Merge pull request #44 from nodes-vapor/develop

Gate system integrated into controllers and remove roles table

Author: Casperhr

Sources/AdminPanel/Controllers/BackendUserRolesController.swift

@@ -31,6 +31,7 @@ public final class BackendUsersController {
      * - return: View
      */
     public func index(request: Request) throws -> ResponseRepresentable {
+        try Gate.allowOrFail(request, "super-admin")
 
         let query = try BackendUser.query()
         if let search: String = request.query?["search"]?.string {
@@ -51,10 +52,12 @@ public final class BackendUsersController {
      * - return: View
      */
     public func create(request: Request) throws -> ResponseRepresentable {
+        try Gate.allowOrFail(request, "super-admin")
+        
         return try drop.view.make("BackendUsers/edit", [
-            "roles": BackendUserRole.options().makeNode(),
+            "roles": Configuration.shared?.roleOptions.makeNode() ?? [],
             "fieldset": BackendUserForm.getFieldset(request),
-            "defaultRole": BackendUserRole.defaultRole()
+            "defaultRole": Configuration.shared?.defaultRole ?? "admin"
         ], for: request)
     }
 
@@ -65,6 +68,8 @@ public final class BackendUsersController {
      * - return: View
      */
     public func store(request: Request) throws -> ResponseRepresentable {
+        try Gate.allowOrFail(request, "super-admin")
+        
         do {
             // Validate
             let backendUserForm = try BackendUserForm(validating: request.data)
@@ -95,12 +100,13 @@ public final class BackendUsersController {
      * - return: View
      */
     public func edit(request: Request, user: BackendUser) throws -> ResponseRepresentable {
+        try Gate.allowOrFail(request, "super-admin")
 
         return try drop.view.make("BackendUsers/edit", [
             "fieldset": BackendUserForm.getFieldset(request),
             "backendUser": try user.makeNode(),
-            "roles": BackendUserRole.options().makeNode(),
-            "defaultRole": BackendUserRole.defaultRole()
+            "roles": Configuration.shared?.roleOptions.makeNode() ?? [],
+            "defaultRole": Configuration.shared?.defaultRole ?? "admin"
         ], for: request)
     }
 
@@ -112,6 +118,8 @@ public final class BackendUsersController {
      * - return: View
      */
     public func update(request: Request) throws -> ResponseRepresentable {
+        try Gate.allowOrFail(request, "super-admin")
+        
         guard let id = request.data["id"]?.int, var backendUser = try BackendUser.query().filter("id", id).first() else {
             throw Abort.notFound
         }
@@ -140,6 +148,8 @@ public final class BackendUsersController {
      * - return: View
      */
     public func destroy(request: Request, user: BackendUser) throws -> ResponseRepresentable {
+        try Gate.allowOrFail(request, "super-admin")
+        
         do {
             try user.delete()
             return Response(redirect: "/admin/backend_users").flash(.success, "Deleted user")

Sources/AdminPanel/Controllers/BackendUsersController.swift

@@ -114,7 +114,6 @@ public final class BackendUser: Auth.User, Model {
             table.timestamps()
         }
 
-        try database.driver.raw(Database.foreign(parentTable: "backend_user_roles", parentPrimaryKey: "slug", childTable: "backend_users", childForeignKey: "role"))
         try database.index(table: "backend_users", column: "email")
     }
 

Sources/AdminPanel/Models/BackendUsers/BackendUser.swift

@@ -13,23 +13,18 @@
     <li class="list-group-heading">
         Super admin
     </li>
-    }
-    
-    #allow(request, "admin") {
-    <li class="list-group-heading">
-        Admin
-    </li>
     <li class="list-group-item #active(request, "/admin/backend_users", "/admin/backend_users/create", "/admin/backend_users/edit*")">
         <a href="/admin/backend_users">
             <i class="fa fa-street-view"></i>
             Backend users
         </a>
     </li>
-    <li class="list-group-item #active(request, "/admin/backend_users/roles*")">
-        <a href="/admin/backend_users/roles">
-            <i class="fa fa-graduation-cap"></i>
-            Roles
-        </a>
+    }
+    
+    #allow(request, "admin") {
+    <li class="list-group-heading">
+        Admin
     </li>
+  
     }
 </ul>

