initial commit

Author: Marcin Stodulski

.gitignore

@@ -0,0 +1,6 @@
+tests/.phpunit.cache
+/composer.phar
+/composer
+/composer.lock
+/.idea/**
+/vendor/

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 mstodulski
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

composer.json

@@ -0,0 +1,23 @@
+{
+	"name": "mstodulski/rbac-with-permissions",
+	"license": "MIT",
+	"description": "",
+	"require": {
+		"php": ">=8.1",
+		"phpunit/phpunit": "9.5.*"
+	},
+	"keywords": ["rbac", "permissions"],
+	"homepage": "https://devsprint.pl",
+	"authors": [
+		{
+			"name": "Marcin Stodulski",
+			"homepage": "https://devsprint.pl",
+			"role": "Developer"
+		}
+	],
+	"autoload": {
+		"psr-4": {
+			"mstodulski\\RbacWithPermissions\\": "src"
+		}
+	}
+}

src/entities/Permission.php

@@ -0,0 +1,50 @@
+<?php
+/**
+ * This file is part of the EasySoft package.
+ *
+ * (c) Marcin Stodulski <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace mstodulski\RbacWithPermissions\entities;
+
+use mstodulski\RbacWithPermissions\interfaces\PermissionInterface;
+
+class Permission implements PermissionInterface
+{
+    private ?self $parent = null;
+    private string $code = '';
+    private string $name = '';
+
+    public function setCode(string $code): void
+    {
+        $this->code = $code;
+    }
+
+    public function getCode(): string
+    {
+        return $this->code;
+    }
+
+    public function getName(): string
+    {
+        return $this->name;
+    }
+
+    public function setName(string $name): void
+    {
+        $this->name = $name;
+    }
+
+    public function getParent(): ?PermissionInterface
+    {
+        return $this->parent;
+    }
+
+    public function setParent(?PermissionInterface $parent): void
+    {
+        $this->parent = $parent;
+    }
+}

src/entities/Role.php

@@ -0,0 +1,79 @@
+<?php
+/**
+ * This file is part of the EasySoft package.
+ *
+ * (c) Marcin Stodulski <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace mstodulski\RbacWithPermissions\entities;
+
+use mstodulski\RbacWithPermissions\interfaces\PermissionInterface;
+use mstodulski\RbacWithPermissions\interfaces\RoleInterface;
+
+class Role implements RoleInterface
+{
+    private string $code = '';
+    private ?self $parent = null;
+    private string $name = '';
+    /** @var $permissions PermissionInterface[] */
+    private array $permissions = [];
+    private bool $hasAllPermissions = false;
+
+    public function getCode(): string
+    {
+        return $this->code;
+    }
+
+    public function setCode(string $code): void
+    {
+        $this->code = $code;
+    }
+
+    public function getName(): string
+    {
+        return $this->name;
+    }
+
+    public function setName(string $name): void
+    {
+        $this->name = $name;
+    }
+
+    public function getParent(): ?RoleInterface
+    {
+        return $this->parent;
+    }
+
+    public function setParent(?RoleInterface $parent): void
+    {
+        $this->parent = $parent;
+    }
+
+    public function getPermissions(): array
+    {
+        return $this->permissions;
+    }
+
+    public function setPermissions(array $permissions): void
+    {
+        $this->permissions = $permissions;
+    }
+
+    public function addPermission(PermissionInterface $permission)
+    {
+        $this->permissions[$permission->getCode()] = $permission;
+    }
+
+    public function isHasAllPermissions(): bool
+    {
+        return $this->hasAllPermissions;
+    }
+
+    public function setHasAllPermissions(bool $hasAllPermissions): void
+    {
+        $this->hasAllPermissions = $hasAllPermissions;
+    }
+}

src/interfaces/PermissionInterface.php

@@ -0,0 +1,17 @@
+<?php
+/**
+ * This file is part of the EasySoft package.
+ *
+ * (c) Marcin Stodulski <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace mstodulski\RbacWithPermissions\interfaces;
+
+interface PermissionInterface
+{
+    public function getParent(): ?PermissionInterface;
+    public function getCode(): string;
+}

src/interfaces/RoleInterface.php

@@ -0,0 +1,19 @@
+<?php
+/**
+ * This file is part of the EasySoft package.
+ *
+ * (c) Marcin Stodulski <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace mstodulski\RbacWithPermissions\interfaces;
+
+interface RoleInterface
+{
+    public function getParent(): ?RoleInterface;
+    public function getCode(): string;
+    public function getPermissions(): array;
+    public function isHasAllPermissions(): bool;
+}

