diff --git a/config/apiato.php b/config/apiato.php index 0221fc18..e98f5ba9 100644 --- a/config/apiato.php +++ b/config/apiato.php @@ -61,23 +61,6 @@ ], 'requests' => [ - /* - |-------------------------------------------------------------------------- - | Allow Roles to access all Routes - |-------------------------------------------------------------------------- - | - | Define a list of roles that do not need to go through the "hasAccess" - | check in Requests. These roles automatically pass this check. This is - | useful, if you want to make all routes accessible for admin users. - | - | Usage: ['admin', 'editor'] - | Default: [] - | - */ - 'allow-roles-to-access-all-routes' => [ - env('ADMIN_ROLE', 'admin'), - ], - /* |-------------------------------------------------------------------------- | Force Request Header to Contain header diff --git a/src/Abstract/Requests/Request.php b/src/Abstract/Requests/Request.php index 2ecedf52..9acc6ae0 100644 --- a/src/Abstract/Requests/Request.php +++ b/src/Abstract/Requests/Request.php @@ -10,20 +10,6 @@ abstract class Request extends LaravelRequest { - /** - * Roles and/or Permissions that has access to this request. - * - * @example ['permissions' => 'create-users', 'roles' => 'admin|manager'] - * @example ['permissions' => null, 'roles' => 'admin'] - * @example ['permissions' => ['create-users'], 'roles' => null] - * - * @var array - */ - protected array $access = [ - 'permissions' => null, - 'roles' => null, - ]; - /** * Id's that needs decoding before applying the validation rules. * @@ -70,16 +56,6 @@ public function withUrlParameters(array $properties): static return $this; } - /** - * Get the access array. - * - * @return array - */ - public function getAccessArray(): array - { - return $this->access; - } - /** * Get the decode array. * @@ -90,61 +66,6 @@ public function getDecodeArray(): array return $this->decode; } - /** - * check if a user has permission to perform an action. - * User can set multiple permissions (separated with "|") and if the user has - * any of the permissions, he will be authorized to proceed with this action. - */ - public function hasAccess(User|null $user = null): bool - { - // if not in parameters, take from the request object {$this} - $user = $user ?: $this->user(); - - if ($user) { - $autoAccessRoles = config('apiato.requests.allow-roles-to-access-all-routes'); - // there are some roles defined that will automatically grant access - if (!empty($autoAccessRoles)) { - $hasAutoAccessByRole = $user->hasAnyRole($autoAccessRoles); - if ($hasAutoAccessByRole) { - return true; - } - } - } - - // check if the user has any role / permission to access the route - $hasAccess = array_merge( - $this->hasAnyPermissionAccess($user), - $this->hasAnyRoleAccess($user), - ); - - // allow access if user has access to any of the defined roles or permissions. - return [] === $hasAccess || in_array(true, $hasAccess, true); - } - - protected function hasAnyPermissionAccess($user): array - { - if (!array_key_exists('permissions', $this->access) || !$this->access['permissions']) { - return []; - } - - $permissions = is_array($this->access['permissions']) ? $this->access['permissions'] : - explode('|', $this->access['permissions']); - - return array_map(static fn ($permission) => $user->hasPermissionTo($permission), $permissions); - } - - protected function hasAnyRoleAccess($user): array - { - if (!array_key_exists('roles', $this->access) || !