Per-folder users permissions

Author: Richard Dern

app/Http/Controllers/FolderController.php

@@ -8,6 +8,7 @@
 use App\Models\Group;
 use App\Http\Requests\Folders\SetPermissionsRequest;
 use Illuminate\Http\Request;
+use App\Models\User;
 
 class FolderController extends Controller
 {
@@ -83,10 +84,58 @@ public function details(Request $request, Folder $folder)
 
         $folder->user_permissions    = $folder->getUserPermissions($user);
         $folder->default_permissions = $folder->getDefaultPermissions();
+        $folder->group->loadCount('activeUsers');
 
         return $folder;
     }
 
+    /**
+     * Load per-user permissions for specified folder
+     *
+     * @param  \App\Models\Folder  $folder
+     * @return \Illuminate\Http\Response
+     */
+    public function perUserPermissions(Request $request, Folder $folder)
+    {
+        if (!$request->user()->can('setPermission', $folder)) {
+            abort(404);
+        }
+
+        $users = $folder->group->activeUsers()->whereNotIn('users.id', [$request->user()->id])
+            ->whereHas('permissions', function ($query) use ($folder) {
+                $query->where('folder_id', $folder->id);
+            })
+            ->with(['permissions'=> function ($query) use ($folder) {
+                $query->where('folder_id', $folder->id);
+            }])
+            ->select(['users.id', 'users.name', 'users.email'])
+            ->get();
+
+        return $users;
+    }
+
+    /**
+     * Load list of users with no expicit permissions for specified folder
+     *
+     * @param  \App\Models\Folder  $folder
+     * @return \Illuminate\Http\Response
+     */
+    public function usersWithoutPermissions(Request $request, Folder $folder)
+    {
+        if (!$request->user()->can('setPermission', $folder)) {
+            abort(404);
+        }
+
+        $users = $folder->group->activeUsers()->whereNotIn('users.id', [$request->user()->id])
+            ->whereDoesntHave('permissions', function ($query) use ($folder) {
+                $query->where('folder_id', $folder->id);
+            })
+            ->select(['users.id', 'users.name', 'users.email'])
+            ->get();
+
+        return $users;
+    }
+
     /**
      * Update the specified resource in storage.
      *
@@ -153,12 +202,53 @@ public function toggleBranch(Request $request, Folder $folder)
         return $user->getFlatTree();
     }
 
+    /**
+     * Set permissions for specified folder, optionally for specified user
+     *
+     * @param  App\Http\Requests\Folder\SetPermissionsRequest $request
+     * @param  \App\Models\Folder  $folder
+     * @return \Illuminate\Http\Response
+     */
     public function setPermission(SetPermissionsRequest $request, Folder $folder)
     {
+        if (!$request->user()->can('setPermission', $folder)) {
+            abort(404);
+        }
+
         $validated = $request->validated();
 
-        $folder->setDefaultPermission($validated['ability'], $validated['granted']);
+        $ability = !empty($validated['ability']) ? $validated['ability'] : null;
+        $granted = !empty($validated['granted']) ? $validated['granted'] : false;
+
+        if (empty($validated['user_id'])) {
+            $folder->setDefaultPermission($ability, $granted);
+
+            return $this->details($request, $folder);
+        } else {
+            $user = $folder->group->activeUsers()->findOrFail($validated['user_id']);
+
+            $user->setFolderPermissions($folder, $ability, $granted);
+
+            return $this->perUserPermissions($request, $folder);
+        }
+    }
+
+    /**
+     * Remove permissions for specified user in specified folder
+     *
+     * @param  App\Http\Requests\Folder\SetPermissionsRequest $request
+     * @param  \App\Models\Folder  $folder
+     * @param  \App\Models\User  $user
+     * @return \Illuminate\Http\Response
+     */
+    public function removePermissions(Request $request, Folder $folder, User $user)
+    {
+        if (!$request->user()->can('setPermission', $folder)) {
+            abort(404);
+        }
+
+        $user->permissions()->where('folder_id', $folder->id)->delete();
 
