181 lines
6.3 KiB
PHP
181 lines
6.3 KiB
PHP
<?php
|
|
|
|
namespace MintyPHP\Service;
|
|
|
|
use MintyPHP\Repository\RolePermissionRepository;
|
|
use MintyPHP\Repository\UserRoleRepository;
|
|
use MintyPHP\Repository\PermissionRepository;
|
|
|
|
class PermissionService
|
|
{
|
|
public const USERS_CREATE = 'users.create';
|
|
public const USERS_DELETE = 'users.delete';
|
|
public const USERS_VIEW = 'users.view';
|
|
public const USERS_UPDATE = 'users.update';
|
|
public const USERS_SELF_UPDATE = 'users.self_update';
|
|
public const USERS_UPDATE_ASSIGNMENTS = 'users.update_assignments';
|
|
public const ADDRESS_BOOK_VIEW = 'address_book.view';
|
|
public const TENANTS_VIEW = 'tenants.view';
|
|
public const TENANTS_CREATE = 'tenants.create';
|
|
public const TENANTS_UPDATE = 'tenants.update';
|
|
public const TENANTS_DELETE = 'tenants.delete';
|
|
public const DEPARTMENTS_VIEW = 'departments.view';
|
|
public const DEPARTMENTS_CREATE = 'departments.create';
|
|
public const DEPARTMENTS_UPDATE = 'departments.update';
|
|
public const DEPARTMENTS_DELETE = 'departments.delete';
|
|
public const ROLES_VIEW = 'roles.view';
|
|
public const ROLES_CREATE = 'roles.create';
|
|
public const ROLES_UPDATE = 'roles.update';
|
|
public const ROLES_DELETE = 'roles.delete';
|
|
public const PERMISSIONS_VIEW = 'permissions.view';
|
|
public const PERMISSIONS_CREATE = 'permissions.create';
|
|
public const PERMISSIONS_UPDATE = 'permissions.update';
|
|
public const PERMISSIONS_DELETE = 'permissions.delete';
|
|
public const SETTINGS_VIEW = 'settings.view';
|
|
public const SETTINGS_UPDATE = 'settings.update';
|
|
public const MAIL_LOG_VIEW = 'mail_log.view';
|
|
public const STATS_VIEW = 'stats.view';
|
|
|
|
public static function userHas(int $userId, string $permissionKey): bool
|
|
{
|
|
$permissionKey = trim((string) $permissionKey);
|
|
if ($userId <= 0 || $permissionKey === '') {
|
|
return false;
|
|
}
|
|
$keys = self::getUserPermissions($userId);
|
|
return in_array($permissionKey, $keys, true);
|
|
}
|
|
|
|
public static function getUserPermissions(int $userId, bool $refresh = false): array
|
|
{
|
|
if ($userId <= 0) {
|
|
return [];
|
|
}
|
|
$cache = $_SESSION['permissions'] ?? null;
|
|
if ($refresh) {
|
|
$cache = null;
|
|
}
|
|
if (is_array($cache) && (int) ($cache['user_id'] ?? 0) === $userId) {
|
|
$keys = $cache['keys'] ?? [];
|
|
if (is_array($keys)) {
|
|
return $keys;
|
|
}
|
|
}
|
|
$roleIds = UserRoleRepository::listRoleIdsByUserId($userId);
|
|
$keys = RolePermissionRepository::listPermissionKeysByRoleIds($roleIds);
|
|
$_SESSION['permissions'] = [
|
|
'user_id' => $userId,
|
|
'keys' => $keys,
|
|
];
|
|
return $keys;
|
|
}
|
|
|
|
public static function getCachedPermissions(int $userId): array
|
|
{
|
|
if ($userId <= 0) {
|
|
return [];
|
|
}
|
|
$cache = $_SESSION['permissions'] ?? null;
|
|
if (is_array($cache) && (int) ($cache['user_id'] ?? 0) === $userId) {
|
|
$keys = $cache['keys'] ?? [];
|
|
return is_array($keys) ? $keys : [];
|
|
}
|
|
return [];
|
|
}
