mirror of
https://github.com/BookStackApp/BookStack.git
synced 2025-06-01 05:51:52 +08:00
Major permission naming refactor and database migration cleanup
This commit is contained in:
Dan Brown
@ -21,10 +21,13 @@ class CreateUsersTable extends Migration
|
||||
$table->nullableTimestamps();
|
||||
});
|
||||
|
||||
\BookStack\User::forceCreate([
|
||||
// Create the initial admin user
|
||||
DB::table('users')->insert([
|
||||
'name' => 'Admin',
|
||||
'email' => 'admin@admin.com',
|
||||
'password' => bcrypt('password')
|
||||
'password' => bcrypt('password'),
|
||||
'created_at' => \Carbon\Carbon::now()->toDateTimeString(),
|
||||
'updated_at' => \Carbon\Carbon::now()->toDateTimeString()
|
||||
]);
|
||||
}
|
||||
|
||||
|
||||
@ -68,35 +68,44 @@ class AddRolesAndPermissions extends Migration
|
||||
|
||||
|
||||
// Create default roles
|
||||
$admin = new \BookStack\Role();
|
||||
$admin->name = 'admin';
|
||||
$admin->display_name = 'Admin';
|
||||
$admin->description = 'Administrator of the whole application';
|
||||
$admin->save();
|
||||
$adminId = DB::table('roles')->insertGetId([
|
||||
'name' => 'admin',
|
||||
'display_name' => 'Admin',
|
||||
'description' => 'Administrator of the whole application',
|
||||
'created_at' => \Carbon\Carbon::now()->toDateTimeString(),
|
||||
'updated_at' => \Carbon\Carbon::now()->toDateTimeString()
|
||||
]);
|
||||
$editorId = DB::table('roles')->insertGetId([
|
||||
'name' => 'editor',
|
||||
'display_name' => 'Editor',
|
||||
'description' => 'User can edit Books, Chapters & Pages',
|
||||
'created_at' => \Carbon\Carbon::now()->toDateTimeString(),
|
||||
'updated_at' => \Carbon\Carbon::now()->toDateTimeString()
|
||||
]);
|
||||
$viewerId = DB::table('roles')->insertGetId([
|
||||
'name' => 'viewer',
|
||||
'display_name' => 'Viewer',
|
||||
'description' => 'User can view books & their content behind authentication',
|
||||
'created_at' => \Carbon\Carbon::now()->toDateTimeString(),
|
||||
'updated_at' => \Carbon\Carbon::now()->toDateTimeString()
|
||||
]);
|
||||
|
||||
$editor = new \BookStack\Role();
|
||||
$editor->name = 'editor';
|
||||
$editor->display_name = 'Editor';
|
||||
$editor->description = 'User can edit Books, Chapters & Pages';
|
||||
$editor->save();
|
||||
|
||||
$viewer = new \BookStack\Role();
|
||||
$viewer->name = 'viewer';
|
||||
$viewer->display_name = 'Viewer';
|
||||
$viewer->description = 'User can view books & their content behind authentication';
|
||||
$viewer->save();
|
||||
|
||||
// Create default CRUD permissions and allocate to admins and editors
|
||||
$entities = ['Book', 'Page', 'Chapter', 'Image'];
|
||||
$ops = ['Create', 'Update', 'Delete'];
|
||||
foreach ($entities as $entity) {
|
||||
foreach ($ops as $op) {
|
||||
$newPermission = new \BookStack\Permission();
|
||||
$newPermission->name = strtolower($entity) . '-' . strtolower($op);
|
||||
$newPermission->display_name = $op . ' ' . $entity . 's';
|
||||
$newPermission->save();
|
||||
$admin->attachPermission($newPermission);
|
||||
$editor->attachPermission($newPermission);
|
||||
$newPermId = DB::table('permissions')->insertGetId([
|
||||
'name' => strtolower($entity) . '-' . strtolower($op),
|
||||
'display_name' => $op . ' ' . $entity . 's',
|
||||
'created_at' => \Carbon\Carbon::now()->toDateTimeString(),
|
||||
'updated_at' => \Carbon\Carbon::now()->toDateTimeString()
