From 1310f7a85c4741dfc22a6212bfb788ee0fa99910 Mon Sep 17 00:00:00 2001 From: Vincent Vanwaelscappel Date: Sun, 30 Apr 2023 14:44:03 +0200 Subject: [PATCH] fix #5803 @2 --- src/app/Jobs/ApplyPermissionsToUsers.php | 80 +++++++++++++++++------- 1 file changed, 58 insertions(+), 22 deletions(-) diff --git a/src/app/Jobs/ApplyPermissionsToUsers.php b/src/app/Jobs/ApplyPermissionsToUsers.php index 7970ed2..ddb91f1 100644 --- a/src/app/Jobs/ApplyPermissionsToUsers.php +++ b/src/app/Jobs/ApplyPermissionsToUsers.php @@ -3,6 +3,7 @@ namespace Cubedesigners\UserDatabase\Jobs; use Cubedesigners\UserDatabase\Models\Company; +use Cubedesigners\UserDatabase\Models\User; use Cubist\Backpack\Jobs\Base; use Illuminate\Support\Facades\Artisan; use Illuminate\Support\Facades\DB; @@ -31,6 +32,8 @@ class ApplyPermissionsToUsers extends Base $rolesByName['elearning:user'], ]; + $superadmins = [5]; + // Get existing models $perms = []; foreach (DB::connection('extranet_users')->table('model_has_roles')->get() as $item) { @@ -53,30 +56,62 @@ class ApplyPermissionsToUsers extends Base $disabledUsers = array_merge($disabledUsers, array_keys($company->getDisabledUsers())); } /** @var $company Company */ - if ($company->id == 7) { + $isCube = $company->id == 7; + + if ($isCube) { $cubeUsers = array_keys($company->getEnabledUsers()); - continue; } - foreach ($company->getEnabledUsers() as $id => $user) { - $p = [$rolesByName['extranet:client']]; - if ($company->permissions_elearning) { - $p[] = $rolesByName['elearning:user']; - } - switch ($company->e1_ws_grade) { - case 1: - $p[] = $rolesByName['fluidbook:client']; - break; - case 2: - $p[] = $rolesByName['fluidbook:client:create']; - break; - case 3: - $p[] = $rolesByName['fluidbook:reseller']; - break; - case 4: - $p[] = $rolesByName['fluidbook:reseller:create']; - break; + $isSuperAdmin = in_array($id, $superadmins); + + $p = []; + + if ($isCube && $isSuperAdmin) { + $p = [$rolesByName['superadmin']]; + } else { + if ($isCube) { + $u = User::withoutGlobalScopes()->find($id); + switch ($u->e1_grade) { + + case 0.5: + $p[] = $rolesByName['extranet:team_newbie']; + break; + case 1: + $p[] = $rolesByName['extranet:team']; + break; + case 2: + $p[] = $rolesByName['extranet:admin']; + break; + case 3: + $p[] = $rolesByName['extranet:accountant']; + break; + case 0 : + default: + $p[] = $rolesByName['extranet:client']; + break; + } + $p = $p + [$rolesByName['toolbox:admin'], $rolesByName['elearning:admin'], $rolesByName['fluidbook:admin']]; + } else { + $p[] = $rolesByName['extranet:client']; + if ($company->permissions_elearning) { + $p[] = $rolesByName['elearning:user']; + } + switch ($company->e1_ws_grade) { + case 1: + $p[] = $rolesByName['fluidbook:client']; + break; + case 2: + $p[] = $rolesByName['fluidbook:client:create']; + break; + case 3: + $p[] = $rolesByName['fluidbook:reseller']; + break; + case 4: + $p[] = $rolesByName['fluidbook:reseller:create']; + break; + } + } } if (!isset($perms[$id])) { @@ -87,20 +122,21 @@ class ApplyPermissionsToUsers extends Base if (count($a)) { $addPermissions[$id] = $a; } - if (count($d)) { + if (count($d) && !$isCube) { $deletePermissions[$id] = $d; } } } } + // Delete all roles of disabled users DB::connection('extranet_users')->table('model_has_roles')->whereIn('model_id', $disabledUsers)->delete(); // Delete all roles not intented to be given to clients users DB::connection('extranet_users')->table('model_has_roles')->whereNotIn('role_id', $standardRoles)->whereNotIn('model_id', $cubeUsers)->delete(); // Delete roles not associated to the right model DB::connection('extranet_users')->table('model_has_roles')->where('model_type', '!=', $modelType)->delete(); - // Delete roles no more granted to the company + // Delete roles no more granted to the user foreach ($deletePermissions as $user => $toDelete) { DB::connection('extranet_users')->table('model_has_roles')->where('model_id', $user)->whereIn('role_id', $toDelete)->delete(); } -- 2.39.5