- Initial implementation of the Entrust RBAC module for the admin sec…

…tion

- Created Database seeds for creating a user, and giving them admin permissions (user: [email protected], pass: foobar)
- Updated existing permission checks to use RBAC
- Reorganized code a bit regarding filters, etc.
- Added additional RBAC checks for dashboard
- Removed now unecessary user_level column in users table

app/config/app.php

@@ -110,6 +110,7 @@
 		'Roumen\Sitemap\SitemapServiceProvider',
 		'Rocketeer\RocketeerServiceProvider',
 		'GrahamCampbell\Markdown\MarkdownServiceProvider',
+		'Zizaco\Entrust\EntrustServiceProvider'
 
 	),
 
@@ -179,6 +180,7 @@
 		'Markdown'        => 'GrahamCampbell\Markdown\Facades\Markdown',
 		'Profiler'        => 'Profiler\Facades\Profiler',
 		'Rocketeer'       => 'Rocketeer\Facades\Rocketeer',
+		'Entrust'         => 'Zizaco\Entrust\EntrustFacade'
 	),
 
 );

app/controllers/DashboardController.php

@@ -32,6 +32,13 @@ public function getIndex(){
 	 * 	Document Creation/List or Document Edit Views
 	 */
 	public function getDocs($id = ''){
+
+		$user = Auth::user();
+
+		if(!$user->can('admin_manage_documents')) {
+			return Redirect::to('/dashboard')->with('message', "You do not have permission");
+		}
+
 		if($id == ''){
 			$docs = Doc::all();
 
@@ -66,6 +73,13 @@ public function getDocs($id = ''){
 	 * 	Post route for creating / updating documents
 	 */
 	public function postDocs($id = ''){
+
+		$user = Auth::user();
+
+		if(!$user->can('admin_manage_documents')) {
+			return Redirect::to('/dashboard')->with('message', "You do not have permission");
+		}
+
 		//Creating new document
 		if($id == ''){
 			$title = Input::get('title');
@@ -108,6 +122,13 @@ public function postDocs($id = ''){
 	 * 	PUT route for saving documents
 	 */
 	public function putDocs($id = ''){
+
+		$user = Auth::user();
+
+		if(!$user->can('admin_manage_documents')) {
+			return Redirect::to('/dashboard')->with('message', "You do not have permission");
+		}
+
 		$content = Input::get('content');
 		$content_id = Input::get('content_id');
 
@@ -136,6 +157,13 @@ public function putDocs($id = ''){
 	 * 	Verification request view
 	 */
 	public function getVerifications(){
+
+		$user = Auth::user();
+
+		if(!$user->can('admin_verify_users')) {
+			return Redirect::to('/dashboard')->with('message', "You do not have permission");
+		}
+
 		$requests = UserMeta::where('meta_key', 'verify')->with('user')->get();
 
 		$data = array(
@@ -157,22 +185,30 @@ public function getSettings(){
 			'page_title'	=> 'Settings',
 		);
 
+		$user = Auth::user();
+
+		if(!$user->can('admin_manage_settings')) {
+			return Redirect::to('/dashboard')->with('message', "You do not have permission");
+		}
+
 		return View::make('dashboard.settings', $data);
 	}
 
 	public function postSettings(){
+
+		$user = Auth::user();
+
+		if(!$user->can('admin_manage_settings')) {
+			return Redirect::to('/dashboard')->with('message', "You do not have permission");
+		}
+
 		$adminEmail = Input::get('contact-email');
 