|
||||
]);
|
||||
DB::table('permission_role')->insert([
|
||||
['permission_id' => $newPermId, 'role_id' => $adminId],
|
||||
['permission_id' => $newPermId, 'role_id' => $editorId]
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
||||
@ -105,19 +114,27 @@ class AddRolesAndPermissions extends Migration
|
||||
$ops = ['Create', 'Update', 'Delete'];
|
||||
foreach ($entities as $entity) {
|
||||
foreach ($ops as $op) {
|
||||
$newPermission = new \BookStack\Permission();
|
||||
$newPermission->name = strtolower($entity) . '-' . strtolower($op);
|
||||
$newPermission->display_name = $op . ' ' . $entity;
|
||||
$newPermission->save();
|
||||
$admin->attachPermission($newPermission);
|
||||
$newPermId = DB::table('permissions')->insertGetId([
|
||||
'name' => strtolower($entity) . '-' . strtolower($op),
|
||||
'display_name' => $op . ' ' . $entity,
|
||||
'created_at' => \Carbon\Carbon::now()->toDateTimeString(),
|
||||
'updated_at' => \Carbon\Carbon::now()->toDateTimeString()
|
||||
]);
|
||||
DB::table('permission_role')->insert([
|
||||
'permission_id' => $newPermId,
|
||||
'role_id' => $adminId
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
||||
// Set all current users as admins
|
||||
// (At this point only the initially create user should be an admin)
|
||||
$users = \BookStack\User::all();
|
||||
$users = DB::table('users')->get();
|
||||
foreach ($users as $user) {
|
||||
$user->attachRole($admin);
|
||||
DB::table('role_user')->insert([
|
||||
'role_id' => $adminId,
|
||||
'user_id' => $user->id
|
||||
]);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -13,29 +13,31 @@ class UpdatePermissionsAndRoles extends Migration
|
||||
public function up()
|
||||
{
|
||||
// Get roles with permissions we need to change
|
||||
$adminRole = \BookStack\Role::getRole('admin');
|
||||
$editorRole = \BookStack\Role::getRole('editor');
|
||||
$adminRoleId = DB::table('roles')->where('name', '=', 'admin')->first()->id;
|
||||
$editorRole = DB::table('roles')->where('name', '=', 'editor')->first();
|
||||
|
||||
// Delete old permissions
|
||||
$permissions = \BookStack\Permission::all();
|
||||
$permissions->each(function ($permission) {
|
||||
$permission->delete();
|
||||
});
|
||||
$permissions = DB::table('permissions')->delete();
|
||||
|
||||
// Create & attach new admin permissions
|
||||
$permissionsToCreate = [
|
||||
'settings-manage' => 'Manage Settings',
|
||||
'users-manage' => 'Manage Users',
|
||||
'user-roles-manage' => 'Manage Roles & Permissions',
|
||||
'restrictions-manage-all' => 'Manage All Entity Restrictions',
|
||||
'restrictions-manage-own' => 'Manage Entity Restrictions On Own Content'
|
||||
'restrictions-manage-all' => 'Manage All Entity Permissions',
|
||||
'restrictions-manage-own' => 'Manage Entity Permissions On Own Content'
|
||||
];
|
||||
foreach ($permissionsToCreate as $name => $displayName) {
|
||||
$newPermission = new \BookStack\Permission();
|
||||
$newPermission->name = $name;
|
||||
$newPermission->display_name = $displayName;
|
||||
$newPermission->save();
|
||||
$adminRole->attachPermission($newPermission);
|
||||
$permissionId = DB::table('permissions')->insertGetId([
|
||||
'name' => $name,
|
||||
'display_name' => $displayName,
|
||||
'created_at' => \Carbon\Carbon::now()->toDateTimeString(),
|
||||
'updated_at' => \Carbon\Carbon::now()->toDateTimeString()
