mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-10-27 05:31:29 +01:00
Code Issues Releases Wiki Activity

Deprecate AssertPermissionTrait (#2044)

Browse Source
This commit is contained in:
Alexander Skvortsov
2020-07-17 09:16:15 -04:00
committed by GitHub
parent 2b3dec2be1
commit eaac78650f
36 changed files with 103 additions and 135 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/User/AssertPermissionTrait.php
View File

@@ -12,6 +12,9 @@ namespace Flarum\User;
use Flarum\User\Exception\NotAuthenticatedException;
use Flarum\User\Exception\PermissionDeniedException;
/**
* @deprecated beta 14, remove beta 15. Please use direct methods of the User class instead. E.g. $actor->assertCan($ability);
*/
trait AssertPermissionTrait
{
/**
@@ -44,9 +47,7 @@ trait AssertPermissionTrait
*/
protected function assertRegistered(User $actor)
{
if ($actor->isGuest()) {
throw new NotAuthenticatedException;
}
$actor->assertRegistered();
}
/**
@@ -57,9 +58,7 @@ trait AssertPermissionTrait
*/
protected function assertCan(User $actor, $ability, $arguments = [])
{
$this->assertPermission(
$actor->can($ability, $arguments)
);
$actor->assertCan($ability, $arguments);
}
/**
@@ -68,6 +67,6 @@ trait AssertPermissionTrait
*/
protected function assertAdmin(User $actor)
{
$this->assertCan($actor, 'administrate');
$actor->assertCan('administrate');
}
}

4
src/User/Command/DeleteAvatarHandler.php
View File

@@ -10,7 +10,6 @@
namespace Flarum\User\Command;
use Flarum\Foundation\DispatchEventsTrait;
use Flarum\User\AssertPermissionTrait;
use Flarum\User\AvatarUploader;
use Flarum\User\Event\AvatarDeleting;
use Flarum\User\UserRepository;
@@ -19,7 +18,6 @@ use Illuminate\Contracts\Events\Dispatcher;
class DeleteAvatarHandler
{
use DispatchEventsTrait;
use AssertPermissionTrait;
/**
* @var UserRepository
@@ -55,7 +53,7 @@ class DeleteAvatarHandler
$user = $this->users->findOrFail($command->userId);
if ($actor->id !== $user->id) {
$this->assertCan($actor, 'edit', $user);
$actor->assertCan('edit', $user);
}
$this->uploader->remove($user);

4
src/User/Command/DeleteUserHandler.php
View File

@@ -10,7 +10,6 @@
namespace Flarum\User\Command;
use Flarum\Foundation\DispatchEventsTrait;
use Flarum\User\AssertPermissionTrait;
use Flarum\User\Event\Deleting;
use Flarum\User\Exception\PermissionDeniedException;
use Flarum\User\UserRepository;
@@ -19,7 +18,6 @@ use Illuminate\Contracts\Events\Dispatcher;
class DeleteUserHandler
{
use DispatchEventsTrait;
use AssertPermissionTrait;
/**
* @var UserRepository
@@ -46,7 +44,7 @@ class DeleteUserHandler
$actor = $command->actor;
$user = $this->users->findOrFail($command->userId, $actor);
$this->assertCan($actor, 'delete', $user);
$actor->assertCan('delete', $user);
$this->events->dispatch(
new Deleting($user, $actor, $command->data)

14
src/User/Command/EditUserHandler.php
View File

@@ -10,7 +10,6 @@
namespace Flarum\User\Command;
use Flarum\Foundation\DispatchEventsTrait;
use Flarum\User\AssertPermissionTrait;
use Flarum\User\Event\GroupsChanged;
use Flarum\User\Event\Saving;
use Flarum\User\User;
@@ -23,7 +22,6 @@ use Illuminate\Validation\ValidationException;
class EditUserHandler
{
use DispatchEventsTrait;
use AssertPermissionTrait;
/**
* @var \Flarum\User\UserRepository
@@ -68,7 +66,7 @@ class EditUserHandler
$validate = [];
if (isset($attributes['username'])) {
$this->assertPermission($canEdit);
$actor->assertPermission($canEdit);
$user->rename($attributes['username']);
}
@@ -80,7 +78,7 @@ class EditUserHandler
$validate['email'] = $attributes['email'];
}
} else {
$this->assertPermission($canEdit);
$actor->assertPermission($canEdit);
$user->changeEmail($attributes['email']);
}
}
@@ -90,19 +88,19 @@ class EditUserHandler
}
if (isset($attributes['password'])) {
$this->assertPermission($canEdit);
$actor->assertPermission($canEdit);
$user->changePassword($attributes['password']);
$validate['password'] = $attributes['password'];
}
if (! empty($attributes['markedAllAsReadAt'])) {
$this->assertPermission($isSelf);
$actor->assertPermission($isSelf);
$user->markAllAsRead();
}
if (! empty($attributes['preferences'])) {
$this->assertPermission($isSelf);
$actor->assertPermission($isSelf);
foreach ($attributes['preferences'] as $k => $v) {
$user->setPreference($k, $v);
@@ -110,7 +108,7 @@ class EditUserHandler
}
if (isset($relationships['groups']['data']) && is_array($relationships['groups']['data'])) {
$this->assertPermission($canEdit);
$actor->assertPermission($canEdit);
$newGroupIds = [];
foreach ($relationships['groups']['data'] as $group) {

