Navigation and User Roles - validate role middleware

Author: bpocallaghan

README.md

@@ -10,6 +10,7 @@ A Laravel CMS Starter project with AdminLTE theme and core features.
 
 ### What is New?
 - [Impersonation](https://github.com/bpocallaghan/impersonate) When logged in, [go here](http://bpocallaghan.co.za/admin/settings/admin/users) and click on the 'impersonate user' action.
+- Roles (Assign a role to user and assign role to navigation. Can only see navigation for given role)
 
 ## Features / What it includes
 - Admin LTE admin theme

app/Http/Controllers/Admin/Settings/Admin/NavigationController.php

@@ -4,6 +4,7 @@
 
 use App\Http\Requests;
 use App\Models\Notification;
+use App\Models\Role;
 use Illuminate\Http\Request;
 use App\Models\NavigationAdmin;
 use Yajra\Datatables\Datatables;
@@ -30,8 +31,12 @@ public function index()
      */
     public function create()
     {
+        $roles = Role::getAllLists();
+        $parents = NavigationAdmin::getAllLists();
+
         return $this->view('settings.admin.navigation.add_edit')
-            ->with('parents', NavigationAdmin::getAllLists());
+            ->with('roles', $roles)
+            ->with('parents', $parents);
     }
 
     /**
@@ -44,14 +49,28 @@ public function store(Request $request)
     {
         $this->validate($request, NavigationAdmin::$rules, NavigationAdmin::$messages);
 
-        $inputs = $request->all();
+        $inputs = $request->only([
+            'icon',
+            'title',
+            'slug',
+            'description',
+            'help_index_title',
+            'help_index_content',
+            'help_create_title',
+            'help_create_content',
+            'help_edit_title',
+            'help_edit_content',
+            'parent_id',
+            'url_parent_id'
+        ]);
         $inputs['is_hidden'] = boolval($request->has('is_hidden'));
         $inputs['url_parent_id'] = ($inputs['url_parent_id'] == 0 ? $inputs['parent_id'] : $inputs['url_parent_id']);
 
         $row = $this->createEntry(NavigationAdmin::class, $inputs);
 
         if ($row) {
             $row->updateUrl()->save();
+            $row->roles()->attach(input('roles'));
         }
 
         return redirect_to_resource();
@@ -78,10 +97,12 @@ public function show($id)
      */
     public function edit($id)
     {
+        $roles = Role::getAllLists();
         $navigation = NavigationAdmin::findOrFail($id);
 
         return $this->view('settings.admin.navigation.add_edit')
             ->with('item', $navigation)
+            ->with('roles', $roles)
             ->with('parents', NavigationAdmin::getAllLists());
     }
 
@@ -96,12 +117,26 @@ public function update($id, Request $request)
     {
         $this->validate($request, NavigationAdmin::$rules, NavigationAdmin::$messages);
 
-        $inputs = $request->all();
+        $inputs = $request->only([
+            'icon',
+            'title',
+            'slug',
+            'description',
+            'help_index_title',
+            'help_index_content',
+            'help_create_title',
+            'help_create_content',
+            'help_edit_title',
+            'help_edit_content',
+            'parent_id',
+            'url_parent_id'
+        ]);
         $inputs['is_hidden'] = boolval($request->has('is_hidden'));
 
         $navigation = NavigationAdmin::findOrFail($id);
         $navigation = $this->updateEntry($navigation, $inputs);
         $navigation->updateUrl()->save();
+        $navigation->roles()->sync(input('roles'));
 
         return redirect_to_resource();
     }
@@ -134,7 +169,8 @@ public function getTableData()
         })->editColumn('is_hidden', function ($row) {
             return ($row->is_hidden == 1 ? 'Yes' : '');
         })->addColumn('action', function ($row) {
-            return action_row($this->selectedNavigation->url, $row->id, $row->title, ['edit', 'delete']);
+            return action_row($this->selectedNavigation->url, $row->id, $row->title,
+                ['edit', 'delete']);
         })->make(true);
     }
 
@@ -144,6 +180,6 @@ public function getTableData()
      */
     protected function getTableRows()
     {
-        return NavigationAdmin::with('parent')->get();
+        return NavigationAdmin::with('parent', 'roles')->get();
     }
 }

app/Http/Kernel.php

@@ -50,13 +50,14 @@ class Kernel extends HttpKernel
      * @var array
      */
     protected $routeMiddleware = [
-        'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
+        'auth'       => \Illuminate\Auth\Middleware\Authenticate::class,
         'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
-        'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
-        'can' => \Illuminate\Auth\Middleware\Authorize::class,
-        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
-        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
+        'bindings'   => \Illuminate\Routing\Middleware\SubstituteBindings::class,
+        'can'        => \Illuminate\Auth\Middleware\Authorize::class,
+        'guest'      => \App\Http\Middleware\RedirectIfAuthenticated::class,
+        'throttle'   => \Illuminate\Routing\Middleware\ThrottleRequests::class,
 
