julienmonnerie/kirby/src/Cms/ModelPermissions.php

<?php

namespace Kirby\Cms;

use Kirby\Toolkit\A;

/**
 * ModelPermissions
 *
 * @package   Kirby Cms
 * @author    Bastian Allgeier <bastian@getkirby.com>
 * @link      https://getkirby.com
 * @copyright Bastian Allgeier
 * @license   https://getkirby.com/license
 */
abstract class ModelPermissions
{
	protected string $category;
	protected ModelWithContent $model;
	protected array $options;
	protected Permissions $permissions;
	protected User $user;

	public function __construct(ModelWithContent $model)
	{
		$this->model       = $model;
		$this->options     = $model->blueprint()->options();
		$this->user        = $model->kirby()->user() ?? User::nobody();
		$this->permissions = $this->user->role()->permissions();
	}

	public function __call(string $method, array $arguments = []): bool
	{
		return $this->can($method);
	}

	/**
	 * Improved `var_dump` output
	 * @codeCoverageIgnore
	 */
	public function __debugInfo(): array
	{
		return $this->toArray();
	}

	/**
	 * Returns whether the current user is allowed to do
	 * a certain action on the model
	 *
	 * @param bool $default Will be returned if $action does not exist
	 */
	public function can(
		string $action,
		bool $default = false
	): bool {
		$user = $this->user->id();
		$role = $this->user->role()->id();

		// users with the `nobody` role can do nothing
		// that needs a permission check
		if ($role === 'nobody') {
			return false;
		}

		// check for a custom `can` method
		// which would take priority over any other
		// role-based permission rules
		if (
			method_exists($this, 'can' . $action) === true &&
			$this->{'can' . $action}() === false
		) {
			return false;
		}

		// the almighty `kirby` user can do anything
		if ($user === 'kirby' && $role === 'admin') {
			return true;
		}

		// evaluate the blueprint options block
		if (isset($this->options[$action]) === true) {
			$options = $this->options[$action];

			if ($options === false) {
				return false;
			}

			if ($options === true) {
				return true;
			}

			if (
				is_array($options) === true &&
				A::isAssociative($options) === true
			) {
				if (isset($options[$role]) === true) {
					return $options[$role];
				}

				if (isset($options['*']) === true) {
					return $options['*'];
				}
			}
		}

		return $this->permissions->for($this->category, $action, $default);
	}

	/**
	 * Returns whether the current user is not allowed to do
	 * a certain action on the model
	 *
	 * @param bool $default Will be returned if $action does not exist
	 */
	public function cannot(
		string $action,
		bool $default = true
	): bool {
		return $this->can($action, !$default) === false;
	}

	public function toArray(): array
	{
		$array = [];

		foreach ($this->options as $key => $value) {
			$array[$key] = $this->can($key);
		}

		return $array;
	}
}
Initial commit 2022-06-17 17:51:59 +02:00			`<?php`

			`namespace Kirby\Cms;`

			`use Kirby\Toolkit\A;`

			`/**`
			`* ModelPermissions`
			`*`
			`* @package Kirby Cms`
			`* @author Bastian Allgeier <bastian@getkirby.com>`
			`* @link https://getkirby.com`
			`* @copyright Bastian Allgeier`
			`* @license https://getkirby.com/license`
			`*/`
			`abstract class ModelPermissions`
			`{`
Update to Kirby 4.7.0 2025-04-21 18:57:21 +02:00			`protected string $category;`
			`protected ModelWithContent $model;`
			`protected array $options;`
			`protected Permissions $permissions;`
			`protected User $user;`
Update Kirby and dependencies 2022-08-31 15:02:43 +02:00
Update to Kirby 4.7.0 2025-04-21 18:57:21 +02:00			`public function __construct(ModelWithContent $model)`
Update Kirby and dependencies 2022-08-31 15:02:43 +02:00			`{`
			`$this->model = $model;`
			`$this->options = $model->blueprint()->options();`
			`$this->user = $model->kirby()->user() ?? User::nobody();`
			`$this->permissions = $this->user->role()->permissions();`
			`}`

