fix: permission to avoid any conflict with laravel policy (#62)

Author: matthv

src/Http/Controllers/ChartsController.php

@@ -42,7 +42,7 @@ public function __construct()
      */
     public function index(): JsonResponse
     {
-        $this->authorize('simple-charts', [request()->except('timezone')]);
+        $this->can('simpleCharts', request()->except('timezone'));
 
         $name = request()->route()->parameter('collection');
         $model = $this->getModel(ucfirst($name));
@@ -66,7 +66,7 @@ public function index(): JsonResponse
      */
     public function liveQuery(): JsonResponse
     {
-        $this->authorize('liveQuery', [request()->input('query')]);
+        $this->can('liveQuery', request()->input('query'));
         $repository = App::make('\ForestAdmin\LaravelForestAdmin\Repositories\Charts\LiveQuery\\' . $this->type);
 
         return response()->json(

src/Http/Controllers/ForestController.php

@@ -2,6 +2,7 @@
 
 namespace ForestAdmin\LaravelForestAdmin\Http\Controllers;
 
+use ForestAdmin\LaravelForestAdmin\Permissions\Permission;
 use Illuminate\Auth\Access\AuthorizationException;
 use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
 use Illuminate\Routing\Controller;
@@ -21,17 +22,15 @@ class ForestController extends Controller
     }
 
     /**
-     * @param $ability
-     * @param $arguments
-     * @return void
+     * @param string $ability
+     * @param        $arguments
+     * @return mixed
      * @throws AuthorizationException
      */
-    public function authorize($ability, $arguments = [])
+    public function can(string $ability, $arguments)
     {
-        if (Auth::guard('forest')->check()) {
-            Auth::shouldUse('forest');
+        if (! Permission::$ability(Auth::guard('forest')->user(), $arguments)) {
+            throw new AuthorizationException();
         }
-
-        $this->baseAuthorize($ability, $arguments);
     }
 }

src/Http/Controllers/ResourcesController.php

@@ -74,7 +74,7 @@ public function callAction($method, $parameters)
     public function index()
     {
         $authorizeAction = $this->requestFormat === 'csv' ? 'export' : 'viewAny';
-        $this->authorize($authorizeAction,  $this->model);
+        $this->can($authorizeAction, $this->model);
 
         $repository = new ResourceGetter($this->model);
 
@@ -107,7 +107,7 @@ public function index()
      */
     public function show(): JsonResponse
     {
-        $this->authorize('view', $this->model);
+        $this->can('view', $this->model);
 
         $repository = new ResourceGetter($this->model);
 
@@ -129,7 +129,7 @@ public function show(): JsonResponse
      */
     public function store(): JsonResponse
     {
-        $this->authorize('create', $this->model);
+        $this->can('create', $this->model);
 
         try {
             $repository = new ResourceCreator($this->model);
@@ -150,7 +150,7 @@ public function store(): JsonResponse
      */
     public function update(): JsonResponse
     {
-        $this->authorize('update', $this->model);
+        $this->can('update', $this->model);
 
         try {
             $repository = new ResourceUpdater($this->model);
@@ -170,7 +170,7 @@ public function update(): JsonResponse
      */
     public function destroy(): JsonResponse
     {
-        $this->authorize('delete', $this->model);
+        $this->can('delete', $this->model);
 
         try {
             $id = request()->route()->parameter($this->model->getKeyName());
@@ -188,7 +188,7 @@ public function destroy(): JsonResponse
      */
     public function count(): JsonResponse
     {
-        $this->authorize('viewAny',  $this->model);
+        $this->can('viewAny',  $this->model);
 
         $repository = new ResourceGetter($this->model);
 
@@ -201,7 +201,7 @@ public function count(): JsonResponse
      */
     public function destroyBulk(): JsonResponse
     {
-        $this->authorize('delete', $this->model);
+        $this->can('delete', $this->model);
 
         try {
             $repository = new ResourceRemover($this->model);

src/Http/Controllers/SmartActionController.php

@@ -54,7 +54,7 @@ public function __invoke(Route $route)
      */
     public function executeAction(): JsonResponse
     {
-        $this->authorize('smartAction', [$this->collection, Str::slug($this->smartAction->getKey())]);
+        $this->can('smartAction', [$this->collection, Str::slug($this->smartAction->getKey())]);
 
         return response()->json(
             call_user_func($this->smartAction->getExecute())

