Overhaul permissions

Get rid of Permissible - too complex and inefficient. Replace with: - a “Locked” trait which works similarly but only evaluates logic on hydrated models. - a “VisibleScope” trait which also works similarly but only scopes queries This is all we need, Permissible is overkill. There is only one instance where we have to duplicate some logic (Discussion::scopeVisiblePosts and Post::allow(‘view’, …)) but it’s barely anything. Haven’t decoupled for now, we can definitely look at doing that later. Permissions table seeder slightly updated. Also did a bit of a query audit, there’s still a lot to be done but it’s much better than it was. Some relatively low-hanging fruit detailed in EloquentPostRepository.
2025-10-10 22:44:25 +02:00 · 2015-06-16 17:33:56 +09:30
parent 27b9dbe4c4
commit f0df751465
16 changed files with 247 additions and 122 deletions
--- a/src/Core/Models/Model.php
+++ b/src/Core/Models/Model.php
@@ -169,37 +169,22 @@ class Model extends Eloquent
        return $rules;
    }

-    /**
-     * Assert that the user has permission to view this model, throwing an
-     * exception if they don't.
-     *
-     * @param  \Flarum\Core\Models\User  $user
-     * @return void
-     *
-     * @throws  \Illuminate\Database\Eloquent\ModelNotFoundException
-     */
-    public function assertVisibleTo(User $user)
+    public function isRelationLoaded($relation)
    {
-        if (! $this->can($user, 'view')) {
-            throw new ModelNotFoundException;
-        }
+        return array_key_exists($relation, $this->relations);
    }

-    /**
-     * Assert that the user has a certain permission for this model, throwing
-     * an exception if they don't.
-     *
-     * @param  \Flarum\Core\Models\User  $user
-     * @param  string  $permission
-     * @return void
-     *
-     * @throws  \Flarum\Core\Exceptions\PermissionDeniedException
-     */
-    public function assertCan(User $user, $permission)
+    public function getRelation($relation)
    {
-        if (! $this->can($user, $permission)) {
-            throw new PermissionDeniedException;
+        if (isset($this->$relation)) {
+            return $this->$relation;
        }
+
+        if (! $this->isRelationLoaded($relation)) {
+            $this->relations[$relation] = $this->$relation()->getResults();
+        }
+
+        return $this->relations[$relation];
    }

    /**