Add permission allowed for user type check function
This commit is contained in:
parent
ac11617655
commit
686c42ae07
1 changed files with 27 additions and 0 deletions
|
@ -53,4 +53,31 @@ class PermissionsProcessor
|
|||
}
|
||||
return $permissions;
|
||||
}
|
||||
|
||||
public static function allowedForUserType(?array $permissions): bool
|
||||
{
|
||||
if (\is_null($permissions)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Users can only manage their own roles, API keys and Admin users can manage any
|
||||
$roles = Authorization::getRoles();
|
||||
|
||||
if (!Auth::isAppUser($roles) && !Auth::isPrivilegedUser($roles)) {
|
||||
foreach (Database::PERMISSIONS as $type) {
|
||||
foreach ($permissions as $permission) {
|
||||
if (!\str_starts_with($permission, $type)) {
|
||||
continue;
|
||||
}
|
||||
$matches = \explode(',', \str_replace([$type, '(', ')', ' '], '', $permission));
|
||||
foreach ($matches as $role) {
|
||||
if (!Authorization::isRole($role)) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue