From 1edbd9ec68c3a8fd38212147ace1e8ad67b2bd48 Mon Sep 17 00:00:00 2001
From: Vincent Vanwaelscappel <vincent@cubedesigners.com>
Date: Tue, 1 Dec 2020 16:41:08 +0100
Subject: [PATCH] wip #3753 @1

---
 src/app/CubistCrudPanel.php                   |  30 ++++-
 .../Magic/Models/CubistMagicAbstractModel.php |  82 +++++++++--
 .../Policies/CubistMagicPermissivePolicy.php  |  10 --
 src/app/Magic/Policies/CubistMagicPolicy.php  | 127 ------------------
 src/app/Providers/AuthServiceProvider.php     |  40 ------
 5 files changed, 102 insertions(+), 187 deletions(-)
 delete mode 100644 src/app/Magic/Policies/CubistMagicPermissivePolicy.php
 delete mode 100644 src/app/Magic/Policies/CubistMagicPolicy.php
 delete mode 100644 src/app/Providers/AuthServiceProvider.php

diff --git a/src/app/CubistCrudPanel.php b/src/app/CubistCrudPanel.php
index be64232..5199ad7 100644
--- a/src/app/CubistCrudPanel.php
+++ b/src/app/CubistCrudPanel.php
@@ -5,7 +5,6 @@ namespace Cubist\Backpack\app;
 use Backpack\CRUD\app\Exceptions\AccessDeniedException;
 use Backpack\CRUD\app\Library\CrudPanel\CrudPanel;
 use Cubist\Backpack\app\Magic\Models\CubistMagicAbstractModel;
-use Illuminate\Support\Facades\Gate;
 
 /**
  * @property CubistMagicAbstractModel $model
@@ -69,6 +68,34 @@ class CubistCrudPanel extends CrudPanel
             return false;
         }
 
+        // Then, apply model rules
+        if ($this->model instanceof CubistMagicAbstractModel) {
+            $funcMap = ['list' => 'canList',
+                'create' => 'canCreate',
+                'update' => 'canUpdate',
+                'delete' => 'canDelete',
+                'revisions' => 'canUpdate',
+                'revise' => 'canUpdate',
+                'bulkClone' => 'canCreate',
+                'clone' => 'canCreate',
+                'bulkDelete' => 'canDelete',
+            ];
+
+            if (isset($funcMap[$operation])) {
+                $func = $funcMap[$operation];
+            } else {
+                $func = 'can' . ucfirst($operation);
+            }
+            $model = $this->entry ?? $this->model;
+            if (is_callable([$model, $func])) {
+                $res = $model->$func(backpack_user());
+            } else {
+                $res = true;
+            }
+
+            return true;
+            return $res;
+        }
 
         return true;
     }
@@ -79,6 +106,7 @@ class CubistCrudPanel extends CrudPanel
             throw new AccessDeniedException(trans('backpack::crud.unauthorized_access', ['access' => $operation]));
         }
 
+
         return true;
     }
 
diff --git a/src/app/Magic/Models/CubistMagicAbstractModel.php b/src/app/Magic/Models/CubistMagicAbstractModel.php
index a404571..1eab9f2 100644
--- a/src/app/Magic/Models/CubistMagicAbstractModel.php
+++ b/src/app/Magic/Models/CubistMagicAbstractModel.php
@@ -17,14 +17,12 @@ use Cubist\Backpack\app\Magic\Controllers\CubistMagicController;
 use Cubist\Backpack\app\Magic\EntityData;
 use Cubist\Backpack\app\Magic\Fields\Field;
 use Cubist\Backpack\app\Magic\PageData;
-use Cubist\Backpack\app\Magic\Policies\CubistMagicPermissivePolicy;
 use Cubist\Backpack\app\Magic\QueryBuilder;
 use Cubist\Backpack\app\Magic\Requests\CubistMagicUpdateRequest;
 use Cubist\Backpack\app\Magic\Util;
 use Cubist\Util\Json;
 use Doctrine\DBAL\Schema\Schema;
 use Doctrine\DBAL\Schema\Table;
-use GeneaLabs\LaravelModelCaching\Traits\Cachable;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Support\Carbon;
@@ -58,6 +56,7 @@ class CubistMagicAbstractModel extends Model implements HasMedia
     protected $_enableCreation = true;
     protected $_enableRevisions = true;
     protected $_enableBulk = true;
+    protected $_ownerAttribute = 'owner';
 
     protected $_syncDbSchema = true;
 