$this->access['roles']) { - return []; - } - - $roles = is_array($this->access['roles']) ? $this->access['roles'] : - explode('|', $this->access['roles']); - - return array_map(static fn ($role) => $user->hasRole($role), $roles); - } - public function route($param = null, $default = null) { if (in_array($param, $this->decode, true) && config('apiato.hash-id')) { diff --git a/src/Generator/Stubs/requests/create.stub b/src/Generator/Stubs/requests/create.stub index f31334a7..7ca723d0 100644 --- a/src/Generator/Stubs/requests/create.stub +++ b/src/Generator/Stubs/requests/create.stub @@ -6,11 +6,6 @@ use App\Ship\Parents\Requests\Request as ParentRequest; class {{class-name}} extends ParentRequest { - protected array $access = [ - 'permissions' => null, - 'roles' => null, - ]; - protected array $decode = [ // 'id', ]; @@ -21,9 +16,4 @@ class {{class-name}} extends ParentRequest // 'id' => 'required', ]; } - - public function authorize(): bool - { - return $this->hasAccess(); - } } diff --git a/src/Generator/Stubs/requests/delete.stub b/src/Generator/Stubs/requests/delete.stub index d3214fa6..022ae4d2 100644 --- a/src/Generator/Stubs/requests/delete.stub +++ b/src/Generator/Stubs/requests/delete.stub @@ -6,11 +6,6 @@ use App\Ship\Parents\Requests\Request as ParentRequest; class {{class-name}} extends ParentRequest { - protected array $access = [ - 'permissions' => null, - 'roles' => null, - ]; - protected array $decode = [ 'id', ]; @@ -21,9 +16,4 @@ class {{class-name}} extends ParentRequest // 'id' => 'required', ]; } - - public function authorize(): bool - { - return $this->hasAccess(); - } } diff --git a/src/Generator/Stubs/requests/edit.stub b/src/Generator/Stubs/requests/edit.stub index d3214fa6..022ae4d2 100644 --- a/src/Generator/Stubs/requests/edit.stub +++ b/src/Generator/Stubs/requests/edit.stub @@ -6,11 +6,6 @@ use App\Ship\Parents\Requests\Request as ParentRequest; class {{class-name}} extends ParentRequest { - protected array $access = [ - 'permissions' => null, - 'roles' => null, - ]; - protected array $decode = [ 'id', ]; @@ -21,9 +16,4 @@ class {{class-name}} extends ParentRequest // 'id' => 'required', ]; } - - public function authorize(): bool - { - return $this->hasAccess(); - } } diff --git a/src/Generator/Stubs/requests/find.stub b/src/Generator/Stubs/requests/find.stub index d3214fa6..022ae4d2 100644 --- a/src/Generator/Stubs/requests/find.stub +++ b/src/Generator/Stubs/requests/find.stub @@ -6,11 +6,6 @@ use App\Ship\Parents\Requests\Request as ParentRequest; class {{class-name}} extends ParentRequest { - protected array $access = [ - 'permissions' => null, - 'roles' => null, - ]; - protected array $decode = [ 'id', ]; @@ -21,9 +16,4 @@ class {{class-name}} extends ParentRequest // 'id' => 'required', ]; } - - public function authorize(): bool - { - return $this->hasAccess(); - } } diff --git a/src/Generator/Stubs/requests/generic.stub b/src/Generator/Stubs/requests/generic.stub index f31334a7..7ca723d0 100644 --- a/src/Generator/Stubs/requests/generic.stub +++ b/src/Generator/Stubs/requests/generic.stub @@ -6,11 +6,6 @@ use App\Ship\Parents\Requests\Request as ParentRequest; class {{class-name}} extends ParentRequest { - protected array $access = [ - 'permissions' => null, - 'roles' => null, - ]; - protected array $decode = [ // 'id', ]; @@ -21,9 +16,4 @@ class {{class-name}} extends ParentRequest // 'id' => 'required', ]; } - - public function authorize(): bool - { - return $this->hasAccess(); - } } diff --git a/src/Generator/Stubs/requests/list.stub b/src/Generator/Stubs/requests/list.stub index f31334a7..7ca723d0 100644 --- a/src/Generator/Stubs/requests/list.stub +++ b/src/Generator/Stubs/requests/list.stub @@ -6,11 +6,6 @@ use App\Ship\Parents\Requests\Request as ParentRequest; class {{class-name}} extends ParentRequest { - protected array $access = [ - 'permissions' => null, - 