4
src/User/Command/RegisterUserHandler.php
View File

@@ -11,7 +11,6 @@ namespace Flarum\User\Command;
use Flarum\Foundation\DispatchEventsTrait;
use Flarum\Settings\SettingsRepositoryInterface;
use Flarum\User\AssertPermissionTrait;
use Flarum\User\AvatarUploader;
use Flarum\User\Event\RegisteringFromProvider;
use Flarum\User\Event\Saving;
@@ -28,7 +27,6 @@ use Intervention\Image\ImageManager;
class RegisterUserHandler
{
use DispatchEventsTrait;
use AssertPermissionTrait;
/**
* @var SettingsRepositoryInterface
@@ -72,7 +70,7 @@ class RegisterUserHandler
$data = $command->data;
if (! $this->settings->get('allow_sign_up')) {
$this->assertAdmin($actor);
$actor->assertAdmin();
}
$password = Arr::get($data, 'attributes.password');

4
src/User/Command/UploadAvatarHandler.php
View File

@@ -10,7 +10,6 @@
namespace Flarum\User\Command;
use Flarum\Foundation\DispatchEventsTrait;
use Flarum\User\AssertPermissionTrait;
use Flarum\User\AvatarUploader;
use Flarum\User\AvatarValidator;
use Flarum\User\Event\AvatarSaving;
@@ -21,7 +20,6 @@ use Intervention\Image\ImageManager;
class UploadAvatarHandler
{
use DispatchEventsTrait;
use AssertPermissionTrait;
/**
* @var \Flarum\User\UserRepository
@@ -65,7 +63,7 @@ class UploadAvatarHandler
$user = $this->users->findOrFail($command->userId);
if ($actor->id !== $user->id) {
$this->assertCan($actor, 'edit', $user);
$actor->assertCan('edit', $user);
}
$this->validator->assertValid(['avatar' => $command->file]);

56
src/User/User.php
View File

@@ -34,6 +34,8 @@ use Flarum\User\Event\GetDisplayName;
use Flarum\User\Event\PasswordChanged;
use Flarum\User\Event\Registered;
use Flarum\User\Event\Renamed;
use Flarum\User\Exception\NotAuthenticatedException;
use Flarum\User\Exception\PermissionDeniedException;
use Illuminate\Contracts\Hashing\Hasher;
use Illuminate\Contracts\Session\Session;
use Illuminate\Support\Arr;
@@ -583,6 +585,60 @@ class User extends AbstractModel
return false;
}
/**
* Ensure the current user is allowed to do something.
*
* If the condition is not met, an exception will be thrown that signals the
* lack of permissions. This is about *authorization*, i.e. retrying such a
* request / operation without a change in permissions (or using another
* user account) is pointless.
*
* @param bool $condition
* @throws PermissionDeniedException
*/
public function assertPermission($condition)
{
if (! $condition) {
throw new PermissionDeniedException;
}
}
/**
* Ensure the given actor is authenticated.
*
* This will throw an exception for guest users, signaling that
* *authorization* failed. Thus, they could retry the operation after
* logging in (or using other means of authentication).
*
* @throws NotAuthenticatedException
*/
public function assertRegistered()
{
if ($this->isGuest()) {
throw new NotAuthenticatedException;
}
}
/**
* @param string $ability
* @param mixed $arguments
* @throws PermissionDeniedException
*/
public function assertCan($ability, $arguments = [])
{
$this->assertPermission(
$this->can($ability, $arguments)
);
}
/**
* @throws PermissionDeniedException
*/
public function assertAdmin()
{
$this->assertCan($this, 'administrate');
}
/**
* Define the relationship with the user's posts.
*