|
|
|
|
public static function clearUserCache(int $userId): void
|
|
{
|
|
$cache = $_SESSION['permissions'] ?? null;
|
|
if (is_array($cache) && (int) ($cache['user_id'] ?? 0) === $userId) {
|
|
unset($_SESSION['permissions']);
|
|
}
|
|
}
|
|
|
|
public static function list(): array
|
|
{
|
|
return PermissionRepository::list();
|
|
}
|
|
|
|
public static function listPaged(array $options): array
|
|
{
|
|
return PermissionRepository::listPaged($options);
|
|
}
|
|
|
|
public static function find(int $id): ?array
|
|
{
|
|
return PermissionRepository::find($id);
|
|
}
|
|
|
|
public static function findByKey(string $key): ?array
|
|
{
|
|
return PermissionRepository::findByKey($key);
|
|
}
|
|
|
|
public static function createFromAdmin(array $input): array
|
|
{
|
|
$form = self::sanitizeBase($input);
|
|
$errors = self::validateBase($form);
|
|
if ($errors) {
|
|
return ['ok' => false, 'errors' => $errors, 'form' => $form];
|
|
}
|
|
if (PermissionRepository::findByKey($form['key'])) {
|
|
return ['ok' => false, 'errors' => [t('Permission key already exists')], 'form' => $form];
|
|
}
|
|
$createdId = PermissionRepository::create($form);
|
|
if (!$createdId) {
|
|
return ['ok' => false, 'errors' => [t('Permission can not be created')], 'form' => $form];
|
|
}
|
|
return ['ok' => true, 'form' => $form, 'id' => (int) $createdId];
|
|
}
|
|
|
|
public static function updateFromAdmin(int $id, array $input): array
|
|
{
|
|
$form = self::sanitizeBase($input);
|
|
$errors = self::validateBase($form);
|
|
if ($errors) {
|
|
return ['ok' => false, 'errors' => $errors, 'form' => $form];
|
|
}
|
|
$existing = PermissionRepository::findByKey($form['key']);
|
|
if ($existing && (int) ($existing['id'] ?? 0) !== $id) {
|
|
return ['ok' => false, 'errors' => [t('Permission key already exists')], 'form' => $form];
|
|
}
|
|
$updated = PermissionRepository::update($id, $form);
|
|
if (!$updated) {
|
|
return ['ok' => false, 'errors' => [t('Permission can not be updated')], 'form' => $form];
|
|
}
|
|
return ['ok' => true, 'form' => $form];
|
|
}
|
|
|
|
public static function deleteById(int $id): array
|
|
{
|
|
$permission = PermissionRepository::find($id);
|
|
if (!$permission) {
|
|
return ['ok' => false, 'status' => 404, 'error' => 'not_found'];
|
|
}
|
|
$deleted = PermissionRepository::delete($id);
|
|
if (!$deleted) {
|
|
return ['ok' => false, 'status' => 500, 'error' => 'delete_failed'];
|
|
}
|
|
return ['ok' => true, 'permission' => $permission];
|
|
}
|
|
|
|
private static function sanitizeBase(array $input): array
|
|
{
|
|
return [
|
|
'key' => trim((string) ($input['key'] ?? '')),
|
|
'description' => trim((string) ($input['description'] ?? '')),
|
|
];
|
|
}
|
|
|
|
private static function validateBase(array $form): array
|
|
{
|
|
$errors = [];
|
|
if ($form['key'] === '') {
|
|
$errors[] = t('Permission key cannot be empty');
|
|
} elseif (!preg_match('/^[a-z0-9._-]+$/i', $form['key'])) {
|
|
$errors[] = t('Permission key is invalid');
|
|
}
|
|
return $errors;
|
|
}
|
|
}
|