-        'auth.admin'      => \App\Http\Middleware\AuthenticateAdmin::class,
+        'role'       => \App\Http\Middleware\ValidateRole::class,
+        'auth.admin' => \App\Http\Middleware\AuthenticateAdmin::class,
     ];
 }

app/Http/Middleware/ValidateRole.php

@@ -0,0 +1,35 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use App\Models\NavigationAdmin;
+use Auth;
+use Closure;
+
+class ValidateRole
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request $request
+     * @param  \Closure                 $next
+     *
+     * @param                           $selectedNavigationId
+     * @return mixed
+     * @internal param null $guard
+     */
+    public function handle($request, Closure $next, $selectedNavigationId)
+    {
+        $selectedNavigation = NavigationAdmin::findOrFail($selectedNavigationId);
+
+        // check if user role is in navigation role
+        $userRoles = user()->getRolesList();
+        $navValid = $selectedNavigation->roles()->whereIn('roles.id', $userRoles)->first();
+
+        if (!$navValid) {
+            return redirect(user()->roles()->first()->slug);
+        }
+
+        return $next($request);
+    }
+}

app/Models/NavigationAdmin.php

@@ -6,24 +6,6 @@
 
 class NavigationAdmin extends TitanAdminNavigation
 {
-    /**
-     * Remove the ending '/'
-     * @return string
-     */
-    public function getUrlAttribute()
-    {
-        return rtrim($this->attributes['url'], '/');
-    }
-
-    /**
-     * Get the roles
-     * @return \Eloquent
-     */
-    public function roles()
-    {
-        return $this->belongsToMany(Role::class, 'navigation_admin_role')->withTimestamps();
-    }
-
     /**
      * Get all the rows as an array (ready for dropdowns)
      *

app/Models/Role.php

@@ -9,13 +9,18 @@ class Role extends TitanCMSModel
 {
     use SoftDeletes;
 
-    public static $BASIC = 'basic'; // 1
+    // basic website
+    public static $BASIC = 'website'; // 1
 
-    // Admin - Developer / access to everything
+    // basic admin
     public static $ADMIN = 'admin'; // 2
 
-    // Super Admin - Developer / access to everything
-    public static $DEVELOPER = 'developer'; // 3
+    // admin + analytics
+    public static $ANALYTICS = 'analytics'; // 3
+
+    public static $ADMIN_SUPER = 'admin_super'; // 4
+
+    public static $DEVELOPER = 'developer'; // 5
 
     protected $table = 'roles';
 
@@ -33,13 +38,18 @@ public function getIconTitleAttribute()
         return '<i class="fa fa-' . $this->attributes['icon'] . '"</i> ' . $this->attributes['title'];
     }
 
+    public function getTitleSlugAttribute()
+    {
+        return $this->attributes['title'] . ' (' . $this->attributes['slug'] . ')';
+    }
+
     /**
      * Get all the rows as an array (ready for dropdowns)
      *
      * @return array
      */
     public static function getAllLists()
     {
-    	return self::orderBy('level')->get()->pluck('title', 'id')->toArray();
+        return self::orderBy('title')->get()->pluck('title', 'id')->toArray();
     }
 }

database/migrations/2014_10_12_000000_create_users_table.php

@@ -22,7 +22,6 @@ public function up()
             $table->string('image')->nullable();
             $table->string('gender', 10)->nullable();
             $table->date('born_at')->nullable();
-            $table->integer('security_level')->default(1);
             $table->string('password', 60)->nullable();
             $table->timestamp('password_updated_at')->nullable();
             $table->rememberToken();

database/migrations/2017_06_19_122044_create_roles_table.php

@@ -19,7 +19,6 @@ public function up()
             $table->string('slug', 50);
             $table->string('keyword', 50)->unique();
             $table->string('summary')->nullable();
-            $table->integer('level');
             $table->timestamps();
             $table->softDeletes();
             $table->integer('created_by')->unsigned();

database/seeds/NavigationAdminTableSeeder.php

@@ -8,6 +8,7 @@ class NavigationAdminTableSeeder extends Seeder
     public function run()
     {
         NavigationAdmin::truncate();
+        DB::delete('TRUNCATE navigation_admin_role');
 
         $csvPath = database_path() . '/seeds/csv/' . 'navigation_admin.csv';
         $items = csv_to_array($csvPath);
@@ -34,7 +35,8 @@ public function run()
                 'updated_by'          => 1,
             ]);
 
-            $row->roles()->attach(2);
+            $roles = explode(',', $item['roles']);
+            $row->roles()->attach($roles);
         }
     }
 }

database/seeds/RoleTableSeeder.php

@@ -9,28 +9,42 @@ public function run()
     {
         Role::truncate();
 
+        // basic website only role
         Role::create([
             'icon'    => 'user',
-            'title'   => 'Basic',
+            'title'   => 'Website',
             'slug'    => '/',
-            'keyword' => 'basic',
-            'level'   => '1',
+            'keyword' => 'website',
         ]);
 
+        // basic admin role
         Role::create([
             'icon'    => 'user-secret',
-            'title'   => 'Admin',
-            'slug'    => 'admin',
+            'title'   => 'Basic Admin',
+            'slug'    => '/admin',
             'keyword' => 'admin',
-            'level'   => '10',
+        ]);
+
+        // admin and analytics
+        Role::create([
+            'icon'    => 'user-circle',
+            'title'   => 'Analytics',
+            'slug'    => '/admin',
+            'keyword' => 'analytics',
+        ]);
+
+        Role::create([
+            'icon'    => 'user-secret',
+            'title'   => 'Admin',
+            'slug'    => '/admin',
+            'keyword' => 'admin_super',
         ]);
 
         Role::create([
             'icon'    => 'universal-access',
             'title'   => 'Developer',
-            'slug'    => 'admin',
+            'slug'    => '/admin',
             'keyword' => 'developer',
-            'level'   => '20',
         ]);
     }
 }