fleetbase · roncodes · Aug 30, 2024 · Aug 13, 2024 · Aug 15, 2024 · Aug 15, 2024
diff --git a/composer.json b/composer.json
@@ -1,6 +1,6 @@
 {
     "name": "fleetbase/core-api",
-    "version": "1.5.1",
+    "version": "1.5.3",
     "description": "Core Framework and Resources for Fleetbase API",
     "keywords": [
         "fleetbase",
@@ -19,7 +19,7 @@
     ],
     "require": {
         "php": "^8.0",
-        "aloha/twilio": "^5.0",
+        "fleetbase/twilio": "^5.0.1",
         "aws/aws-sdk-php-laravel": "^3.7",
         "fleetbase/laravel-mysql-spatial": "^1.0.2",
         "genealabs/laravel-model-caching": "dev-fix/handle-datetime-values",

diff --git a/migrations/2024_08_27_063135_add_service_column_to_authorization_tables.php b/migrations/2024_08_27_063135_add_service_column_to_authorization_tables.php
@@ -0,0 +1,46 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class() extends Migration {
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::table('permissions', function (Blueprint $table) {
+            $table->string('service')->nullable()->index()->after('guard_name');
+        });
+
+        Schema::table('policies', function (Blueprint $table) {
+            $table->string('service')->nullable()->index()->after('guard_name');
+        });
+
+        Schema::table('roles', function (Blueprint $table) {
+            $table->string('service')->nullable()->index()->after('guard_name');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::table('permissions', function (Blueprint $table) {
+            $table->dropIndex(['service']);
+            $table->dropColumn('service');
+        });
+
+        Schema::table('policies', function (Blueprint $table) {
+            $table->dropIndex(['service']);
+            $table->dropColumn('service');
+        });
+
+        Schema::table('roles', function (Blueprint $table) {
+            $table->dropIndex(['service']);
+            $table->dropColumn('service');
+        });
+    }
+};
diff --git a/migrations/2024_08_27_090558_create_directives_table.php b/migrations/2024_08_27_090558_create_directives_table.php
@@ -0,0 +1,35 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class() extends Migration {
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::create('directives', function (Blueprint $table) {
+            $table->increments('id');
+            $table->uuid('uuid')->nullable()->index();
+            $table->foreignUuid('company_uuid')->nullable()->index()->references('uuid')->on('companies');
+            $table->foreignUuid('permission_uuid')->nullable()->index()->references('id')->on('permissions');
+            $table->string('subject_type')->nullable();
+            $table->uuid('subject_uuid')->nullable();
+            $table->index(['subject_type', 'subject_uuid']);
+            $table->mediumText('key')->nullable();
+            $table->json('rules')->nullable();
+            $table->timestamps();
+            $table->softDeletes();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::dropIfExists('directives');
+    }
+};
diff --git a/seeders/PermissionSeeder.php b/seeders/PermissionSeeder.php
@@ -2,12 +2,8 @@
 
 namespace Fleetbase\Seeders;
 
-use Fleetbase\Models\Permission;
-use Fleetbase\Models\Policy;
-use Fleetbase\Support\Utils;
 use Illuminate\Database\Seeder;
-use Illuminate\Support\Facades\Schema;
-use Illuminate\Support\Str;
+use Illuminate\Support\Facades\Artisan;
 
