-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathSyncPermissions.php
197 lines (185 loc) · 5.83 KB
/
SyncPermissions.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
<?php
namespace App\Console\Commands;
use App\Actions\Permissions\ReadPermissionConfig;
use Illuminate\Console\Command;
use Illuminate\Support\Facades\Storage;
use Spatie\Permission\Exceptions\RoleDoesNotExist;
use Spatie\Permission\Models\Permission;
use Spatie\Permission\Models\Role;
use Symfony\Component\Yaml\Yaml;
class SyncPermissions extends Command
{
/**
* The name and signature of the console command.
*
* @var string
*/
protected $signature = 'admin:sync-permissions';
/**
* The console command description.
*
* @var string
*/
protected $description = 'Synchronizes the permissions';
protected ReadPermissionConfig $readPermissionConfig;
/**
* Execute the console command.
*/
public function handle()
{
$this->readPermissionConfig = new ReadPermissionConfig();
$config = $this->readPermissionConfig->execute('config/permissions.yml');
if (!$config) {
$this->error("Aborting...");
return 1;
}
$this->syncRoles($config['roles']);
$this->syncPermissions($config['permissions']);
return 0;
}
/**
* Synchronizes all the role data
*
* @param array|string $input
* @return void
*/
private function syncRoles(array|string $input)
{
if (is_array($input)) {
$role_data = $this->prepareRoles($input);
} else {
// When string is given, assume it is just one role name
$role_data = [
['name' => $input]
];
}
foreach ($role_data as $role) {
Role::updateOrCreate(
['name' => $role['name']],
$role
);
}
// Delete the roles that are not in the config
$names_array = array_map(fn($item) => $item['name'], $role_data);
Role::whereNotIn('name', $names_array)->delete();
}
/**
* Prepares the roles. It allows for declaring a role as a single item or
* with attributes. It converts it into a structure:
* ```
* [
* 'name' => $name
* ]
* ```
*
* @param array $roles
* @return array|array[]
*/
private function prepareRoles(array $roles)
{
return array_map(
fn($role) => is_array($role) ? $role : ['name' => $role],
$roles
);
}
/**
* Synchronizes the permissions.
*
* @param array $permissions
* @return void
*/
private function syncPermissions(array $permissions)
{
$permissions = $this->convertPermissionList($permissions);
foreach ($permissions as $item) {
$roles = $item['roles'];
unset($item['roles']);
$permission = Permission::updateOrCreate(
['name' => $item['name']],
$item
);
try {
$permission->syncRoles($roles);
} catch (RoleDoesNotExist $exception) {
$this->error($exception->getMessage());
}
}
// Delete the permissions that are not in the config
$names_array = array_map(fn($item) => $item['name'], $permissions);
Permission::whereNotIn('name', $names_array)->delete();
}
/**
* Converts the original list of atomic and nested permissions into one
* list, which is structured as:
* ```
* [
* 'name' => $permission_name,
* 'roles' => $array_of_role_names
* ]
* ```
* @param array $permissions
* @return array
*/
private function convertPermissionList(array $permissions): array
{
$result = [];
foreach ($permissions as $key => $content) {
if ($this->isNested($content)) {
if ($this->hasPermissionAttributes($content)) {
$content['name'] = $key;
$result[] = $content;
}
foreach ($content as $nested_key => $nested_content) {
if ($this->hasPermissionAttributes($nested_content)) {
// The naming convention for nested permissions is set here
$nested_content['name'] = "$nested_key $key";
$result[] = $nested_content;
} else {
$result[] = [
// The naming convention for nested permissions is ALSO set here
'name' => "$nested_key $key",
'roles' => $nested_content
];
}
}
} else {
$result[] = [
'name' => $key,
'roles' => $content
];
}
}
return $result;
}
/**
* Checks if the given input appears to have permission attribibutes like
* `guard_name` and `roles`.
*
* @param $input
* @return bool
*/
private function hasPermissionAttributes($input)
{
if (!is_array($input)) {
return false;
}
// If the nested content holds the keys 'guard_name' or 'roles'
// it is assumed to be an atomic permission with a guard_name or roles specified as attributes
return array_key_exists('guard_name', $input) || array_key_exists('roles', $input);
}
/**
* Checks if the given permission content is a nested permission.
*
* @param array|string $content
* @return bool
*/
private function isNested(array|string $content)
{
if (!is_array($content)) {
return false;
}
// Use the `array_is_list()` function that checks if the array keys are 0, 1, ...
// So, if the content is just an array, it assumes it is an atomic permission
return !array_is_list($content);
}
}