 		$adminContact = User::where('email', '$adminEmail');
 
 		if(!isset($adminContact)){
 			return Redirect::back()->with('error', 'The admin account with this email was not found.  Please try a different email.');
 		}
-
-
-
-
-
 	}
 }
 

app/database/migrations/2014_04_03_015654_entrust_setup_tables.php

@@ -0,0 +1,93 @@
+<?php
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+
+class EntrustSetupTables extends Migration {
+
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+    	Schema::drop('role_user');
+    	Schema::drop('roles');
+
+
+        // Creates the roles table
+        Schema::create('roles', function($table)
+        {
+            $table->increments('id')->unsigned();
+            $table->string('name')->unique();
+            $table->timestamps();
+        });
+
+        // Creates the assigned_roles (Many-to-Many relation) table
+        Schema::create('assigned_roles', function($table)
+        {
+            $table->increments('id')->unsigned();
+            $table->integer('user_id')->unsigned();
+            $table->integer('role_id')->unsigned();
+            $table->foreign('user_id')->references('id')->on('users'); // assumes a users table
+            $table->foreign('role_id')->references('id')->on('roles');
+        });
+
+        // Creates the permissions table
+        Schema::create('permissions', function($table)
+        {
+            $table->increments('id')->unsigned();
+            $table->string('name');
+            $table->string('display_name');
+            $table->timestamps();
+        });
+
+        // Creates the permission_role (Many-to-Many relation) table
+        Schema::create('permission_role', function($table)
+        {
+            $table->increments('id')->unsigned();
+            $table->integer('permission_id')->unsigned();
+            $table->integer('role_id')->unsigned();
+            $table->foreign('permission_id')->references('id')->on('permissions'); // assumes a users table
+            $table->foreign('role_id')->references('id')->on('roles');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('assigned_roles', function(Blueprint $table) {
+            $table->dropForeign('assigned_roles_user_id_foreign');
+            $table->dropForeign('assigned_roles_role_id_foreign');
+        });
+
+        Schema::table('permission_role', function(Blueprint $table) {
+            $table->dropForeign('permission_role_permission_id_foreign');
+            $table->dropForeign('permission_role_role_id_foreign');
+        });
+
+        Schema::drop('assigned_roles');
+        Schema::drop('permission_role');
+        Schema::drop('roles');
+        Schema::drop('permissions');
+
+        Schema::create('roles', function($table){
+        	$table->increments('id');
+        	$table->string('label');
+        	$table->string('permissions');
+        	$table->timestamps();
+        });
+
+        Schema::create('role_user', function($table){
+        	$table->integer('role_id')->unsigned();
+        	$table->integer('user_id')->unsigned();
+        	$table->foreign('role_id')->references('id')->on('roles')->onDelete('cascade');
+        	$table->foreign('user_id')->references('id')->on('users')->onDelete('cascade');
+        });
+    }
+
+}

app/database/migrations/2014_04_03_064948_drop_user_level_column.php

@@ -0,0 +1,30 @@
+<?php
+
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Database\Migrations\Migration;
+
+class DropUserLevelColumn extends Migration {
+
+	/**
+	 * Run the migrations.
+	 *
+	 * @return void
+	 */
+	public function up()
+	{
+		Schema::table('users', function($table) {
+			$table->dropColumn('user_level');
+		});
+	}
+
+	/**
+	 * Reverse the migrations.
+	 *
+	 * @return void
+	 */
+	public function down()
+	{
+		throw new Exception("Cannot roll back this migration");
+	}
+
+}

app/database/seeds/DatabaseSeeder.php

@@ -11,7 +11,9 @@ public function run()
 	{
 		Eloquent::unguard();
 
-		// $this->call('UserTableSeeder');
+		$this->call('UsersTableSeeder');
+		$this->call('RbacSeeder');
+
 	}
 
 }

app/database/seeds/RbacSeeder.php

@@ -0,0 +1,46 @@
+<?php
+
+use Illuminate\Database\Seeder;
+
+class RbacSeeder extends Seeder
+{
+	private $adminPermissions = array(
+		'ManageDocuments' => array(
+			'name' => 'admin_manage_documents',
+			'display_name' => 'Manage Documents',
+		),
+		'ManageSettings' => array(
+			'name' => 'admin_manage_settings',
+			'display_name' => "Manage Settings"
+		),
+		'VerifyUsers' => array(
+			'name' => "admin_verify_users",
+			'display_name' => "Verify Users"
+		)
+	);
+
+	public function run()
+	{
+		$admin = new Role();
+		$admin->name = 'Admin';
+		$admin->save();
+
+		$permIds = array();
+		foreach($this->adminPermissions as $permClass => $data) {
+			$perm = new Permission();
+
+			foreach($data as $key => $val) {
+				$perm->$key = $val;
+			}
+
+			$perm->save();
+
+			$permIds[] = $perm->id;
+		}
+
+		$admin->perms()->sync($permIds);
+
+		$user = User::where('email', '=', '[email protected]')->first();
+		$user->attachRole($admin);
+	}
+}