@@ -673,32 +672,97 @@ class CubistMagicAbstractModel extends Model implements HasMedia
         Cache::tags($tags)->flush();
     }
 
-    public function isOwner(CubistMagicAuthenticatable $user)
+    /**
+     * @param $user CubistMagicAuthenticatable
+     * @return bool
+     */
+    public function isOwner($user)
+    {
+        return null !== $user && ($this->canAdmin($user) || $this->getAttribute($this->_ownerAttribute) === $user->id);
+    }
+
+    /**
+     * @param $user CubistMagicAuthenticatable
+     * @return bool
+     */
+    public function canList($user)
+    {
+        return null !== $user && ($this->canAdmin($user) || $this->_can('read', $user));
+    }
+
+    /**
+     * @param $user CubistMagicAuthenticatable
+     * @return bool
+     */
+    public function canCreate($user)
+    {
+        return null !== $user && ($this->canAdmin($user) || $this->_can('write', $user));
+    }
+
+    /**
+     * @param $user CubistMagicAuthenticatable
+     * @return bool
+     */
+    public function canAdmin($user)
     {
-        return true;
+        return null !== $user && $this->_can('admin', $user);
     }
 
-    public function canView(CubistMagicAuthenticatable $user)
+    /**
+     * @param $operation string
+     * @param $user CubistMagicAuthenticatable
+     * @return bool
+     */
+    protected function _can($operation, $user)
+    {
+        if (null === $user) {
+            return false;
+        }
+        $permission = $this->getOption('name') . ':' . $operation;
+        return $user->can($permission);
+    }
+
+    /**
+     * @param $user CubistMagicAuthenticatable
+     * @return bool
+     */
+    public function canView($user)
     {
         return $this->isOwner($user);
     }
 
-    public function canUpdate(CubistMagicAuthenticatable $user)
+    /**
+     * @param $user CubistMagicAuthenticatable
+     * @return bool
+     */
+    public function canUpdate($user)
     {
         return $this->isOwner($user);
     }
 
-    public function canDelete(CubistMagicAuthenticatable $user)
+    /**
+     * @param $user CubistMagicAuthenticatable
+     * @return bool
+     */
+    public function canDelete($user)
     {
         return $this->isOwner($user);
     }
 
-    public function canForceDelete(CubistMagicAuthenticatable $user)
+    /**
+     * @param $user CubistMagicAuthenticatable
+     * @return bool
+     */
+    public function canForceDelete($user)
     {
         return $this->canDelete($user);
     }
 
