mirror of
https://github.com/flarum/core.git
synced 2025-10-18 18:26:07 +02:00
Overhaul permissions
Get rid of Permissible - too complex and inefficient. Replace with: - a “Locked” trait which works similarly but only evaluates logic on hydrated models. - a “VisibleScope” trait which also works similarly but only scopes queries This is all we need, Permissible is overkill. There is only one instance where we have to duplicate some logic (Discussion::scopeVisiblePosts and Post::allow(‘view’, …)) but it’s barely anything. Haven’t decoupled for now, we can definitely look at doing that later. Permissions table seeder slightly updated. Also did a bit of a query audit, there’s still a lot to be done but it’s much better than it was. Some relatively low-hanging fruit detailed in EloquentPostRepository.
This commit is contained in:
Toby Zerner
@@ -93,7 +93,7 @@ class ShowAction extends SerializeResourceAction
|
||||
|
||||
$discussion = $this->discussions->findOrFail($request->get('id'), $user);
|
||||
|
||||
$discussion->posts_ids = $discussion->posts()->whereCan($user, 'view')->get(['id'])->fetch('id')->all();
|
||||
$discussion->posts_ids = $discussion->visiblePosts($user)->lists('id');
|
||||
|
||||
if (in_array('posts', $request->include)) {
|
||||
$length = strlen($prefix = 'posts.');
|
||||
|
||||
@@ -55,16 +55,7 @@ abstract class BaseSerializer extends SerializerAbstract
|
||||
$data = $relation($model, $include);
|
||||
} else {
|
||||
if ($include) {
|
||||
if (! is_null($model->$relation)) {
|
||||
$data = $model->$relation;
|
||||
} else {
|
||||
$relation = $model->$relation();
|
||||
if ($relation instanceof Relation) {
|
||||
$data = $relation->getResults();
|
||||
} else {
|
||||
$data = $relation->get();
|
||||
}
|
||||
}
|
||||
$data = $model->getRelation($relation);
|
||||
} elseif ($many) {
|
||||
$relationIds = $relation.'_ids';
|
||||
$data = $model->$relationIds ?: $model->$relation()->get(['id'])->fetch('id')->all();
|
||||
|
||||
Reference in New Issue
Block a user