-        return $this->details($request, $folder);
+        return $this->perUserPermissions($request, $folder);
     }
 }

app/Http/Requests/Folders/SetPermissionsRequest.php

@@ -26,7 +26,7 @@ public function rules()
     {
         return [
             'ability' => [
-                'required',
+                'nullable',
                 Rule::in([
                     'can_create_folder',
                     'can_update_folder',
@@ -36,8 +36,12 @@ public function rules()
                 ])
             ],
             'granted' => [
-                'required',
+                'nullable',
                 'boolean'
+            ],
+            'user_id' => [
+                'nullable',
+                Rule::exists('users', 'id')
             ]
         ];
     }

app/Models/Folder.php

@@ -390,20 +390,24 @@ public function getUserPermissions(User $user = null)
         ];
     }
 
-    public function setDefaultPermission($ability, $granted)
+    public function setDefaultPermission($ability = null, $granted = null)
     {
-        $defaultPermissions = $this->permissions()->whereNull('user_id')->first();
+        $permissions = $this->permissions()->whereNull('user_id')->first();
+        
+        if (!$permissions) {
+            $permissions = new Permission();
 
-        if (empty($defaultPermissions)) {
-            $this->permissions()->save(
-                new Permission([
-                    $ability => $granted
-                ])
-            );
-        } else {
-            $defaultPermissions->$ability = $granted;
+            $permissions->folder()->associate($this);
 
-            $defaultPermissions->save();
+            $permissions->can_create_folder       = false;
+            $permissions->can_update_folder       = false;
+            $permissions->can_delete_folder       = false;
+            $permissions->can_create_document     = false;
+            $permissions->can_delete_document     = false;
         }
+
+        $permissions->$ability = $granted;
+
+        $permissions->save();
     }
 }

app/Models/Permission.php

@@ -9,19 +9,57 @@ class Permission extends Model
 {
     use HasFactory;
 
+    # --------------------------------------------------------------------------
+    # ----| Properties |--------------------------------------------------------
+    # --------------------------------------------------------------------------
+
+    /**
+     * The attributes that are mass assignable.
+     *
+     * @var array
+     */
     public $fillable = [
         'can_create_folder',
         'can_update_folder',
         'can_delete_folder',
-        'can_create_docment',
+        'can_create_document',
         'can_delete_document'
     ];
 
+    /**
+     * The attributes that should be cast to native types.
+     *
+     * @var array
+     */
     public $casts = [
-        'can_create_folder'  => 'boolean',
-        'can_update_folder'  => 'boolean',
-        'can_delete_folder'  => 'boolean',
-        'can_create_docment' => 'boolean',
-        'can_delete_document'=> 'boolean',
+        'can_create_folder'   => 'boolean',
+        'can_update_folder'   => 'boolean',
+        'can_delete_folder'   => 'boolean',
+        'can_create_document' => 'boolean',
+        'can_delete_document' => 'boolean',
     ];
+
+    # --------------------------------------------------------------------------
+    # ----| Relations |---------------------------------------------------------
+    # --------------------------------------------------------------------------
+
+    /**
+     * Related user
+     *
+     * @return \Illuminate\Database\Eloquent\Relations\BelongsTo
+     */
+    public function user()
+    {
+        return $this->belongsTo(User::class);
+    }
+
+    /**
+     * Related folder
+     *
+     * @return \Illuminate\Database\Eloquent\Relations\BelongsTo
+     */
+    public function folder()
+    {
+        return $this->belongsTo(Folder::class);
+    }
 }

app/Models/Traits/User/HasFolders.php

@@ -4,6 +4,7 @@
 
 use App\Models\Folder;
 use App\Models\Group;
+use App\Models\Permission;
 
 trait HasFolders
 {
@@ -219,4 +220,31 @@ public function ensureAncestorsAreExpanded(Folder $folder = null)
             $this->setFolderExpandedState(true, $folder);
         }
     }
+
+    /**
+     * Define this user permission for specified folder and ability
+     */
+    public function setFolderPermissions(Folder $folder, $ability = null, $grant = false)
+    {
+        $permissions = $this->permissions()->where('folder_id', $folder->id)->first();
+
+        if (!$permissions) {
+            $permissions = new Permission();
+
+            $permissions->user()->associate($this);
+            $permissions->folder()->associate($folder);
+        }
+
+        $defaultPermissions = $folder->getDefaultPermissions();
+
+        if ($ability !== null) {
+            $permissions->{$ability} = $grant;
+        } else {
+            foreach ($defaultPermissions as $defaultAbility => $defaultGrant) {
+                $permissions->{$defaultAbility} = $defaultGrant;
+            }
+        }
+
+        $permissions->save();
+    }
 }

app/Models/User.php

@@ -95,6 +95,16 @@ public function userHistoryEntries()
         return $this->hasMany(HistoryEntry::class);
     }
 