|
||||
]);
|
||||
DB::table('permission_role')->insert([
|
||||
'role_id' => $adminRoleId,
|
||||
'permission_id' => $permissionId
|
||||
]);
|
||||
}
|
||||
|
||||
// Create & attach new entity permissions
|
||||
@ -43,12 +45,22 @@ class UpdatePermissionsAndRoles extends Migration
|
||||
$ops = ['Create All', 'Create Own', 'Update All', 'Update Own', 'Delete All', 'Delete Own'];
|
||||
foreach ($entities as $entity) {
|
||||
foreach ($ops as $op) {
|
||||
$newPermission = new \BookStack\Permission();
|
||||
$newPermission->name = strtolower($entity) . '-' . strtolower(str_replace(' ', '-', $op));
|
||||
$newPermission->display_name = $op . ' ' . $entity . 's';
|
||||
$newPermission->save();
|
||||
$adminRole->attachPermission($newPermission);
|
||||
if ($editorRole !== null) $editorRole->attachPermission($newPermission);
|
||||
$permissionId = DB::table('permissions')->insertGetId([
|
||||
'name' => strtolower($entity) . '-' . strtolower(str_replace(' ', '-', $op)),
|
||||
'display_name' => $op . ' ' . $entity . 's',
|
||||
'created_at' => \Carbon\Carbon::now()->toDateTimeString(),
|
||||
'updated_at' => \Carbon\Carbon::now()->toDateTimeString()
|
||||
]);
|
||||
DB::table('permission_role')->insert([
|
||||
'role_id' => $adminRoleId,
|
||||
'permission_id' => $permissionId
|
||||
]);
|
||||
if ($editorRole !== null) {
|
||||
DB::table('permission_role')->insert([
|
||||
'role_id' => $editorRole->id,
|
||||
'permission_id' => $permissionId
|
||||
]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -62,24 +74,26 @@ class UpdatePermissionsAndRoles extends Migration
|
||||
public function down()
|
||||
{
|
||||
// Get roles with permissions we need to change
|
||||
$adminRole = \BookStack\Role::getRole('admin');
|
||||
$adminRoleId = DB::table('roles')->where('name', '=', 'admin')->first()->id;
|
||||
|
||||
// Delete old permissions
|
||||
$permissions = \BookStack\Permission::all();
|
||||
$permissions->each(function ($permission) {
|
||||
$permission->delete();
|
||||
});
|
||||
$permissions = DB::table('permissions')->delete();
|
||||
|
||||
// Create default CRUD permissions and allocate to admins and editors
|
||||
$entities = ['Book', 'Page', 'Chapter', 'Image'];
|
||||
$ops = ['Create', 'Update', 'Delete'];
|
||||
foreach ($entities as $entity) {
|
||||
foreach ($ops as $op) {
|
||||
$newPermission = new \BookStack\Permission();
|
||||
$newPermission->name = strtolower($entity) . '-' . strtolower($op);
|
||||
$newPermission->display_name = $op . ' ' . $entity . 's';
|
||||
$newPermission->save();
|
||||
$adminRole->attachPermission($newPermission);
|
||||
$permissionId = DB::table('permissions')->insertGetId([
|
||||
'name' => strtolower($entity) . '-' . strtolower($op),
|
||||
'display_name' => $op . ' ' . $entity . 's',
|
||||
'created_at' => \Carbon\Carbon::now()->toDateTimeString(),
|
||||
'updated_at' => \Carbon\Carbon::now()->toDateTimeString()
|
||||
]);
|
||||
DB::table('permission_role')->insert([
|
||||
'role_id' => $adminRoleId,
|
||||
'permission_id' => $permissionId
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
||||
@ -88,11 +102,16 @@ class UpdatePermissionsAndRoles extends Migration
|
||||
$ops = ['Create', 'Update', 'Delete'];
|
||||
foreach ($entities as $entity) {
|
||||
foreach ($ops as $op) {
|
||||
$newPermission = new \BookStack\Permission();
|
||||
