        // validate permissions array
         if ( is_array($permission) ) {
-            $intersect = array_intersect_key($permissions, array_flip($permission));
 
-            return count($permission) == count($intersect);
+            if ( ! in_array($operator, ['and', 'or']) ) {
+                $e = 'Invalid operator, available operators are "and", "or".';
+                throw new \InvalidArgumentException($e);
+            }
+
+            $call = 'canWith' . ucwords($operator);
+
+            return $this->$call($permission, $permissions);
         }
 
+        // validate single permission
         return isset($permissions[$permission]) && $permissions[$permission] == true;
     }
 
+    /**
+     * @param $permission
+     * @param $permissions
+     * @return bool
+     */
+    protected function canWithAnd($permission, $permissions)
+    {
+        foreach ($permission as $check) {
+            if ( ! in_array($check, $permissions) || ! isset($permissions[$check]) || $permissions[$check] != true ) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    /**
+     * @param $permission
+     * @param $permissions
+     * @return bool
+     */
+    protected function canWithOr($permission, $permissions)
+    {
+        foreach ($permission as $check) {
+            if ( in_array($check, $permissions) && isset($permissions[$check]) && $permissions[$check] == true ) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
 }

src/Kodeine/Acl/Traits/HasPermission.php

@@ -4,7 +4,7 @@
 
 trait HasPermission
 {
-    use HasUserPermission, Helper;
+    use HasUserPermission, HasPermissionInheritance, Helper;
 
     /*
     |----------------------------------------------------------------------
@@ -20,7 +20,8 @@ trait HasPermission
      */
     public function permissions()
     {
-        $model = \Config::get('acl.permission', 'Kodeine\Acl\Models\Eloquent\Permission');
+        $model = config('acl.permission', 'Kodeine\Acl\Models\Eloquent\Permission');
+
         return $this->belongsToMany($model)->withTimestamps();
     }
 
@@ -33,7 +34,7 @@ public function permissions()
     public function getPermissions()
     {
         // user permissions overridden from role.
-        $permissions = $this->permissions->lists('slug', 'name');
+        $permissions = $this->getPermissionsInherited();
 
         // permissions based on role.
         foreach ($this->roles as $role) {
@@ -51,18 +52,16 @@ public function getPermissions()
      */
     public function can($permission)
     {
-        // user has its own permissions
-        // without any role?
+        // user permissions including
+        // all of user role permissions
         $merge = $this->getPermissions();
 
-        // permissions based on role
-        foreach ($this->roles as $role) {
-            if ( $role->can($permission, $merge) ) {
-                return true;
-            }
-        }
+        // get first role and use can method
+        // $merge already has all user role
+        // permissions.
+        $role = $this->roles->first();
 
-        return false;
+        return ! is_null($role) && $role->can($permission, null, $merge);
     }
 
     /**
@@ -150,15 +149,15 @@ protected function parsePermissionId($permission)
     {
         if ( is_string($permission) || is_numeric($permission) ) {
 
-            $model = new \Kodeine\Acl\Models\Eloquent\Permission;
+            $model = config('acl.permission', 'Kodeine\Acl\Models\Eloquent\Permission');
             $key = is_numeric($permission) ? 'id' : 'name';
-            $find = $model->where($key, $permission)->first();
+            $alias = (new $model)->where($key, $permission)->first();
 
-            if ( ! is_object($find) ) {
+            if ( ! is_object($alias) || ! $alias->exists ) {
                 throw new \InvalidArgumentException('Specified permission ' . $key . ' does not exists.');
             }
 
-            $permission = $find->getKey();
+            $permission = $alias->getKey();
         }
 
         $model = '\Illuminate\Database\Eloquent\Model';

src/Kodeine/Acl/Traits/HasPermissionInheritance.php

@@ -0,0 +1,89 @@
+<?php namespace Kodeine\Acl\Traits;
+
+
+trait HasPermissionInheritance
+{
+    protected $cacheInherit;
+
+    /*
+    |----------------------------------------------------------------------
+    | Permission Inheritance Trait Methods
+    |----------------------------------------------------------------------
+    |
+    */
+
+    public function getPermissionsInherited()
+    {
+        $permissions = $this->permissions->lists('slug', 'name');
+        $inherits = $this->permissions->lists('inherit_id', 'name');
+
+        foreach ($inherits as $name => $inherit_id) {
+            if ( ! $inherit_id ) continue;
+
+            // get inherit row from cache else query it.
+            $inherit = $this->getCacheInherit($inherit_id);
+
+            // add inherit row to cache.
+            $this->setCacheInherit($inherit);
+
+            // merge inheritances
+            // rename permission name to inherited name.
+            if ( $inherit->exists ) {
+                if ( isset($permissions[$inherit->name]) ) {
+                    $permissions[$inherit->name] = $permissions[$name] + $permissions[$inherit->name];
+                } else {
+                    $permissions[$inherit->name] = $permissions[$name] + $inherit->slug;
+                }
+                unset($permissions[$name]);
+            }
+
+        }
+
+        return $permissions;
+    }
+
+    protected function getCacheInherit($inherit_id)
+    {
+        if ( isset($this->cacheInherit[$inherit_id]) ) {
+            return $this->cacheInherit[$inherit_id];
+        }
+
+        $model = config('acl.permission', 'Kodeine\Acl\Models\Eloquent\Permission');
+        return (new $model)->where('id', $inherit_id)->first();
+    }
+
+    protected function setCacheInherit($inherit)
+    {
+        return $this->cacheInherit[$inherit->getKey()] = $inherit;
+    }
+
+    /**
+     * Parses permission id from object or array.
+     *
+     * @param object|array|int $permission
+     * @return mixed
+     */
+    protected function parsePermissionId($permission)
+    {
+        if ( is_string($permission) || is_numeric($permission) ) {
+
+            $model = config('acl.permission', 'Kodeine\Acl\Models\Eloquent\Permission');
+            $key = is_numeric($permission) ? 'id' : 'name';
+            $alias = (new $model)->where($key, $permission)->first();
+
+            if ( ! is_object($alias) || ! $alias->exists ) {
+                throw new \InvalidArgumentException('Specified permission ' . $key . ' does not exists.');
+            }
+
+            $permission = $alias->getKey();
+        }
+
+        $model = '\Illuminate\Database\Eloquent\Model';
+        if ( is_object($permission) && $permission instanceof $model ) {
+            $permission = $permission->getKey();
+        }
+
+        return (int) $permission;
+    }
+
+}