wip #5804 @1.25

author Vincent Vanwaelscappel <vincent@cubedesigners.com>

Tue, 14 Mar 2023 18:37:36 +0000 (19:37 +0100)

committer Vincent Vanwaelscappel <vincent@cubedesigners.com>

Tue, 14 Mar 2023 18:37:36 +0000 (19:37 +0100)
author Vincent Vanwaelscappel <vincent@cubedesigners.com>
Tue, 14 Mar 2023 18:37:36 +0000 (19:37 +0100)
committer Vincent Vanwaelscappel <vincent@cubedesigners.com>
Tue, 14 Mar 2023 18:37:36 +0000 (19:37 +0100)
diff --git a/src/app/Jobs/ApplyPermissionsToUsers.php b/src/app/Jobs/ApplyPermissionsToUsers.php

index f5979e5784682e3ef6da8326cf5a4da24117c69c..c02207bc5b0dbeac5981d916e6a3ac77ed6d32a6 100644 (file)
--- a/src/app/Jobs/ApplyPermissionsToUsers.php
+++ b/src/app/Jobs/ApplyPermissionsToUsers.php
@@ -4,16 +4,106 @@ namespace Cubedesigners\UserDatabase\Jobs;
  
  use Cubedesigners\UserDatabase\Models\Company;
  use Cubist\Backpack\Jobs\Base;
+use Illuminate\Support\Facades\DB;
  
  class ApplyPermissionsToUsers extends Base
  {
      public function handle()
      {
-        foreach (Company::withoutGlobalScopes()->all() as $company) {
+        $modelType = 'App\\Models\\AuthUser';
+        // Get Roles names
+        $roles = DB::connection('extranet_users')->table('roles')->get();
+        $rolesById = [];
+        $rolesByName = [];
+        foreach ($roles as $role) {
+            $rolesById[$role->id] = $role->name;
+            $rolesByName[$role->name] = $role->id;
+        }
+        $disabledUsers = [];
+
+        $standardRoles = [
+            $rolesByName['extranet:client'],
+            $rolesByName['fluidbook:client'],
+            $rolesByName['fluidbook:client:create'],
+            $rolesByName['fluidbook:reseller'],
+            $rolesByName['fluidbook:reseller:create'],
+            $rolesByName['elearning:user'],
+        ];
+
+        // Get existing models
+        $perms = [];
+        foreach (DB::connection('extranet_users')->table('model_has_roles')->get() as $item) {
+            if (!isset($perms[$item->model_id])) {
+                $perms[$item->model_id] = [];
+            }
+            $perms[$item->model_id][] = $item->role_id;
+        }
+
+
+        $addPermissions = [];
+        $deletePermissions = [];
+
+        $users = [];
+        foreach (Company::withoutGlobalScopes()->get() as $company) {
+            $disabledUsers = array_merge($disabledUsers, array_keys($company->getDisabledUsers()));
+            /** @var $company Company */
              if ($company->id == 7) {
+                $cubeUsers = array_keys($company->getEnabledUsers());
                  continue;
              }
-            dd($company);
+
+            foreach ($company->getEnabledUsers() as $id => $user) {
+                $p = [$rolesByName['extranet:client']];
+                if ($company->permission_elearning) {
+                    $p[] = $rolesByName['elearning:user'];
+                }
+                switch ($company->e1_ws_grade) {
+                    case 1:
+                        $p[] = $rolesByName['fluidbook:client'];
+                        break;
+                    case 2:
+                        $p[] = $rolesByName['fluidbook:client:create'];
+                        break;
+                    case 3:
+                        $p[] = $rolesByName['fluidbook:reseller'];
+                        break;
+                    case 4:
+                        $p[] = $rolesByName['fluidbook:reseller:create'];
+                        break;
+                }
+
+                if (!isset($perms[$id])) {
+                    $addPermissions[$id] = $p;
+                } else {
+                    $a = array_diff($p, $perms[$id]);
+                    $d = array_diff($perms[$id], $p);
+                    if (count($a)) {
+                        $addPermissions[$id] = $a;
+                    }
+                    if (count($d)) {
+                        $deletePermissions[$id] = $d;
+                    }
+                }
+            }
+        }
+
+        // Delete all roles of disabled users
+        DB::connection('extranet_users')->table('model_has_roles')->whereIn('model_id', $disabledUsers)->delete();
+        // Delete all roles not intented to be given to clients users
+        DB::connection('extranet_users')->table('model_has_roles')->whereNotIn('role_id', $standardRoles)->whereNotIn('model_id', $cubeUsers)->delete();
+        // Delete roles not associated to the right model
+        DB::connection('extranet_users')->table('model_has_roles')->where('model_type', '!=', $modelType)->delete();
+        // Delete roles no more granted to the company
+        foreach ($deletePermissions as $user => $toDelete) {
+            DB::connection('extranet_users')->table('model_has_roles')->where('model_id', $user)->whereIn('role_id', $toDelete)->delete();
+        }
+        // Add new roles
+        $rows = [];
+        foreach ($addPermissions as $id => $roles) {
+            foreach ($roles as $role) {
+                $rows[] = ['model_id' => $id, 'role_id' => $role, 'model_type' => $modelType];
+            }
          }
+        DB::connection('extranet_users')->table('model_has_roles')->insert($rows);
      }
  }
diff --git a/src/app/Models/Company.php b/src/app/Models/Company.php

