Merge pull request #57 from Odenius/master

Route filter: routeNeedsRoleOrPermission
Zizaco · Oct 26, 2013 · c12492a · c12492a
2 parents f0a93bd + c86a882
commit c12492a
Show file tree

Hide file tree

Showing 2 changed files with 70 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -261,10 +261,14 @@ you want to allow access for multiple groups.
 
 ```php
 // If a user has `manage_posts`, `manage_comments` or both they will have access.
-Entrust::routeNeedsRole( 'admin/post*', array('manage_posts','manage_comments'), null, false );
+Entrust::routeNeedsPermission( 'admin/post*', array('manage_posts','manage_comments'), null, false );
 
 // If a user is a member of `Owner`, `Writer` or both they will have access.
-Entrust::routeNeedsPermission( 'admin/advanced*', array('Owner','Writer'), null, false );
+Entrust::routeNeedsRole( 'admin/advanced*', array('Owner','Writer'), null, false );
+
+// If a user is a member of `Owner`, `Writer` or both, or user has `manage_posts`, `manage_comments` they will have access.
+// You can set the 4th parameter to true then user must be member of Role and must has Permission.
+Entrust::routeNeedsRoleOrPermission( 'admin/advanced*', array('Owner','Writer'), array('manage_posts','manage_comments'), null, false);
 ```
 
 ### Route filter

diff --git a/src/Zizaco/Entrust/Entrust.php b/src/Zizaco/Entrust/Entrust.php
@@ -183,4 +183,68 @@ public function routeNeedsPermission( $route, $permissions, $result = null, $cum
         // previously created filter.
         $this->_app['router']->when( $route, $filter_name );
     }
+
+    /**
+     * Filters a route for the permission. If the third parameter
+     * is null then return 403. Overwise the $result is returned
+     *
+     * @param string $route  Route pattern. i.e: "admin/*"
+     * @param array|string $roles   The role(s) needed.
+     * @param array|string $permissions   The permission needed.
+     * @param mixed  $result i.e: Redirect::to('/')
+     * @param bool $cumulative Must have all permissions
+     *
+     * @access public
+     *
+     * @return void
+     */
+    public function routeNeedsRoleOrPermission( $route, $roles, $permissions, $result = null, $cumulative=false )
+    {
+        if(!is_array($roles)) {
+            $roles = array($roles);
+        }
+        if(!is_array($permissions)) {
+            $permissions = array($permissions);
+        }
+
+        $filter_name = implode('_',$roles).'_'.implode('_',$permissions).'_'.substr(md5($route),0,6);
+
+        if (! $result instanceof Closure)
+        {
+            $result = function() use ($roles, $permissions, $result, $cumulative) {
+                $hasARole = array();
+                foreach($roles as $role) {
+                    if ($this->hasRole($role)) {
+                        $hasARole[] = true;
+                    } else {
+                        $hasARole[] = false;
+                    }
+                }
+
+                $hasAPermission = array();
+                foreach($permissions as $permission) {
+                    if ($this->can($permission)) {
+                        $hasAPermission[] = true;
+                    } else {
+                        $hasAPermission[] = false;
+                    }
+                }
+                // Check to see if it is false and then
+                // check additive flag and that the array only contains false.
+                if(((in_array(false, $hasARole) || in_array(false, $hasAPermission))) && ($cumulative || count(array_unique(array_merge($hasARole, $hasAPermission))) == 1 )) {
+                    if(! $result)
+                        Facade::getFacadeApplication()->abort(403);
+
+                    return $result;
+                }
+            };
+        }
+
+        // Same as Route::filter, registers a new filter
+        $this->_app['router']->filter($filter_name, $result);
+
+        // Same as Route::when, assigns a route pattern to the
+        // previously created filter.
+        $this->_app['router']->when( $route, $filter_name );
+    }
 }