Update to Kirby 4.7.0 2025-04-21 18:57:21 +02:00			`public function __call(string $method, array $arguments = []): bool`
			`{`
			`return $this->can($method);`
			`}`

Update Kirby and dependencies 2022-08-31 15:02:43 +02:00			`/**`
			* Improved `var_dump` output
Update to Kirby 4.7.0 2025-04-21 18:57:21 +02:00			`* @codeCoverageIgnore`
Update Kirby and dependencies 2022-08-31 15:02:43 +02:00			`*/`
			`public function __debugInfo(): array`
			`{`
			`return $this->toArray();`
			`}`

			`/**`
Update to Kirby 4.7.0 2025-04-21 18:57:21 +02:00			`* Returns whether the current user is allowed to do`
			`* a certain action on the model`
			`*`
			`* @param bool $default Will be returned if $action does not exist`
Update Kirby and dependencies 2022-08-31 15:02:43 +02:00			`*/`
Update to Kirby 4.7.0 2025-04-21 18:57:21 +02:00			`public function can(`
			`string $action,`
			`bool $default = false`
			`): bool {`
			`$user = $this->user->id();`
Update Kirby and dependencies 2022-08-31 15:02:43 +02:00			`$role = $this->user->role()->id();`

Update to Kirby 4.7.0 2025-04-21 18:57:21 +02:00			// users with the `nobody` role can do nothing
			`// that needs a permission check`
Update Kirby and dependencies 2022-08-31 15:02:43 +02:00			`if ($role === 'nobody') {`
			`return false;`
			`}`

Update to Kirby 4.7.0 2025-04-21 18:57:21 +02:00			// check for a custom `can` method
			`// which would take priority over any other`
			`// role-based permission rules`
Update Composer packages 2022-12-19 14:56:05 +01:00			`if (`
			`method_exists($this, 'can' . $action) === true &&`
			`$this->{'can' . $action}() === false`
			`) {`
Update Kirby and dependencies 2022-08-31 15:02:43 +02:00			`return false;`
			`}`

Update to Kirby 4.7.0 2025-04-21 18:57:21 +02:00			// the almighty `kirby` user can do anything
			`if ($user === 'kirby' && $role === 'admin') {`
			`return true;`
			`}`

Update Kirby and dependencies 2022-08-31 15:02:43 +02:00			`// evaluate the blueprint options block`
			`if (isset($this->options[$action]) === true) {`
			`$options = $this->options[$action];`

			`if ($options === false) {`
			`return false;`
			`}`

			`if ($options === true) {`
			`return true;`
			`}`

Update Composer packages 2022-12-19 14:56:05 +01:00			`if (`
			`is_array($options) === true &&`
			`A::isAssociative($options) === true`
			`) {`
Update to Kirby 4.7.0 2025-04-21 18:57:21 +02:00			`if (isset($options[$role]) === true) {`
			`return $options[$role];`
			`}`

			`if (isset($options['*']) === true) {`
			`return $options['*'];`
			`}`
Update Kirby and dependencies 2022-08-31 15:02:43 +02:00			`}`
			`}`

Update to Kirby 4.7.0 2025-04-21 18:57:21 +02:00			`return $this->permissions->for($this->category, $action, $default);`
Update Kirby and dependencies 2022-08-31 15:02:43 +02:00			`}`

			`/**`
Update to Kirby 4.7.0 2025-04-21 18:57:21 +02:00			`* Returns whether the current user is not allowed to do`
			`* a certain action on the model`
			`*`
			`* @param bool $default Will be returned if $action does not exist`
Update Kirby and dependencies 2022-08-31 15:02:43 +02:00			`*/`
Update to Kirby 4.7.0 2025-04-21 18:57:21 +02:00			`public function cannot(`
			`string $action,`
			`bool $default = true`
			`): bool {`
			`return $this->can($action, !$default) === false;`
Update Kirby and dependencies 2022-08-31 15:02:43 +02:00			`}`

			`public function toArray(): array`
			`{`
			`$array = [];`

			`foreach ($this->options as $key => $value) {`
			`$array[$key] = $this->can($key);`
			`}`

			`return $array;`
			`}`
Initial commit 2022-06-17 17:51:59 +02:00			`}`