$newPermission->name = strtolower($entity) . '-' . strtolower($op);
|
||||
$newPermission->display_name = $op . ' ' . $entity;
|
||||
$newPermission->save();
|
||||
$adminRole->attachPermission($newPermission);
|
||||
$permissionId = DB::table('permissions')->insertGetId([
|
||||
'name' => strtolower($entity) . '-' . strtolower($op),
|
||||
'display_name' => $op . ' ' . $entity,
|
||||
'created_at' => \Carbon\Carbon::now()->toDateTimeString(),
|
||||
'updated_at' => \Carbon\Carbon::now()->toDateTimeString()
|
||||
]);
|
||||
DB::table('permission_role')->insert([
|
||||
'role_id' => $adminRoleId,
|
||||
'permission_id' => $permissionId
|
||||
]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -12,20 +12,25 @@ class AddViewPermissionsToRoles extends Migration
|
||||
*/
|
||||
public function up()
|
||||
{
|
||||
$currentRoles = \BookStack\Role::all();
|
||||
$currentRoles = DB::table('roles')->get();
|
||||
|
||||
// Create new view permissions
|
||||
// Create new view permission
|
||||
$entities = ['Book', 'Page', 'Chapter'];
|
||||
$ops = ['View All', 'View Own'];
|
||||
foreach ($entities as $entity) {
|
||||
foreach ($ops as $op) {
|
||||
$newPermission = new \BookStack\Permission();
|
||||
$newPermission->name = strtolower($entity) . '-' . strtolower(str_replace(' ', '-', $op));
|
||||
$newPermission->display_name = $op . ' ' . $entity . 's';
|
||||
$newPermission->save();
|
||||
// Assign view permissions to all current roles
|
||||
$permId = DB::table('permissions')->insertGetId([
|
||||
'name' => strtolower($entity) . '-' . strtolower(str_replace(' ', '-', $op)),
|
||||
'display_name' => $op . ' ' . $entity . 's',
|
||||
'created_at' => \Carbon\Carbon::now()->toDateTimeString(),
|
||||
'updated_at' => \Carbon\Carbon::now()->toDateTimeString()
|
||||
]);
|
||||
// Assign view permission to all current roles
|
||||
foreach ($currentRoles as $role) {
|
||||
$role->attachPermission($newPermission);
|
||||
DB::table('permission_role')->insert([
|
||||
'role_id' => $role->id,
|
||||
'permission_id' => $permId
|
||||
]);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -38,17 +43,15 @@ class AddViewPermissionsToRoles extends Migration
|
||||
*/
|
||||
public function down()
|
||||
{
|
||||
// Delete the new view permissions
|
||||
// Delete the new view permission
|
||||
$entities = ['Book', 'Page', 'Chapter'];
|
||||
$ops = ['View All', 'View Own'];
|
||||
foreach ($entities as $entity) {
|
||||
foreach ($ops as $op) {
|
||||
$permissionName = strtolower($entity) . '-' . strtolower(str_replace(' ', '-', $op));
|
||||
$newPermission = \BookStack\Permission::where('name', '=', $permissionName)->first();
|
||||
foreach ($newPermission->roles as $role) {
|
||||
$role->detachPermission($newPermission);
|
||||
}
|
||||
$newPermission->delete();
|
||||
$permission = DB::table('permissions')->where('name', '=', $permissionName)->first();
|
||||
DB::table('permission_role')->where('permission_id', '=', $permission->id)->delete();
|
||||
DB::table('permissions')->where('name', '=', $permissionName)->delete();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
use Illuminate\Database\Schema\Blueprint;
|
||||
use Illuminate\Database\Migrations\Migration;
|
||||
|
||||
class CreateEntityPermissionsTable extends Migration
|
||||
class CreateJointPermissionsTable extends Migration
|
||||
{
|
||||
/**
|
||||
* Run the migrations.