app/database/seeds/UsersTableSeeder.php

@@ -0,0 +1,18 @@
+<?php
+
+use Illuminate\Database\Seeder;
+
+class UsersTableSeeder extends Seeder 
+{
+	public function run()
+	{
+		DB::table('users')->insert(array(
+			'email' => '[email protected]',
+			'password' => '$2y$10$uIX./LUQwWBW3Orqd.E7LOY8KdCHHkIM9dGmZe95lFlf0OrH8YzOK',
+			'fname' => 'John',
+			'lname' => 'Coggeshall',
+			'user_level' => 1,
+			'token' => '',
+		));
+	}
+}

app/filters.php

@@ -1,5 +1,6 @@
 <?php
 
+use Zizaco\Entrust\Entrust;
 /*
 |--------------------------------------------------------------------------
 | Application & Route Filters
@@ -35,9 +36,15 @@
 
 Route::filter('auth', function()
 {
-	if (Auth::guest()) return Redirect::guest('login');
+	if (Auth::guest()) return Redirect::to('user/login');
 });
 
+Route::filter('admin', function(){
+
+	$user = Auth::user();
+
+	if(Auth::guest() || !$user->hasRole('Admin')) return Redirect::home()->with('message', 'You are not authorized to view that page');
+});
 
 Route::filter('auth.basic', function()
 {

app/models/Permission.php

@@ -0,0 +1,5 @@
+<?php
+
+use Zizaco\Entrust\EntrustPermission;
+
+class Permission extends EntrustPermission {}

app/models/Role.php

@@ -0,0 +1,5 @@
+<?php
+
+use Zizaco\Entrust\EntrustRole;
+
+class Role extends EntrustRole {}

app/models/User.php

@@ -8,6 +8,8 @@
 
 class User extends Eloquent implements UserInterface, RemindableInterface{
 
+	use Zizaco\Entrust\HasRole;
+
 	protected $hidden = array('password');
 
 	public function verified(){
@@ -82,7 +84,7 @@ public function admin_contact($setting = null){
 			}
 		}
 
-		if($this->user_level != 1){
+		if(!$this->hasRole('Admin')){
 			return false;
 		}
 

app/routes.php

@@ -171,12 +171,3 @@
     return 'You gave a valid CSRF token!';
 }));
 */
-
-Route::filter('auth', function()
-{
-	if (!Auth::check()) return Redirect::to('user/login');
-});
-
-Route::filter('admin', function(){
-	if(Auth::guest() || Auth::user()->user_level != 1) return Redirect::home()->with('message', 'You are not authorized to view that page');
-});

app/views/layouts/header.blade.php

@@ -17,7 +17,7 @@
 					<!-- <li class="link-bookmarked"><a href="#" class="disabled coming-feature">Bookmarked Documents</a></li> -->
 					<!-- <li class="link-points"><a href="#" class="disabled coming-feature">Your Points</a></li> -->
 					<li class="link-settings"><a href="{{ URL::to('user/edit/' . Auth::user()->id) }}">Account Settings</a></li>
-					@if(Auth::user()->user_level == '1')
+					@if(Auth::user()->hasRole('Admin'))
 					<li><a href="{{ URL::to('dashboard') }}">Administrative Dashboard</a></li>
 					@endif
 					<!-- <li class="link-help"><a href="#" class="disabled coming-feature">Help</a></li> -->

composer.json

@@ -16,6 +16,7 @@
     	"way/phpunit-wrappers": "dev-master"
     },
 	"require": {
+		"zizaco/entrust" : "dev-master",
 		"laravel/framework": "4.1.*",
 		"roumen/sitemap": "dev-master",
 		"elasticsearch/elasticsearch": "~0.4",