src/Permissions/Permission.php

@@ -0,0 +1,117 @@
+<?php
+
+namespace ForestAdmin\LaravelForestAdmin\Permissions;
+
+use ForestAdmin\LaravelForestAdmin\Auth\Guard\Model\ForestUser;
+use Illuminate\Auth\Access\Response;
+use Illuminate\Support\Str;
+
+/**
+ * Class Permission
+ *
+ * @package  Laravel-forestadmin
+ * @license  GNU https://www.gnu.org/licences/licences.html
+ * @link     https://github.com/ForestAdmin/laravel-forestadmin
+ */
+class Permission
+{
+    /**
+     * @param ForestUser $forestUser
+     * @param mixed      $collection
+     * @return Response|bool
+     */
+    public static function viewAny(ForestUser $forestUser, $collection)
+    {
+        return $forestUser->hasPermission(self::getCollectionName($collection), 'browseEnabled');
+    }
+
+    /**
+     * @param ForestUser $forestUser
+     * @param mixed      $collection
+     * @return Response|bool
+     */
+    public static function view(ForestUser $forestUser, $collection)
+    {
+        return $forestUser->hasPermission(self::getCollectionName($collection), 'readEnabled');
+    }
+
+    /**
+     * @param ForestUser $forestUser
+     * @param mixed      $collection
+     * @return Response|bool
+     */
+    public static function create(ForestUser $forestUser, $collection)
+    {
+        return $forestUser->hasPermission(self::getCollectionName($collection), 'addEnabled');
+    }
+
+    /**
+     * @param ForestUser $forestUser
+     * @param mixed      $collection
+     * @return Response|bool
+     */
+    public static function update(ForestUser $forestUser, $collection)
+    {
+        return $forestUser->hasPermission(self::getCollectionName($collection), 'editEnabled');
+    }
+
+    /**
+     * @param ForestUser $forestUser
+     * @param            $collection
+     * @return Response|bool
+     */
+    public static function delete(ForestUser $forestUser, $collection)
+    {
+        return $forestUser->hasPermission(self::getCollectionName($collection), 'deleteEnabled');
+    }
+
+    /**
+     * @param ForestUser $forestUser
+     * @param mixed      $collection
+     * @return Response|bool
+     */
+    public static function export(ForestUser $forestUser, $collection)
+    {
+        return $forestUser->hasPermission(self::getCollectionName($collection), 'exportEnabled');
+    }
+
+    /**
+     * @param ForestUser $forestUser
+     * @param array      $arguments
+     * @return bool
+     */
+    public static function smartAction(ForestUser $forestUser, array $arguments = [])
+    {
+        [$collection, $action] = $arguments;
+        return $forestUser->hasSmartActionPermission(self::getCollectionName($collection), $action);
+    }
+
+    /**
+     * @param ForestUser $forestUser
+     * @param            $query
+     * @return bool
+     */
+    public static function liveQuery(ForestUser $forestUser, $query)
+    {
+        return $forestUser->hasLiveQueryPermission($query);
+    }
+
+    /**
+     * @param ForestUser $forestUser
+     * @param            $query
+     * @return bool
+     */
+    public static function simpleCharts(ForestUser $forestUser, $query)
+    {
+        return $forestUser->hasSimpleChartPermission($query);
+    }
+
+    /**
+     * @param mixed $collection
+     * @return string
+     */
+    private static function getCollectionName($collection): string
+    {
+        return Str::camel((class_basename(get_class($collection))));
+    }
+}

src/Policies/PermissionPolicy.php

@@ -5,7 +5,6 @@
 use Firebase\JWT\JWT;
 use Firebase\JWT\Key;
 use ForestAdmin\LaravelForestAdmin\Auth\Guard\Model\ForestUser;
-use ForestAdmin\LaravelForestAdmin\Policies\PermissionPolicy;
 use Illuminate\Foundation\Support\Providers\AuthServiceProvider;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
@@ -37,21 +36,5 @@ static function (Request $request) {
                 }
             }
         );
-
-        Gate::guessPolicyNamesUsing(static fn() => PermissionPolicy::class);
-
-        Gate::define(
-            'liveQuery',
-            static function (ForestUser $user, string $query) {
-                return $user->hasLiveQueryPermission($query);
-            }
-        );
-
-        Gate::define(
-            'simple-charts',
-            static function (ForestUser $user, array $payload) {
-                return $user->hasSimpleChartPermission($payload);
-            }
-        );
     }
 }