|
||||
@ -12,7 +12,7 @@ class CreateEntityPermissionsTable extends Migration
|
||||
*/
|
||||
public function up()
|
||||
{
|
||||
Schema::create('entity_permissions', function (Blueprint $table) {
|
||||
Schema::create('joint_permissions', function (Blueprint $table) {
|
||||
$table->increments('id');
|
||||
$table->integer('role_id');
|
||||
$table->string('entity_type');
|
||||
@ -37,18 +37,25 @@ class CreateEntityPermissionsTable extends Migration
|
||||
$table->index('system_name');
|
||||
});
|
||||
|
||||
Schema::rename('permissions', 'role_permissions');
|
||||
Schema::rename('restrictions', 'entity_permissions');
|
||||
|
||||
// Create the new public role
|
||||
$publicRole = new \BookStack\Role();
|
||||
$publicRole->name = 'public';
|
||||
$publicRole->display_name = 'Public';
|
||||
$publicRole->description = 'The role given to public visitors if allowed';
|
||||
$publicRole->system_name = 'public';
|
||||
$publicRole->hidden = true;
|
||||
$publicRoleData = [
|
||||
'name' => 'public',
|
||||
'display_name' => 'Public',
|
||||
'description' => 'The role given to public visitors if allowed',
|
||||
'system_name' => 'public',
|
||||
'hidden' => true,
|
||||
'created_at' => \Carbon\Carbon::now()->toDateTimeString(),
|
||||
'updated_at' => \Carbon\Carbon::now()->toDateTimeString()
|
||||
];
|
||||
|
||||
// Ensure unique name
|
||||
while (\BookStack\Role::getRole($publicRole->name) !== null) {
|
||||
$publicRole->name = $publicRole->name . str_random(2);
|
||||
while (DB::table('roles')->where('name', '=', $publicRoleData['display_name'])->count() > 0) {
|
||||
$publicRoleData['display_name'] = $publicRoleData['display_name'] . str_random(2);
|
||||
}
|
||||
$publicRole->save();
|
||||
$publicRoleId = DB::table('roles')->insertGetId($publicRoleData);
|
||||
|
||||
// Add new view permissions to public role
|
||||
$entities = ['Book', 'Page', 'Chapter'];
|
||||
@ -56,20 +63,21 @@ class CreateEntityPermissionsTable extends Migration
|
||||
foreach ($entities as $entity) {
|
||||
foreach ($ops as $op) {
|
||||
$name = strtolower($entity) . '-' . strtolower(str_replace(' ', '-', $op));
|
||||
$permission = \BookStack\Permission::getByName($name);
|
||||
// Assign view permissions to public
|
||||
$publicRole->attachPermission($permission);
|
||||
$permission = DB::table('role_permissions')->where('name', '=', $name)->first();
|
||||
// Assign view permission to public
|
||||
DB::table('permission_role')->insert([
|
||||
'permission_id' => $permission->id,
|
||||
'role_id' => $publicRoleId
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
||||
// Update admin role with system name
|
||||
$admin = \BookStack\Role::getRole('admin');
|
||||
$admin->system_name = 'admin';
|
||||
$admin->save();
|
||||
DB::table('roles')->where('name', '=', 'admin')->update(['system_name' => 'admin']);
|
||||
|
||||
// Generate the new entity permissions
|
||||
$restrictionService = app(\BookStack\Services\RestrictionService::class);
|
||||
$restrictionService->buildEntityPermissions();
|
||||
// Generate the new entity jointPermissions
|
||||
$restrictionService = app(\BookStack\Services\PermissionService::class);
|
||||
$restrictionService->buildJointPermissions();
|
||||
}
|
||||
|
||||
/**
|
||||
@ -79,11 +87,13 @@ class CreateEntityPermissionsTable extends Migration
|
||||
*/
|
||||
public function down()
|
||||
{
|
||||
Schema::drop('entity_permissions');
|
||||
Schema::drop('joint_permissions');
|
||||
|
||||
Schema::rename('role_permissions', 'permissions');
|
||||
Schema::rename('entity_permissions', 'restrictions');
|
||||
|
||||
// Delete the public role
|
||||
$public = \BookStack\Role::getSystemRole('public');
|
||||
$public->delete();
|
||||
DB::table('roles')->where('system_name', '=', 'public')->delete();
|
||||
|
||||
Schema::table('roles', function (Blueprint $table) {
|
||||
$table->dropColumn('system_name');
|
||||
Reference in New Issue
Block a user