154 lines
4.7 KiB
PHP
154 lines
4.7 KiB
PHP
<?php
|
|
|
|
namespace App\Models;
|
|
|
|
use Illuminate\Database\Eloquent\Model;
|
|
use Illuminate\Database\Eloquent\Factories\HasFactory;
|
|
use Illuminate\Support\Facades\Cache;
|
|
use Illuminate\Support\Facades\Log;
|
|
|
|
class DocumentManagerPermission extends Model
|
|
{
|
|
use HasFactory;
|
|
|
|
protected $table = 'document_manager_permissions';
|
|
|
|
protected $fillable = [
|
|
'user_level',
|
|
'folder_path',
|
|
'permission_type',
|
|
'is_allowed'
|
|
];
|
|
|
|
protected $casts = [
|
|
'is_allowed' => 'boolean',
|
|
];
|
|
|
|
/**
|
|
* Get permissions for a specific user level and folder (with caching)
|
|
*/
|
|
public static function getUserFolderPermissions($userLevel, $folderPath)
|
|
{
|
|
$cacheKey = "doc_perms_{$userLevel}_{$folderPath}";
|
|
|
|
return Cache::remember($cacheKey, 3600, function() use ($userLevel, $folderPath) {
|
|
return self::where('user_level', $userLevel)
|
|
->where('folder_path', $folderPath)
|
|
->where('is_allowed', true)
|
|
->pluck('permission_type')
|
|
->toArray();
|
|
});
|
|
}
|
|
|
|
/**
|
|
* Check if user has specific permission for folder (with caching)
|
|
*/
|
|
public static function hasPermission($userLevel, $folderPath, $permissionType)
|
|
{
|
|
$cacheKey = "doc_perm_check_{$userLevel}_{$folderPath}_{$permissionType}";
|
|
|
|
return Cache::remember($cacheKey, 3600, function() use ($userLevel, $folderPath, $permissionType) {
|
|
return self::where('user_level', $userLevel)
|
|
->where('folder_path', $folderPath)
|
|
->where('permission_type', $permissionType)
|
|
->where('is_allowed', true)
|
|
->exists();
|
|
});
|
|
}
|
|
|
|
/**
|
|
* Get all permissions for a user level (with caching)
|
|
* Returns both allowed and denied permissions to handle inheritance correctly
|
|
*/
|
|
public static function getUserLevelPermissions($userLevel)
|
|
{
|
|
$cacheKey = "doc_perms_user_{$userLevel}";
|
|
|
|
return Cache::remember($cacheKey, 3600, function() use ($userLevel) {
|
|
return self::where('user_level', $userLevel)
|
|
// Removed where('is_allowed', true) to allow checking for explicit denies
|
|
->get()
|
|
->groupBy('folder_path');
|
|
});
|
|
}
|
|
|
|
/**
|
|
* Get all folder paths that have permissions
|
|
*/
|
|
public static function getFolderPaths()
|
|
{
|
|
return self::distinct()
|
|
->pluck('folder_path')
|
|
->toArray();
|
|
}
|
|
|
|
/**
|
|
* Get all user levels that have permissions
|
|
*/
|
|
public static function getUserLevels()
|
|
{
|
|
return self::distinct()
|
|
->pluck('user_level')
|
|
->toArray();
|
|
}
|
|
|
|
/**
|
|
* Clear cache for specific user level
|
|
*/
|
|
public static function clearUserLevelCache($userLevel)
|
|
{
|
|
$cacheKeys = [
|
|
"doc_perms_user_{$userLevel}",
|
|
"doc_perms_{$userLevel}_*",
|
|
"doc_perm_check_{$userLevel}_*"
|
|
];
|
|
|
|
foreach ($cacheKeys as $pattern) {
|
|
if (strpos($pattern, '*') !== false) {
|
|
// Clear pattern-based cache keys
|
|
Cache::flush();
|
|
break;
|
|
} else {
|
|
Cache::forget($pattern);
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Clear all document manager permission caches
|
|
*/
|
|
public static function clearAllCaches()
|
|
{
|
|
Cache::flush();
|
|
}
|
|
|
|
/**
|
|
* Clear cache when permissions are updated
|
|
* @param string $userLevel - User level to clear cache for
|
|
* @param string|null $folderPath - Specific folder path to clear (optional)
|
|
*/
|
|
public static function clearPermissionCache($userLevel, $folderPath = null)
|
|
{
|
|
if ($folderPath) {
|
|
// Clear specific folder cache
|
|
Cache::forget("doc_perms_{$userLevel}_{$folderPath}");
|
|
Cache::forget("doc_perms_user_{$userLevel}");
|
|
|
|
// Clear all permission checks for this folder
|
|
$permissionTypes = ['read', 'write', 'edit'];
|
|
foreach ($permissionTypes as $type) {
|
|
Cache::forget("doc_perm_check_{$userLevel}_{$folderPath}_{$type}");
|
|
}
|
|
|
|
Log::info("Permission cache cleared for specific folder", [
|
|
'user_level' => $userLevel,
|
|
'folder_path' => $folderPath
|
|
]);
|
|
} else {
|
|
// Clear all cache for user level
|
|
self::clearUserLevelCache($userLevel);
|
|
Log::info("Permission cache cleared for user level", ['user_level' => $userLevel]);
|
|
}
|
|
}
|
|
}
|