+    /**
+     * Permissions affected to this user
+     *
+     * @return \Illuminate\Database\Eloquent\Relations\HasMany
+     */
+    public function permissions()
+    {
+        return $this->hasMany(Permission::class);
+    }
+
     # --------------------------------------------------------------------------
     # ----| Methods |-----------------------------------------------------------
     # --------------------------------------------------------------------------

config/app.php

@@ -112,7 +112,7 @@
     |--------------------------------------------------------------------------
      */
 
-    'version'           => '0.8.10',
+    'version'           => '0.8.11',
 
     /*
     |--------------------------------------------------------------------------

config/routes.php

@@ -34,11 +34,14 @@
         'folder.destroy',
         'folder.details',
         'folder.index',
+        'folder.per_user_permissions',
+        'folder.remove_permissions',
         'folder.set_permission',
         'folder.show',
         'folder.store',
         'folder.toggle_branch',
         'folder.update',
+        'folder.users_without_permissions',
         'group.accept_invitation',
         'group.destroy',
         'group.index',

public/js/app.js

@@ -1,12 +1,12 @@
 {
-    "/js/app.js": "/js/app.js?id=78811c630a18dc4c3b90",
-    "/themes/cyca-dark/theme.css": "/themes/cyca-dark/theme.css?id=afb6085e0137be5723c3",
-    "/themes/cyca-light/theme.css": "/themes/cyca-light/theme.css?id=be5a16cf0e6f85afa3b1",
-    "/js/groups.js": "/js/groups.js?id=f8ceca1188bafecc6853",
-    "/js/highlights.js": "/js/highlights.js?id=e22cbaca83e2f10cef32",
-    "/js/history.js": "/js/history.js?id=04f1837a5d38b6c7385f",
-    "/js/import.js": "/js/import.js?id=dc4db8077d2231b2ff27",
-    "/js/themes-browser.js": "/js/themes-browser.js?id=9590890f2ae0200cf94c",
+    "/js/app.js": "/js/app.js?id=0e811bc45172c7df68bb",
+    "/themes/cyca-dark/theme.css": "/themes/cyca-dark/theme.css?id=027ec3932a5f8f5f051d",
+    "/themes/cyca-light/theme.css": "/themes/cyca-light/theme.css?id=f6f2dfe318f709bf0efa",
+    "/js/groups.js": "/js/groups.js?id=8f3f1acd5f4db7a818b4",
+    "/js/highlights.js": "/js/highlights.js?id=3402c4cc6939a9c5d3e5",
+    "/js/history.js": "/js/history.js?id=48c245fddeb9d202f44e",
+    "/js/import.js": "/js/import.js?id=f61de2d88a9491a69e0f",
+    "/js/themes-browser.js": "/js/themes-browser.js?id=6f97adf318c4da67d7a2",
     "/themes/cyca-dark/theme.json": "/themes/cyca-dark/theme.json?id=e6af9f523b70bc467aa4",
     "/themes/cyca-light/theme.json": "/themes/cyca-light/theme.json?id=bb59033be8f29999311e"
 }

public/js/groups.js

@@ -28,3 +28,8 @@
     color: theme("colors.groups-browser.status.joining.bg");
     background-color: theme("colors.badge.bg");
 }
+
+.badge.danger {
+    color: theme("colors.groups-browser.status.rejected.bg");
+    background-color: theme("colors.badge.bg");
+}

public/js/highlights.js

@@ -54,3 +54,11 @@
 .inline-document .favicon {
     @apply inline-block;
 }
+
+.vertical-text {
+    vertical-align: bottom;
+    display: inline-block;
+    width: 1%;
+    white-space: nowrap;
+    transform: rotate(-90deg);
+}