src/services/Authorization.php

@@ -0,0 +1,150 @@
+<?php
+/**
+ * This file is part of the EasySoft package.
+ *
+ * (c) Marcin Stodulski <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace mstodulski\RbacWithPermissions\services;
+
+use mstodulski\RbacWithPermissions\interfaces\PermissionInterface;
+use mstodulski\RbacWithPermissions\interfaces\RoleInterface;
+
+class Authorization {
+
+    private array $roles = [];
+    private array $permissions = [];
+    private array $rolesTree = [];
+    private array $permissionsTree = [];
+    private array $permissionsForRoles = [];
+
+    public function defineRoles(RoleInterface ...$roles) : void
+    {
+        $this->roles = $roles;
+    }
+
+    public function definePermissions(PermissionInterface ...$permissions) : void
+    {
+        $this->permissions = $permissions;
+    }
+
+    public function processRolesAndPermissions() : void
+    {
+        $this->rolesTree = $this->buildTree($this->roles);
+        $this->permissionsTree = $this->buildTree($this->permissions);
+    }
+
+    public function rolesHasPermission(array $roles, string $permissionCode) : bool
+    {
+        /** @var RoleInterface $role */
+        foreach ($roles as $role)  {
+            if ($this->roleHasPermission($role, $permissionCode)) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    public function roleHasPermission(RoleInterface $role, $permissionCode): bool
+    {
+        if ($role->isHasAllPermissions()) {
+            return true;
+        } else {
+            if (isset($this->permissionsForRoles[$role->getCode()])) {
+                $permissionsArray = $this->permissionsForRoles[$role->getCode()];
+            } else {
+                [, $permissionsArray] = $this->getAllSubRolesAndPermissionsForRole($role);
+                $this->permissionsForRoles[$role->getCode()] = $permissionsArray;
+            }
+
+            return in_array($permissionCode, $permissionsArray);
+        }
+    }
+
+    public function setPermissionsTree(array $permissionsTree): void
+    {
+        $this->permissionsTree = $permissionsTree;
+    }
+
+    public function getPermissionsTree(): array
+    {
+        return $this->permissionsTree;
+    }
+
+    public function getAllSubRolesAndPermissionsForRole(RoleInterface $role): array
+    {
+        $rolesArray = [$role->getCode()];
+        $permissionsArray = [];
+        $this->getSubRolesCodes($rolesArray, $permissionsArray, $this->rolesTree);
+        $this->getSubPermissionsForPermissions($permissionsArray, $this->permissionsTree);
+
+        return [$rolesArray, $permissionsArray];
+    }
+
+    private function getSubPermissionsForPermissions(&$permissionsArray, $permissionsTree = null) : void
+    {
+        /** @var PermissionInterface $permission */
+        foreach ($permissionsTree as $permission) {
+            if (in_array($permission->getCode(), $permissionsArray)) {
+                if (isset($permission->children)) {
+                    /** @var PermissionInterface $childPermission */
+                    foreach ($permission->children as $childPermission) {
+                        $permissionsArray[$childPermission->getCode()] = $childPermission->getCode();
+                    }
+                }
+            }
+
+            if (isset($permission->children)) {
+                $this->getSubPermissionsForPermissions($permissionsArray, $permission->children);
+            }
+        }
+    }
+
+    private function getSubRolesCodes(&$rolesArray, &$permissionsArray, $rolesTree = null) : void
+    {
+        /** @var RoleInterface $role */
+        foreach ($rolesTree as $role) {
+            if (in_array($role->getCode(), $rolesArray)) {
+                foreach ($role->getPermissions() as $permission) {
+                    $permissionsArray[$permission->getCode()] = $permission->getCode();
+                }
+
+                if (isset($role->children)) {
+                    /** @var RoleInterface $childRole */
+                    foreach ($role->children as $childRole) {
+                        $rolesArray[] = $childRole->getCode();
+                        foreach ($childRole->getPermissions() as $permission) {
+                            $permissionsArray[$permission->getCode()] = $permission->getCode();
+                        }
+                    }
+                }
+            }
+
+            if (isset($role->children)) {
+                $this->getSubRolesCodes($rolesArray, $permissionsArray, $role->children);
+            }
+        }
+    }
+
+    private function buildTree(array $elements, $parentId = null): array
+    {
+        $branch = array();
+
+        /** @var RoleInterface|PermissionInterface $element */
+        foreach ($elements as $element) {
+            $elementParentId = ($element->getParent() !== null) ? $element->getParent()->getCode() : null;
+            if ($elementParentId == $parentId) {
+                $children = $this->buildTree($elements, $element->getCode());
+                if ($children) {
+                    $element->children = $children;
+                }
+                $branch[] = $element;
+            }
+        }
+
+        return $branch;
+    }
+}