winter/modules/backend/models/UserRole.php

<?php namespace Backend\Models;

use Backend\Classes\AuthManager;
use October\Rain\Auth\Models\Role as RoleBase;

/**
 * Administrator role
 *
 * @package october\backend
 * @author Alexey Bobkov, Samuel Georges
 */
class UserRole extends RoleBase
{
    const CODE_DEVELOPER = 'developer';
    const CODE_PUBLISHER = 'publisher';

    /**
     * @var string The database table used by the model.
     */
    protected $table = 'backend_user_roles';

    /**
     * @var array Validation rules
     */
    public $rules = [
        'name' => 'required|between:2,128|unique:backend_user_roles',
        'code' => 'unique:backend_user_roles',
    ];

    /**
     * @var array Relations
     */
    public $hasMany = [
        'users' => [User::class, 'key' => 'role_id'],
        'users_count' => [User::class, 'key' => 'role_id', 'count' => true]
    ];

    public function filterFields($fields)
    {
        if ($this->is_system) {
            $fields->code->disabled = true;
            $fields->permissions->disabled = true;
        }
    }

    public function afterFetch()
    {
        if ($this->is_system) {
            $this->permissions = $this->getDefaultPermissions();
        }
    }

    public function beforeSave()
    {
        if ($this->isSystemRole()) {
            $this->is_system = true;
            $this->permissions = [];
        }
    }

    public function isSystemRole()
    {
        if (!$this->code || !strlen(trim($this->code))) {
            return false;
        }

        if ($this->is_system || in_array($this->code, [
            self::CODE_DEVELOPER,
            self::CODE_PUBLISHER
        ])) {
            return true;
        }

        return AuthManager::instance()->hasPermissionsForRole($this->code);
    }

    public function getDefaultPermissions()
    {
        return AuthManager::instance()->listPermissionsForRole($this->code);
    }
}
Create migrate script to split permissions out Permissions have been moved from Groups to a new Role model Refs #2367 2017-07-11 19:17:44 +10:00			`<?php namespace Backend\Models;`

Introduce concept of system roles These are roles defined by a special API code, once a system role code is detected, the role becomes locked and its permissions are sourced from the AuthManager. All permissions are granted to system roles by default, unless otherwise specified. This should make it easier to create client accounts as "Publishers", hiding developer tools like the CMS and Builder plugins by default. 2017-07-13 19:29:50 +10:00			`use Backend\Classes\AuthManager;`
Create migrate script to split permissions out Permissions have been moved from Groups to a new Role model Refs #2367 2017-07-11 19:17:44 +10:00			`use October\Rain\Auth\Models\Role as RoleBase;`

			`/**`
			`* Administrator role`
			`*`
			`* @package october\backend`
			`* @author Alexey Bobkov, Samuel Georges`
			`*/`
			`class UserRole extends RoleBase`
			`{`
Introduce concept of system roles These are roles defined by a special API code, once a system role code is detected, the role becomes locked and its permissions are sourced from the AuthManager. All permissions are granted to system roles by default, unless otherwise specified. This should make it easier to create client accounts as "Publishers", hiding developer tools like the CMS and Builder plugins by default. 2017-07-13 19:29:50 +10:00			`const CODE_DEVELOPER = 'developer';`
			`const CODE_PUBLISHER = 'publisher';`
Create migrate script to split permissions out Permissions have been moved from Groups to a new Role model Refs #2367 2017-07-11 19:17:44 +10:00
			`/**`
			`* @var string The database table used by the model.`
			`*/`
			`protected $table = 'backend_user_roles';`

			`/**`
			`* @var array Validation rules`
			`*/`
			`public $rules = [`
			`'name' => 'required\|between:2,128\|unique:backend_user_roles',`
Introduce concept of system roles These are roles defined by a special API code, once a system role code is detected, the role becomes locked and its permissions are sourced from the AuthManager. All permissions are granted to system roles by default, unless otherwise specified. This should make it easier to create client accounts as "Publishers", hiding developer tools like the CMS and Builder plugins by default. 2017-07-13 19:29:50 +10:00			`'code' => 'unique:backend_user_roles',`
Create migrate script to split permissions out Permissions have been moved from Groups to a new Role model Refs #2367 2017-07-11 19:17:44 +10:00			`];`

			`/**`
			`* @var array Relations`
			`*/`
			`public $hasMany = [`
			`'users' => [User::class, 'key' => 'role_id'],`
			`'users_count' => [User::class, 'key' => 'role_id', 'count' => true]`
			`];`
Introduce concept of system roles These are roles defined by a special API code, once a system role code is detected, the role becomes locked and its permissions are sourced from the AuthManager. All permissions are granted to system roles by default, unless otherwise specified. This should make it easier to create client accounts as "Publishers", hiding developer tools like the CMS and Builder plugins by default. 2017-07-13 19:29:50 +10:00
			`public function filterFields($fields)`
			`{`
			`if ($this->is_system) {`
			`$fields->code->disabled = true;`
			`$fields->permissions->disabled = true;`
			`}`
			`}`

			`public function afterFetch()`
			`{`
			`if ($this->is_system) {`
			`$this->permissions = $this->getDefaultPermissions();`
			`}`
			`}`

			`public function beforeSave()`
			`{`
			`if ($this->isSystemRole()) {`
			`$this->is_system = true;`
			`$this->permissions = [];`
			`}`
			`}`

			`public function isSystemRole()`
			`{`
			`if (!$this->code \|\| !strlen(trim($this->code))) {`
			`return false;`
			`}`

			`if ($this->is_system \|\| in_array($this->code, [`
			`self::CODE_DEVELOPER,`
			`self::CODE_PUBLISHER`
			`])) {`
			`return true;`
			`}`

			`return AuthManager::instance()->hasPermissionsForRole($this->code);`
			`}`

			`public function getDefaultPermissions()`
			`{`
			`return AuthManager::instance()->listPermissionsForRole($this->code);`
			`}`
Create migrate script to split permissions out Permissions have been moved from Groups to a new Role model Refs #2367 2017-07-11 19:17:44 +10:00			`}`