From: Vincent Vanwaelscappel Date: Tue, 14 Mar 2023 18:37:36 +0000 (+0100) Subject: wip #5804 @1.25 X-Git-Url: http://git.cubedesigners.com/?a=commitdiff_plain;h=f9c58490950488f0a72246b3bee4d5ea32c2bd72;p=cubedesigners_userdatabase.git wip #5804 @1.25 --- diff --git a/src/app/Jobs/ApplyPermissionsToUsers.php b/src/app/Jobs/ApplyPermissionsToUsers.php index f5979e5..c02207b 100644 --- a/src/app/Jobs/ApplyPermissionsToUsers.php +++ b/src/app/Jobs/ApplyPermissionsToUsers.php @@ -4,16 +4,106 @@ namespace Cubedesigners\UserDatabase\Jobs; use Cubedesigners\UserDatabase\Models\Company; use Cubist\Backpack\Jobs\Base; +use Illuminate\Support\Facades\DB; class ApplyPermissionsToUsers extends Base { public function handle() { - foreach (Company::withoutGlobalScopes()->all() as $company) { + $modelType = 'App\\Models\\AuthUser'; + // Get Roles names + $roles = DB::connection('extranet_users')->table('roles')->get(); + $rolesById = []; + $rolesByName = []; + foreach ($roles as $role) { + $rolesById[$role->id] = $role->name; + $rolesByName[$role->name] = $role->id; + } + $disabledUsers = []; + + $standardRoles = [ + $rolesByName['extranet:client'], + $rolesByName['fluidbook:client'], + $rolesByName['fluidbook:client:create'], + $rolesByName['fluidbook:reseller'], + $rolesByName['fluidbook:reseller:create'], + $rolesByName['elearning:user'], + ]; + + // Get existing models + $perms = []; + foreach (DB::connection('extranet_users')->table('model_has_roles')->get() as $item) { + if (!isset($perms[$item->model_id])) { + $perms[$item->model_id] = []; + } + $perms[$item->model_id][] = $item->role_id; + } + + + $addPermissions = []; + $deletePermissions = []; + + $users = []; + foreach (Company::withoutGlobalScopes()->get() as $company) { + $disabledUsers = array_merge($disabledUsers, array_keys($company->getDisabledUsers())); + /** @var $company Company */ if ($company->id == 7) { + $cubeUsers = array_keys($company->getEnabledUsers()); continue; } - dd($company); + + foreach ($company->getEnabledUsers() as $id => $user) { + $p = [$rolesByName['extranet:client']]; + if ($company->permission_elearning) { + $p[] = $rolesByName['elearning:user']; + } + switch ($company->e1_ws_grade) { + case 1: + $p[] = $rolesByName['fluidbook:client']; + break; + case 2: + $p[] = $rolesByName['fluidbook:client:create']; + break; + case 3: + $p[] = $rolesByName['fluidbook:reseller']; + break; + case 4: + $p[] = $rolesByName['fluidbook:reseller:create']; + break; + } + + if (!isset($perms[$id])) { + $addPermissions[$id] = $p; + } else { + $a = array_diff($p, $perms[$id]); + $d = array_diff($perms[$id], $p); + if (count($a)) { + $addPermissions[$id] = $a; + } + if (count($d)) { + $deletePermissions[$id] = $d; + } + } + } + } + + // Delete all roles of disabled users + DB::connection('extranet_users')->table('model_has_roles')->whereIn('model_id', $disabledUsers)->delete(); + // Delete all roles not intented to be given to clients users + DB::connection('extranet_users')->table('model_has_roles')->whereNotIn('role_id', $standardRoles)->whereNotIn('model_id', $cubeUsers)->delete(); + // Delete roles not associated to the right model + DB::connection('extranet_users')->table('model_has_roles')->where('model_type', '!=', $modelType)->delete(); + // Delete roles no more granted to the company + foreach ($deletePermissions as $user => $toDelete) { + DB::connection('extranet_users')->table('model_has_roles')->where('model_id', $user)->whereIn('role_id', $toDelete)->delete(); + } + // Add new roles + $rows = []; + foreach ($addPermissions as $id => $roles) { + foreach ($roles as $role) { + $rows[] = ['model_id' => $id, 'role_id' => $role, 'model_type' => $modelType]; + } } + DB::connection('extranet_users')->table('model_has_roles')->insert($rows); } } diff --git a/src/app/Models/Company.php b/src/app/Models/Company.php index 6e8400b..2d4a9fe 100644 --- a/src/app/Models/Company.php +++ b/src/app/Models/Company.php @@ -3,6 +3,7 @@ namespace Cubedesigners\UserDatabase\Models; use Cubedesigners\UserDatabase\Fields\Users; +use Cubedesigners\UserDatabase\Jobs\ApplyPermissionsToUsers; use Cubedesigners\UserDatabase\Permissions; use Cubedesigners\UserDatabase\SubForms\Address; use Cubist\Backpack\Magic\Fields\Integer; @@ -190,4 +191,33 @@ class Company extends CubistMagicAbstractModel return Permissions::getNames(Permissions::getUsersByCompany($this->id)); } + public function getEnabledUsers() + { + $users = $this->getUsers(); + $res = []; + foreach ($users as $id => $user) { + if ($user['enabled']) { + $res[$id] = $user; + } + } + return $res; + } + + public function getDisabledUsers(){ + $users = $this->getUsers(); + $res = []; + foreach ($users as $id => $user) { + if (!$user['enabled']) { + $res[$id] = $user; + } + } + return $res; + } + + public function onSaved(): bool + { + ApplyPermissionsToUsers::dispatch(); + return parent::onSaved(); + } + } diff --git a/src/app/Models/User.php b/src/app/Models/User.php index bf3eb9b..ab20c13 100644 --- a/src/app/Models/User.php +++ b/src/app/Models/User.php @@ -2,6 +2,7 @@ namespace Cubedesigners\UserDatabase\Models; +use Cubedesigners\UserDatabase\Jobs\ApplyPermissionsToUsers; use Cubedesigners\UserDatabase\Operations\CreateFromCompany; use Cubedesigners\UserDatabase\Operations\FilesOperation; use Cubedesigners\UserDatabase\Operations\LoginasOperation; @@ -275,4 +276,10 @@ class User extends CubistMagicAuthenticatable $this->setAttribute('toolbox_settings', $settings); } + public function onSaved(): bool + { + ApplyPermissionsToUsers::dispatch(); + return parent::onSaved(); + } + }