159 lines
3.8 KiB
PHP
159 lines
3.8 KiB
PHP
<?php
|
|
|
|
namespace App\Models;
|
|
|
|
use Illuminate\Database\Eloquent\Concerns\HasUuids;
|
|
use Illuminate\Database\Eloquent\Factories\HasFactory;
|
|
use Illuminate\Foundation\Auth\User as Authenticatable;
|
|
use Illuminate\Notifications\Notifiable;
|
|
use Laravel\Sanctum\HasApiTokens;
|
|
|
|
class User extends Authenticatable
|
|
{
|
|
/** @use HasFactory<\Database\Factories\UserFactory> */
|
|
use HasApiTokens, HasFactory, Notifiable, HasUuids;
|
|
|
|
/**
|
|
* The attributes that are mass assignable.
|
|
*
|
|
* @var list<string>
|
|
*/
|
|
protected $fillable = [
|
|
'name',
|
|
'email',
|
|
'avatar',
|
|
'oidc_id',
|
|
];
|
|
|
|
/**
|
|
* The attributes that should be hidden for serialization.
|
|
*
|
|
* @var list<string>
|
|
*/
|
|
protected $hidden = [
|
|
'password',
|
|
'remember_token',
|
|
];
|
|
|
|
/**
|
|
* Get the attributes that should be cast.
|
|
*
|
|
* @return array<string, string>
|
|
*/
|
|
protected function casts(): array
|
|
{
|
|
return [
|
|
'email_verified_at' => 'datetime',
|
|
'password' => 'hashed',
|
|
];
|
|
}
|
|
|
|
public function roles()
|
|
{
|
|
return $this->belongsToMany(Role::class)->withTimestamps();
|
|
}
|
|
|
|
public function permissions()
|
|
{
|
|
return $this->belongsToMany(Permission::class)->withPivot('granted')->withTimestamps();
|
|
}
|
|
|
|
public function hasRole($role)
|
|
{
|
|
if (is_string($role)) {
|
|
return $this->roles->contains('name', $role);
|
|
}
|
|
|
|
return $this->roles->contains($role);
|
|
}
|
|
|
|
public function hasAnyRole($roles)
|
|
{
|
|
if (is_array($roles)) {
|
|
return $this->roles->whereIn('name', $roles)->isNotEmpty();
|
|
}
|
|
|
|
return $this->hasRole($roles);
|
|
}
|
|
|
|
public function hasPermission($permission)
|
|
{
|
|
// Check direct permissions
|
|
if ($this->hasDirectPermission($permission)) {
|
|
return true;
|
|
}
|
|
|
|
// Check role-based permissions
|
|
return $this->hasRolePermission($permission);
|
|
}
|
|
|
|
private function hasDirectPermission($permission)
|
|
{
|
|
// Check exact match with granted
|
|
if ($this->permissions->where('pivot.granted', true)->contains('name', $permission)) {
|
|
return true;
|
|
}
|
|
|
|
// Check wildcard permissions with granted
|
|
$wildcardPermissions = $this->permissions->where('is_wildcard', true)->where('pivot.granted', true);
|
|
|
|
foreach ($wildcardPermissions as $wildcardPermission) {
|
|
if ($wildcardPermission->matches($permission)) {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
private function hasRolePermission($permission)
|
|
{
|
|
foreach ($this->roles as $role) {
|
|
if ($role->hasPermission($permission)) {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
public function assignRole($role)
|
|
{
|
|
if (is_string($role)) {
|
|
$role = Role::where('name', $role)->firstOrFail();
|
|
}
|
|
|
|
$this->roles()->syncWithoutDetaching([$role->id]);
|
|
return $this;
|
|
}
|
|
|
|
public function removeRole($role)
|
|
{
|
|
if (is_string($role)) {
|
|
$role = Role::where('name', $role)->firstOrFail();
|
|
}
|
|
|
|
$this->roles()->detach($role->id);
|
|
return $this;
|
|
}
|
|
|
|
public function givePermission($permission)
|
|
{
|
|
if (is_string($permission)) {
|
|
$permission = Permission::where('name', $permission)->firstOrFail();
|
|
}
|
|
|
|
$this->permissions()->syncWithoutDetaching([$permission->id => ['granted' => true]]);
|
|
return $this;
|
|
}
|
|
|
|
public function revokePermission($permission)
|
|
{
|
|
if (is_string($permission)) {
|
|
$permission = Permission::where('name', $permission)->firstOrFail();
|
|
}
|
|
|
|
$this->permissions()->updateExistingPivot($permission->id, ['granted' => false]);
|
|
return $this;
|
|
}
|
|
}
|