Sources/AdminPanel/Models/BackendUsers/BackendUserRoles/BackendUserRole.swift

@@ -41,6 +41,20 @@ public struct Configuration {
     public var ssoProvider: SSOProtocol?
     public let ssoCallbackPath: String?
     public let roles: [Role]
+    public var roleOptions: [String: String] {
+        
+        var options: [String: String] = [:]
+        
+        for role in roles {
+            options[role.slug] = role.title
+        }
+        
+        return options
+    }
+    
+    public var defaultRole: String {
+        return "admin"
+    }
 
     public init(drop: Droplet) throws {
         try self.init(config: drop.config)

Sources/AdminPanel/Resources/Views/Layout/Partials/Navigation/navigation.leaf

@@ -1,4 +1,5 @@
 import Vapor
+import HTTP
 
 class Gate {
 
@@ -63,17 +64,40 @@ class Gate {
         }
     }
 
+    // MARK : BackendUser
     public static func allow(_ backendUser: BackendUser?, _ role: String) -> Bool {
         return self.allow(backendUser?.role ?? "", role)
     }
 
     public static func disallow(_ backendUser: BackendUser?, _ role: String) -> Bool {
-        return !self.allow(backendUser?.role ?? "", role)
+        return !self.allow(backendUser, role)
     }
 
     public static func allowOrFail(_ backendUser: BackendUser?, _ role: String) throws {
         if self.disallow(backendUser, role) {
             throw self.error
         }
     }
+    
+    // MARK: User
+    public static func allow(_ request: Request, _ role: String) -> Bool {
+        do {
+            guard let backendUser = try request.auth.user() as? BackendUser else {
+                return false
+            }
+            return self.allow(backendUser.role, role)
+        } catch {
+            return false
+        }
+    }
+    
+    public static func disallow(_ request: Request, _ role: String) -> Bool {
+        return !self.allow(request, role)
+    }
+    
+    public static func allowOrFail(_ request: Request, _ role: String) throws {
+        if self.disallow(request, role) {
+            throw self.error
+        }
+    }
 }

Sources/AdminPanel/Routes/BackendUserRolesRoutes.swift

@@ -104,7 +104,7 @@ public class FormSelectGroup: BasicTag {
             let inputValues = arguments[1].value?.nodeObject,
             let fieldsetNode = arguments[2].value?.nodeObject
             else {
-                throw Abort.custom(status: .internalServerError, message: "FormSelectGroup parse error, expecting: #form:selectgroup(\"name\", \"default\", fieldset)")
+                throw Abort.custom(status: .internalServerError, message: "FormSelectGroup parse error, expecting: #form:selectgroup(\"name\", \"values\", fieldset), \"default\"")
         }
 
         let fieldset = fieldsetNode[inputName]

Sources/AdminPanel/Support/Configuration.swift

@@ -33,7 +33,6 @@ public final class Provider: Vapor.Provider {
         Configuration.shared = config
 
         droplet.preparations.append(BackendUserResetPasswordTokens.self)
-        droplet.preparations.append(BackendUserRole.self)
         droplet.preparations.append(BackendUser.self)
 
         droplet.commands.append(Seeder(dropet: droplet))
@@ -61,7 +60,6 @@ public final class Provider: Vapor.Provider {
             droplet.group(collection: Middlewares.secured) { secured in
                 secured.grouped("/admin/dashboard").collection(DashboardRoutes(droplet: droplet))
                 secured.grouped("/admin/backend_users").collection(BackendUsersRoutes(droplet: droplet))
-                secured.grouped("/admin/backend_users/roles").collection(BackendUserRolesRoutes(droplet: droplet))
             }
         }
     }