index 6e8400bb104def554d2aa8edabaa86063e4db703..2d4a9fe1bab17070feafa673059ac8c398c5d14a 100644 (file)
--- a/src/app/Models/Company.php
+++ b/src/app/Models/Company.php
@@ -3,6 +3,7 @@
  namespace Cubedesigners\UserDatabase\Models;
  
  use Cubedesigners\UserDatabase\Fields\Users;
+use Cubedesigners\UserDatabase\Jobs\ApplyPermissionsToUsers;
  use Cubedesigners\UserDatabase\Permissions;
  use Cubedesigners\UserDatabase\SubForms\Address;
  use Cubist\Backpack\Magic\Fields\Integer;
@@ -190,4 +191,33 @@ class Company extends CubistMagicAbstractModel
          return Permissions::getNames(Permissions::getUsersByCompany($this->id));
      }
  
+    public function getEnabledUsers()
+    {
+        $users = $this->getUsers();
+        $res = [];
+        foreach ($users as $id => $user) {
+            if ($user['enabled']) {
+                $res[$id] = $user;
+            }
+        }
+        return $res;
+    }
+
+    public function getDisabledUsers(){
+        $users = $this->getUsers();
+        $res = [];
+        foreach ($users as $id => $user) {
+            if (!$user['enabled']) {
+                $res[$id] = $user;
+            }
+        }
+        return $res;
+    }
+
+    public function onSaved(): bool
+    {
+        ApplyPermissionsToUsers::dispatch();
+        return parent::onSaved();
+    }
+
  }
diff --git a/src/app/Models/User.php b/src/app/Models/User.php

index bf3eb9b78b49668e6e739ae100e9101f53783d4a..ab20c139dcc0cf585c0974cff8d91332833e9cd7 100644 (file)
--- a/src/app/Models/User.php
+++ b/src/app/Models/User.php
@@ -2,6 +2,7 @@
  
  namespace Cubedesigners\UserDatabase\Models;
  
+use Cubedesigners\UserDatabase\Jobs\ApplyPermissionsToUsers;
  use Cubedesigners\UserDatabase\Operations\CreateFromCompany;
  use Cubedesigners\UserDatabase\Operations\FilesOperation;
  use Cubedesigners\UserDatabase\Operations\LoginasOperation;
@@ -275,4 +276,10 @@ class User extends CubistMagicAuthenticatable
          $this->setAttribute('toolbox_settings', $settings);
      }
  
+    public function onSaved(): bool
+    {
+        ApplyPermissionsToUsers::dispatch();
+        return parent::onSaved();
+    }
+
  }
author	Vincent Vanwaelscappel <vincent@cubedesigners.com>
	Tue, 14 Mar 2023 18:37:36 +0000 (19:37 +0100)
committer	Vincent Vanwaelscappel <vincent@cubedesigners.com>
	Tue, 14 Mar 2023 18:37:36 +0000 (19:37 +0100)
src/app/Jobs/ApplyPermissionsToUsers.php		patch \| blob \| history
src/app/Models/Company.php		patch \| blob \| history
src/app/Models/User.php		patch \| blob \| history