Files
citrus-cms/app/Models/DocumentManagerPermission.php
T
2026-04-28 21:14:25 +03:00

154 lines
4.7 KiB
PHP

<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Support\Facades\Cache;
use Illuminate\Support\Facades\Log;
class DocumentManagerPermission extends Model
{
use HasFactory;
protected $table = 'document_manager_permissions';
protected $fillable = [
'user_level',
'folder_path',
'permission_type',
'is_allowed'
];
protected $casts = [
'is_allowed' => 'boolean',
];
/**
* Get permissions for a specific user level and folder (with caching)
*/
public static function getUserFolderPermissions($userLevel, $folderPath)
{
$cacheKey = "doc_perms_{$userLevel}_{$folderPath}";
return Cache::remember($cacheKey, 3600, function() use ($userLevel, $folderPath) {
return self::where('user_level', $userLevel)
->where('folder_path', $folderPath)
->where('is_allowed', true)
->pluck('permission_type')
->toArray();
});
}
/**
* Check if user has specific permission for folder (with caching)
*/
public static function hasPermission($userLevel, $folderPath, $permissionType)
{
$cacheKey = "doc_perm_check_{$userLevel}_{$folderPath}_{$permissionType}";
return Cache::remember($cacheKey, 3600, function() use ($userLevel, $folderPath, $permissionType) {
return self::where('user_level', $userLevel)
->where('folder_path', $folderPath)
->where('permission_type', $permissionType)
->where('is_allowed', true)
->exists();
});
}
/**
* Get all permissions for a user level (with caching)
* Returns both allowed and denied permissions to handle inheritance correctly
*/
public static function getUserLevelPermissions($userLevel)
{
$cacheKey = "doc_perms_user_{$userLevel}";
return Cache::remember($cacheKey, 3600, function() use ($userLevel) {
return self::where('user_level', $userLevel)
// Removed where('is_allowed', true) to allow checking for explicit denies
->get()
->groupBy('folder_path');
});
}
/**
* Get all folder paths that have permissions
*/
public static function getFolderPaths()
{
return self::distinct()
->pluck('folder_path')
->toArray();
}
/**
* Get all user levels that have permissions
*/
public static function getUserLevels()
{
return self::distinct()
->pluck('user_level')
->toArray();
}
/**
* Clear cache for specific user level
*/
public static function clearUserLevelCache($userLevel)
{
$cacheKeys = [
"doc_perms_user_{$userLevel}",
"doc_perms_{$userLevel}_*",
"doc_perm_check_{$userLevel}_*"
];
foreach ($cacheKeys as $pattern) {
if (strpos($pattern, '*') !== false) {
// Clear pattern-based cache keys
Cache::flush();
break;
} else {
Cache::forget($pattern);
}
}
}
/**
* Clear all document manager permission caches
*/
public static function clearAllCaches()
{
Cache::flush();
}
/**
* Clear cache when permissions are updated
* @param string $userLevel - User level to clear cache for
* @param string|null $folderPath - Specific folder path to clear (optional)
*/
public static function clearPermissionCache($userLevel, $folderPath = null)
{
if ($folderPath) {
// Clear specific folder cache
Cache::forget("doc_perms_{$userLevel}_{$folderPath}");
Cache::forget("doc_perms_user_{$userLevel}");
// Clear all permission checks for this folder
$permissionTypes = ['read', 'write', 'edit'];
foreach ($permissionTypes as $type) {
Cache::forget("doc_perm_check_{$userLevel}_{$folderPath}_{$type}");
}
Log::info("Permission cache cleared for specific folder", [
'user_level' => $userLevel,
'folder_path' => $folderPath
]);
} else {
// Clear all cache for user level
self::clearUserLevelCache($userLevel);
Log::info("Permission cache cleared for user level", ['user_level' => $userLevel]);
}
}
}