'roles' => null, - ]; - protected array $decode = [ // 'id', ]; @@ -21,9 +16,4 @@ class {{class-name}} extends ParentRequest // 'id' => 'required', ]; } - - public function authorize(): bool - { - return $this->hasAccess(); - } } diff --git a/src/Generator/Stubs/requests/store.stub b/src/Generator/Stubs/requests/store.stub index f31334a7..7ca723d0 100644 --- a/src/Generator/Stubs/requests/store.stub +++ b/src/Generator/Stubs/requests/store.stub @@ -6,11 +6,6 @@ use App\Ship\Parents\Requests\Request as ParentRequest; class {{class-name}} extends ParentRequest { - protected array $access = [ - 'permissions' => null, - 'roles' => null, - ]; - protected array $decode = [ // 'id', ]; @@ -21,9 +16,4 @@ class {{class-name}} extends ParentRequest // 'id' => 'required', ]; } - - public function authorize(): bool - { - return $this->hasAccess(); - } } diff --git a/src/Generator/Stubs/requests/update.stub b/src/Generator/Stubs/requests/update.stub index d3214fa6..022ae4d2 100644 --- a/src/Generator/Stubs/requests/update.stub +++ b/src/Generator/Stubs/requests/update.stub @@ -6,11 +6,6 @@ use App\Ship\Parents\Requests\Request as ParentRequest; class {{class-name}} extends ParentRequest { - protected array $access = [ - 'permissions' => null, - 'roles' => null, - ]; - protected array $decode = [ 'id', ]; @@ -21,9 +16,4 @@ class {{class-name}} extends ParentRequest // 'id' => 'required', ]; } - - public function authorize(): bool - { - return $this->hasAccess(); - } } diff --git a/workbench/app/Containers/MySection/Book/UI/API/Requests/CreateBookRequest.php b/workbench/app/Containers/MySection/Book/UI/API/Requests/CreateBookRequest.php index aafc37fb..33cb358e 100644 --- a/workbench/app/Containers/MySection/Book/UI/API/Requests/CreateBookRequest.php +++ b/workbench/app/Containers/MySection/Book/UI/API/Requests/CreateBookRequest.php @@ -6,11 +6,6 @@ class CreateBookRequest extends ParentRequest { - protected array $access = [ - 'permissions' => null, - 'roles' => null, - ]; - protected array $decode = [ // 'id', ]; @@ -21,9 +16,4 @@ public function rules(): array // 'id' => 'required', ]; } - - public function authorize(): bool - { - return $this->hasAccess(); - } } diff --git a/workbench/app/Containers/MySection/Book/UI/API/Requests/UpdateBookRequest.php b/workbench/app/Containers/MySection/Book/UI/API/Requests/UpdateBookRequest.php index a4d15e7f..2a1c1f57 100644 --- a/workbench/app/Containers/MySection/Book/UI/API/Requests/UpdateBookRequest.php +++ b/workbench/app/Containers/MySection/Book/UI/API/Requests/UpdateBookRequest.php @@ -7,11 +7,6 @@ class UpdateBookRequest extends ParentRequest { - protected array $access = [ - 'permissions' => null, - 'roles' => null, - ]; - protected array $decode = [ 'id', 'author_id', @@ -36,9 +31,4 @@ public function rules(): array 'nested.ids.*' => Rule::when($hashIdEnabled, 'integer', 'string'), ]; } - - public function authorize(): bool - { - return $this->hasAccess(); - } } diff --git a/workbench/app/Containers/MySection/Book/UI/WEB/Requests/CreateBookRequest.php b/workbench/app/Containers/MySection/Book/UI/WEB/Requests/CreateBookRequest.php index d91e126e..207a52e5 100644 --- a/workbench/app/Containers/MySection/Book/UI/WEB/Requests/CreateBookRequest.php +++ b/workbench/app/Containers/MySection/Book/UI/WEB/Requests/CreateBookRequest.php @@ -6,11 +6,6 @@ class CreateBookRequest extends ParentRequest { - protected array $access = [ - 'permissions' => null, - 'roles' => null, - ]; - protected array $decode = [ // 'id', ]; @@ -21,9 +16,4 @@ public function rules(): array // 'id' => 'required', ]; } - - public function authorize(): bool - { - return $this->hasAccess(); - } }