feat-wip: Role based view customization system

limanmys · Sep 5, 2024 · b9eb714 · b9eb714
1 parent d44d47c
commit b9eb714
Show file tree

Hide file tree

Showing 5 changed files with 84 additions and 14 deletions.
diff --git a/app/Classes/Authentication/Authenticator.php b/app/Classes/Authentication/Authenticator.php
@@ -20,21 +20,23 @@ class Authenticator
      */
     public static function createNewToken($token, ?Request $request = null)
     {
-        User::find(auth('api')->user()->id)->update([
+        $id = auth('api')->user()->id;
+
+        User::find($id)->update([
             'last_login_at' => Carbon::now()->toDateTimeString(),
             'last_login_ip' => $request->ip(),
         ]);
 
         AuthLog::create([
-            'user_id' => auth('api')->user()->id,
+            'user_id' => $id,
             'ip_address' => $request->ip(),
             'user_agent' => $request->userAgent(),
         ]);
 
         $return = [
             'expired_at' => (auth('api')->factory()->getTTL() * 60 + time()) * 1000,
             'user' => [
-                ...User::find(auth('api')->user()->id, [
+                ...User::find($id, [
                     'id',
                     'name',
                     'email',
@@ -45,11 +47,43 @@ public static function createNewToken($token, ?Request $request = null)
                 'last_login_at' => Carbon::now()->toDateTimeString(),
                 'last_login_ip' => $request->ip(),
                 'permissions' => [
-                    'server_details' => Permission::can(auth('api')->user()->id, 'liman', 'id', 'server_details'),
-                    'server_services' => Permission::can(auth('api')->user()->id, 'liman', 'id', 'server_services'),
-                    'add_server' => Permission::can(auth('api')->user()->id, 'liman', 'id', 'add_server'),
-                    'update_server' => Permission::can(auth('api')->user()->id, 'liman', 'id', 'update_server'),
-                    'view_logs' => Permission::can(auth('api')->user()->id, 'liman', 'id', 'view_logs'),
+                    'server_details' => Permission::can($id, 'liman', 'id', 'server_details'),
+                    'server_services' => Permission::can($id, 'liman', 'id', 'server_services'),
+                    'add_server' => Permission::can($id, 'liman', 'id', 'add_server'),
+                    'update_server' => Permission::can($id, 'liman', 'id', 'update_server'),
+                    'view_logs' => Permission::can($id, 'liman', 'id', 'view_logs'),
+                    'view' => (function () {
+                        $defaultPermissions = config('liman.default_views');
+
+                        if (auth('api')->user()->isAdmin()) {
+                            return $defaultPermissions;
+                        }
+
+                        // TODO: Check priorities of permission values
+                        // If something is different than default, it should be returned
+                        $permissions = Permission::whereIn(
+                            'morph_id', 
+                            auth('api')->user()->roles->pluck('id')->toArray()
+                        )
+                            ->where('morph_type', 'roles')
+                            ->where('type', 'view')
+                            ->get();
+
+                        $customPermissions = $permissions->map(function ($item) {
+                            return [
+                                $item->key => json_decode($item->value),
+                            ];
+                        })->toArray();
+
+                        $filteredPermissions = array_filter($customPermissions, function ($permission) use ($defaultPermissions) {
+                            return !in_array($permission, $defaultPermissions);
+                        });
+
+                        return [
+                            ...$defaultPermissions,
+                            ...$filteredPermissions,
+                        ];
+                    })(),
                 ],
             ],
         ];

diff --git a/app/Http/Controllers/API/Settings/RoleController.php b/app/Http/Controllers/API/Settings/RoleController.php
@@ -49,6 +49,7 @@ public function show(Request $request)
             'liman' => $role->permissions->where('type', 'liman')->count(),
             'functions' => $role->permissions->where('type', 'function')->count(),
             'variables' => $role->permissions->where('type', 'variable')->count(),
+            'views' => $role->permissions->where('type', 'view')->count(),
         ];
 
         return $role;
@@ -605,12 +606,34 @@ public function deleteVariables(Request $request)
      */
     public function views(Request $request)
     {
+        // View permission roles guide
+        // Options:
+        // - Sidebar: Shows server list / shows extension list that user has access
+        // - Sidebar [string]: servers, extensions
+        // - Sidebar [default_value]: servers
+        // - Dashboard [string[]]: Server count, extension count, user count, version, most used extensions, most used servers
+        // - Dashboard [string[]]: servers, extensions, users, version, most_used_extensions, most_used_servers 
+        // - Dashboard [default_value]: servers, extensions, users, version, most_used_extensions, most_used_servers
+        // If sidebar has extensions, dashboard must have extensions
+        // If sidebar has servers, dashboard must have servers and extensions both
+
+        $defaultViews = config('liman.default_views');
+
         $permissions = Permission::where([
             'morph_id' => $request->role_id,
             'type' => 'view',
         ])->get();
 
-        return response()->json($permissions);
+        $viewSettings = [
+            ...$defaultViews,
+            ...$permissions->map(function ($item) {
+                return [
+                    $item->key => json_decode($item->value),
+                ];
+            })->toArray(),
+        ];
+
+        return response()->json($viewSettings);
     }
 
     /**
@@ -626,12 +649,12 @@ public function setViews(Request $request)
             'type' => 'view',
         ])->delete();
 
-        foreach ($request->views as $view) {
+        foreach ($request->views as $setting => $value) {
             Permission::grant(
                 $request->role_id,
                 'view',
-                'name',
-                $view,
+                $setting,
+                json_encode($value),
                 null,
                 'roles'
             );

diff --git a/app/Models/Permission.php b/app/Models/Permission.php
@@ -76,7 +76,7 @@ public static function grant(
         $key,
         $value,
         $extra = null,
-        $morph_type = 'users'
+        $morph_type = 'roles'
     )
     {
         try {

diff --git a/config/liman.php b/config/liman.php
@@ -2,7 +2,17 @@
 
 return [
     'server_connection_timeout' => 5000, //ms
-    'wizard_max_steps' => 4,
+    'default_views' => [
+        'sidebar' => 'servers',
+        'dashboard' => [
+            'servers',
+            'extensions',
+            'users',
+            'version',
+            'most_used_extensions',
+            'most_used_servers',
+        ],
+    ],
     'search' => [
         'admin' => [
             [

diff --git a/routes/api.php b/routes/api.php
@@ -251,6 +251,9 @@
                 Route::get('/variables', [Settings\RoleController::class, 'variables']);
                 Route::post('/variables', [Settings\RoleController::class, 'setVariables']);
                 Route::delete('/variables', [Settings\RoleController::class, 'deleteVariables']);
+
+                Route::get('/views', [Settings\RoleController::class, 'views']);
+                Route::post('/views', [Settings\RoleController::class, 'setViews']);
             });
         });
-Original file line number
+Diff line change
@@ Expand Up / @@ -76,7 +76,7 @@ public static function grant( @@
             $key,
             $value,
             $extra = null,
-            $morph_type = 'users'
+            $morph_type = 'roles'
         )
         {
             try {
@@ Expand Down @@