attempt($credentials); * * @var array> */ public array $groups = []; /** * -------------------------------------------------------------------- * Permissions * -------------------------------------------------------------------- * The available permissions in the system. Each system is defined * where the key is the * * If a permission is not listed here it cannot be used. * * @var array */ public array $permissions = []; /** * -------------------------------------------------------------------- * Permissions Matrix * -------------------------------------------------------------------- * Maps permissions to groups. * @var array> */ public array $matrix = []; /** * @var array> */ public array $instanceGroups = []; /** * @var array */ public array $instancePermissions = []; /** * @var array> */ public array $podcastGroups = []; /** * @var array */ public array $podcastPermissions = []; /** * @var string[] */ public array $instanceBaseGroups = ['superadmin', 'manager', 'podcaster']; /** * @var string[] */ public array $instanceBasePermissions = [ 'admin.access', 'admin.settings', 'users.manage', 'persons.manage', 'pages.manage', 'podcasts.view', 'podcasts.create', 'podcasts.import', 'fediverse.manage-blocks', ]; /** * @var array> */ public array $instanceMatrix = [ 'superadmin' => [ 'admin.*', 'podcasts.*', 'users.manage', 'persons.manage', 'pages.manage', 'fediverse.manage-blocks', ], 'manager' => ['podcasts.create', 'podcasts.import', 'persons.manage', 'pages.manage'], 'podcaster' => ['admin.access'], ]; /** * @var string[] */ public array $podcastBaseGroups = ['admin', 'editor', 'author', 'guest']; /** * @var string[] */ public array $podcastBasePermissions = [ 'view', 'edit', 'delete', 'manage-import', 'manage-persons', 'manage-subscriptions', 'manage-contributors', 'manage-platforms', 'manage-publications', 'manage-notifications', 'interact-as', 'episodes.view', 'episodes.create', 'episodes.edit', 'episodes.delete', 'episodes.manage-persons', 'episodes.manage-clips', 'episodes.manage-publications', 'episodes.manage-comments', ]; /** * @var array */ public array $podcastMatrix = [ 'admin' => ['*'], 'editor' => [ 'view', 'edit', 'manage-import', 'manage-persons', 'manage-platforms', 'manage-publications', 'interact-as', 'episodes.view', 'episodes.create', 'episodes.edit', 'episodes.delete', 'episodes.manage-persons', 'episodes.manage-clips', 'episodes.manage-publications', 'episodes.manage-comments', 'episodes.manage-notifications', ], 'author' => [ 'view', 'manage-persons', 'episodes.view', 'episodes.create', 'episodes.edit', 'episodes.manage-persons', 'episodes.manage-clips', ], 'guest' => ['view', 'episodes.view'], ]; /** * Fill groups, permissions and matrix based on */ public function __construct($locale = null) { parent::__construct(); foreach ($this->instanceBaseGroups as $group) { $this->instanceGroups[$group] = [ 'title' => lang("Auth.instance_groups.{$group}.title"), 'description' => lang("Auth.instance_groups.{$group}.description"), ]; } $this->groups = $this->instanceGroups; foreach ($this->instanceBasePermissions as $permission) { $this->instancePermissions[$permission] = lang("Auth.instance_permissions.{$permission}"); $this->permissions[$permission] = lang("Auth.instance_permissions.{$permission}"); } $this->matrix = $this->instanceMatrix; $this->generateBasePodcastAuthorizations(); /** * For each podcast, include podcast groups, permissions, and matrix into $groups, $permissions, and $matrix * attributes. */ $podcasts = (new PodcastModel())->findAll(); foreach ($podcasts as $podcast) { $this->generatePodcastAuthorizations($podcast->id, $locale); } } public function generateBasePodcastAuthorizations(): void { foreach ($this->podcastBaseGroups as $group) { $this->podcastGroups[$group] = [ 'title' => lang("Auth.podcast_groups.{$group}.title", [ 'id' => '{id}', ]), 'description' => lang("Auth.podcast_groups.{$group}.description", [ 'id' => '{id}', ]), ]; } foreach ($this->podcastBasePermissions as $permission) { $this->podcastPermissions[$permission] = lang("Auth.podcast_permissions.{$permission}", [ 'id' => '{id}', ]); $this->permissions[$permission] = lang("Auth.podcast_permissions.{$permission}", [ 'id' => '{id}', ]); } } public function generatePodcastAuthorizations(int $podcastId): void { foreach ($this->podcastBaseGroups as $group) { $podcastGroup = 'podcast#' . $podcastId . '-' . $group; $this->groups[$podcastGroup] = [ 'title' => lang("Auth.podcast_groups.{$group}.title", [ 'id' => $podcastId, ]), 'description' => lang("Auth.podcast_groups.{$group}.description", [ 'id' => $podcastId, ]), ]; } foreach ($this->podcastBasePermissions as $permission) { $podcastPermission = 'podcast#' . $podcastId . '.' . $permission; $this->permissions[$podcastPermission] = lang("Auth.podcast_permissions.{$permission}", [ 'id' => $podcastId, ]); } foreach ($this->podcastMatrix as $group => $permissionWildcards) { $podcastGroup = 'podcast#' . $podcastId . '-' . $group; foreach ($permissionWildcards as $permissionWildcard) { $podcastPermissionWildcard = 'podcast#' . $podcastId . '.' . $permissionWildcard; $this->matrix[$podcastGroup][] = $podcastPermissionWildcard; } } } }