-    public function canRestore(CubistMagicAuthenticatable $user)
+    /**
+     * @param $user CubistMagicAuthenticatable
+     * @return bool
+     */
+    public function canRestore($user)
     {
         return $this->canUpdate($user);
     }
diff --git a/src/app/Magic/Policies/CubistMagicPermissivePolicy.php b/src/app/Magic/Policies/CubistMagicPermissivePolicy.php
deleted file mode 100644
index 3de0051..0000000
--- a/src/app/Magic/Policies/CubistMagicPermissivePolicy.php
+++ /dev/null
@@ -1,10 +0,0 @@
-<?php
-
-
-namespace Cubist\Backpack\app\Magic\Policies;
-
-
-class CubistMagicPermissivePolicy extends CubistMagicPolicy
-{
-    public $allowAll = true;
-}
diff --git a/src/app/Magic/Policies/CubistMagicPolicy.php b/src/app/Magic/Policies/CubistMagicPolicy.php
deleted file mode 100644
index 0b36d93..0000000
--- a/src/app/Magic/Policies/CubistMagicPolicy.php
+++ /dev/null
@@ -1,127 +0,0 @@
-<?php
-
-
-namespace Cubist\Backpack\app\Magic\Policies;
-
-use Cubist\Backpack\app\Magic\Models\CubistMagicAbstractModel;
-use Cubist\Backpack\app\Magic\Models\CubistMagicAuthenticatable;
-use Illuminate\Auth\Access\HandlesAuthorization;
-
-class CubistMagicPolicy
-{
-    use HandlesAuthorization;
-
-    public $permissionBase = '';
-    public $allowAll = false;
-
-    /**
-     * Determine whether the user can view any quizzes.
-     *
-     * @param CubistMagicAuthenticatable $user
-     * @return mixed
-     */
-    public function viewAny(CubistMagicAuthenticatable $user)
-    {
-        return $this->allowAll || $user->hasPermissionTo($this->permissionBase . ':admin');
-    }
-
-    public function viewList(CubistMagicAuthenticatable $user)
-    {
-        return $this->allowAll || $this->viewAny($user) || $user->hasPermissionTo($this->permissionBase . ':list');
-    }
-
-    /**
-     * Determine whether the user can view the quiz.
-     *
-     * @param CubistMagicAuthenticatable $user
-     * @param CubistMagicAbstractModel $model
-     * @return mixed
-     */
-    public function view(CubistMagicAuthenticatable $user, CubistMagicAbstractModel $model)
-    {
-        if ($this->allowAll) {
-            return true;
-        }
-        if ($this->viewAny($user)) {
-            return true;
-        }
-        return $model->canView($user);
-    }
-
-    /**
-     * Determine whether the user can create quizzes.
-     *
-     * @param CubistMagicAuthenticatable $user
-     * @return mixed
-     */
-    public function create(CubistMagicAuthenticatable $user)
-    {
-        if ($this->allowAll) {
-            return true;
-        }
-        if ($this->viewAny($user)) {
-            return true;
-        }
-        $user->hasPermissionTo($this->permissionBase . ':create');
-    }
-
-    /**
-     * Determine whether the user can update the quiz.
-     *
-     * @param CubistMagicAuthenticatable $user
-     * @param CubistMagicAbstractModel $model
-     * @return mixed
-     */
-    public function update(CubistMagicAuthenticatable $user, CubistMagicAbstractModel $model)
-    {
-        if ($this->allowAll) {
-            return true;
-        }
-        return $model->canUpdate($user);
-    }
-
-    /**
-     * Determine whether the user can delete the quiz.
-     *
-     * @param CubistMagicAuthenticatable $user
-     * @param CubistMagicAbstractModel $model
-     * @return mixed
-     */
-    public function delete(CubistMagicAuthenticatable $user, CubistMagicAbstractModel $model)
-    {
-        if ($this->allowAll) {
-            return true;
-        }
-        return $model->canDelete($user);
-    }
-
-    /**
-     * Determine whether the user can restore the quiz.
-     *
-     * @param CubistMagicAuthenticatable $user
-     * @param CubistMagicAbstractModel $model
-     * @return mixed
-     */
-    public function restore(CubistMagicAuthenticatable $user, CubistMagicAbstractModel $model)
-    {
-        if ($this->allowAll) {
-            return true;
-        }
-        return $model->canRestore($user);
-    }
-
-    /**
-     * Determine whether the user can permanently delete the quiz.
-     *
-     * @param CubistMagicAuthenticatable $user
-     * @param CubistMagicAbstractModel $model
-     * @return mixed
-     */
-    public function forceDelete(CubistMagicAuthenticatable $user, CubistMagicAbstractModel $model)
-    {
-        if ($this->allowAll) {
-            return true;
-        }
-        return $model->canForceDelete($user);
-    }
-}
diff --git a/src/app/Providers/AuthServiceProvider.php b/src/app/Providers/AuthServiceProvider.php
deleted file mode 100644
index d8ee1a8..0000000
--- a/src/app/Providers/AuthServiceProvider.php
+++ /dev/null
@@ -1,40 +0,0 @@
-<?php
-
-
-namespace Cubist\Backpack\app\Providers;
-
-use Cubist\Backpack\app\Magic\Models\CubistMagicAbstractModel;
-use Cubist\Backpack\app\Magic\Policies\CubistMagicPermissivePolicy;
-use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
-use Illuminate\Support\Facades\Gate;
-
-class AuthServiceProvider extends ServiceProvider
-{
-    protected $_defaultPolicy = CubistMagicPermissivePolicy::class;
-    /**
-     * The policy mappings for the application.
-     *
-     * @var array
-     */
-    protected $policies = [];
-
-    /**
-     * Register any authentication / authorization services.
-     *
-     * @return void
-     */
-    public function boot()
-    {
-        $this->registerPolicies();
-        Gate::guessPolicyNamesUsing(function ($modelClass) {
-            $i = new $modelClass;
-            if ($i instanceof CubistMagicAbstractModel) {
-                $policy = $i->getPolicyClass();
-                if (null !== $policy) {
-                    return $policy;
-                }
-                return $this->_defaultPolicy;
-            }
-        });
-    }
-}
-- 
2.39.5