 class PermissionSeeder extends Seeder
 {
@@ -18,210 +14,6 @@ class PermissionSeeder extends Seeder
      */
     public function run()
     {
-        Schema::disableForeignKeyConstraints();
-        Permission::truncate();
-        Policy::truncate();
-
-        $actions = ['create', 'update', 'delete', 'view', 'list'];
-        $schemas = Utils::getAuthSchemas();
-
-        foreach ($schemas as $schema) {
-            $service     = $schema->name;
-            $resources   = $schema->resources ?? [];
-            $permissions = $schema->permissions ?? null;
-            $guard       = 'web';
-
-            // first create a wilcard permission for the entire schema
-            $administratorPolicy = Policy::firstOrCreate(
-                [
-                    'name'        => 'AdministratorAccess',
-                    'guard_name'  => $guard,
-                    'description' => 'Provides full access to Fleetbase extensions and resources.',
-                ]
-            );
-
-            $permission = Permission::firstOrCreate(
-                [
-                    'name'       => $service . ' *',
-                    'guard_name' => $guard,
-                ],
-                [
-                    'name'       => $service . ' *',
-                    'guard_name' => $guard,
-                ]
-            );
-
-            // add wildcard permissions to administrator access policy
-            try {
-                $administratorPolicy->givePermissionTo($permission);
-            } catch (\Spatie\Permission\Exceptions\GuardDoesNotMatch $e) {
-                dd($e->getMessage());
-            }
-
-            // output message for permissions creation
-            // $this->output('Created (' . $guard . ') permission: ' . $permission->name);
-
-            // check if schema has direct permissions to add
-            if (is_array($permissions)) {
-                foreach ($permissions as $action) {
-                    $permission = Permission::firstOrCreate(
-                        [
-                            'name'       => $service . ' ' . $action,
-                            'guard_name' => $guard,
-                        ],
-                        [
-                            'name'       => $service . ' ' . $action,
-                            'guard_name' => $guard,
-                        ]
-                    );
-
-                    // add wildcard permissions to administrator access policy
-                    try {
-                        $administratorPolicy->givePermissionTo($permission);
-                    } catch (\Spatie\Permission\Exceptions\GuardDoesNotMatch $e) {
-                        dd($e->getMessage());
-                    }
-
-                    // output message for permissions creation
-                    // $this->output('Created (' . $guard . ') permission: ' . $permission->name);
-                }
-            }
-
-            // create a resource policy for full access
-            $fullAccessPolicy = Policy::firstOrCreate(
-                [
-                    'name'       => Str::studly(data_get($schema, 'policyName')) . 'FullAccess',
-                    'guard_name' => $guard,
-                ],
-                [
-                    'name'        => Str::studly(data_get($schema, 'policyName')) . 'FullAccess',
-                    'description' => 'Provides full access to ' . Str::studly(data_get($schema, 'policyName')) . '.',
-                    'guard_name'  => $guard,
-                ]
-            );
-
-            // create a resource policy for read-only access
-            $readOnlyPolicy = Policy::firstOrCreate(
-                [
-                    'name'       => Str::studly(data_get($schema, 'policyName')) . 'FullAccess',
-                    'guard_name' => $guard,
-                ],
-                [
-                    'name'        => Str::studly(data_get($schema, 'policyName')) . 'FullAccess',
-                    'description' => 'Provides read-only access to ' . Str::studly(data_get($schema, 'policyName')) . '.',
-                    'guard_name'  => $guard,
-                ]
-            );
-
-            // create wilcard permission for service and all resources
-            foreach ($resources as $resource) {
-                // create a resource policy for full access
-                $resourceFullAccessPolicy = Policy::firstOrCreate(
-                    [
-                        'name'       => Str::studly(data_get($schema, 'policyName')) . Str::studly(data_get($resource, 'name')) . 'FullAccess',
-                        'guard_name' => $guard,
-                    ],
-                    [
-                        'name'        => Str::studly(data_get($schema, 'policyName')) . Str::studly(data_get($resource, 'name')) . 'FullAccess',
-                        'description' => 'Provides full access to ' . Str::studly(data_get($schema, 'policyName')) . ' ' . Str::plural(data_get($resource, 'name')) . '.',
-                        'guard_name'  => $guard,
-                    ]
-                );
-
-                // create a resource policy for read-only access
-                $resourceReadOnlyPolicy = Policy::firstOrCreate(
-                    [
-                        'name'       => Str::studly(data_get($schema, 'policyName')) . Str::studly(data_get($resource, 'name')) . 'FullAccess',
-                        'guard_name' => $guard,
-                    ],
-                    [
-                        'name'        => Str::studly(data_get($schema, 'policyName')) . Str::studly(data_get($resource, 'name')) . 'FullAccess',
-                        'description' => 'Provides read-only access to ' . Str::studly(data_get($schema, 'policyName')) . ' ' . Str::plural(data_get($resource, 'name')) . '.',
-                        'guard_name'  => $guard,
-                    ]
-                );
-
-                $permission = Permission::firstOrCreate(
-                    [
-                        'name'       => $service . ' * ' . data_get($resource, 'name'),
-                        'guard_name' => $guard,
-                    ],
-                    [
-                        'name'       => $service . ' * ' . data_get($resource, 'name'),
-                        'guard_name' => $guard,
-                    ]
-                );
-
-                // add wildcard permissions to full access policy
-                try {
-                    $fullAccessPolicy->givePermissionTo($permission);
-                } catch (\Spatie\Permission\Exceptions\GuardDoesNotMatch $e) {
-                    dd($e->getMessage());
-                }
-                try {
-                    $resourceFullAccessPolicy->givePermissionTo($permission);
-                } catch (\Spatie\Permission\Exceptions\GuardDoesNotMatch $e) {
-                    dd($e->getMessage());
-                }
-
-                // output message for permissions creation
-                // $this->output('Created (' . $guard . ') permission: ' . $permission->name);
-
-                // create action permissions
-                $resourceActions = array_merge($actions, data_get($resource, 'actions', []));
-
-                // if some actions should be excluded
-                if (is_array(data_get($resource, 'remove_actions', null))) {
-                    foreach (data_get($resource, 'remove_actions') as $remove) {
-                        if (($key = array_search($remove, $actions)) !== false) {
-                            unset($actions[$key]);
-                        }
-                    }
-                }
-
-                // create action permissions
-                foreach ($resourceActions as $action) {
-                    $permission = Permission::firstOrCreate(
-                        [
-                            'name'       => $service . ' ' . $action . ' ' . data_get($resource, 'name'),
-                            'guard_name' => $guard,
-                        ],
-                        [
-                            'name'       => $service . ' ' . $action . ' ' . data_get($resource, 'name'),
-                            'guard_name' => $guard,
-                        ]
-                    );
-
-                    // add the permission to the read only policy
-                    if ($action === 'view' || $action === 'list') {
-                        try {
-                            $readOnlyPolicy->givePermissionTo($permission);
-                        } catch (\Spatie\Permission\Exceptions\GuardDoesNotMatch $e) {
-                            dd($e->getMessage());
-                        }
-                        try {
-                            $resourceReadOnlyPolicy->givePermissionTo($permission);
-                        } catch (\Spatie\Permission\Exceptions\GuardDoesNotMatch $e) {
-                            dd($e->getMessage());
-                        }
-                    }
-
-                    // output message for permissions creation
-                    // $this->output('Created (' . $guard . ') permission: ' . $permission->name);
-                }
-            }
-        }
-
-        Schema::enableForeignKeyConstraints();
-    }
-
-    /**
-     * Simple echo to output to CLI.
-     */
-    public function output(string $line = ''): void
-    {
-        if (app()->runningInConsole()) {
-            echo $line . PHP_EOL;
-        }
+        Artisan::call('fleetbase:create-permissions');
     }
 }
diff --git a/src/Attributes/SkipAuthorizationCheck.php b/src/Attributes/SkipAuthorizationCheck.php
@@ -0,0 +1,8 @@
+<?php
+
+namespace Fleetbase\Attributes;
+
+#[\Attribute(\Attribute::TARGET_METHOD)]
+class SkipAuthorizationCheck
+{
+}