[Feature] Ability to assign user to role with model & id + cache improvements

src/Kodeine/Acl/Helper/Helper.php

@@ -93,7 +93,7 @@ protected function hasDelimiterToArray($str)
 
     /**
      * @param          $item
-     * @param callable $closure
+     * @param \Closure $closure
      * @return array
      */
     protected function mapArray($item, \Closure $closure)

src/Kodeine/Acl/Models/Eloquent/Role.php

@@ -51,11 +51,13 @@ function () {
      * Checks if the role has the given permission.
      *
      * @param string $permission
+     * @param string $model
+     * @param int    $reference_id
      * @param string $operator
      * @param array  $mergePermissions
      * @return bool
      */
-    public function can($permission, $operator = null, $mergePermissions = [])
+    public function can($permission, $model = '', $reference_id = 0, $operator = null, $mergePermissions = [])
     {
         $operator = is_null($operator) ? $this->parseOperator($permission) : $operator;
 
@@ -76,39 +78,90 @@ public function can($permission, $operator = null, $mergePermissions = [])
 
             $call = 'canWith' . ucwords($operator);
 
-            return $this->$call($permission, $permissions);
+            return $this->$call($permission, $permissions, $model, $reference_id);
         }
 
-        // validate single permission
-        return isset($permissions[$permission]) && $permissions[$permission] == true;
+        // Validate single permission.
+        $permission_model     = "{$permission}:{$model}";
+        $permission_reference = "{$permission}:{$model}:{$reference_id}";
+        $checks           = [
+            // If user have global permission.
+            $permission,
+            // If user have permission to this model.
+            $permission_model,
+            // If user have permission to this model and reference_id.
+            $permission_reference
+        ];
+        foreach ($checks as $c) {
+            if (isset($permissions[$c]) && $permissions[$c] == true) {
+                return true;
+            }
+        }
+
+        return false;
     }
 
     /**
-     * @param $permission
-     * @param $permissions
+     * @param string $permission
+     * @param array  $permissions
+     * @param string $model
+     * @param int    $reference_id
+     *
      * @return bool
      */
-    protected function canWithAnd($permission, $permissions)
+    protected function canWithAnd($permission, $permissions, $model = '', $reference_id = 0)
     {
         foreach ($permission as $check) {
-            if ( ! in_array($check, $permissions) || ! isset($permissions[$check]) || $permissions[$check] != true ) {
+            $permission_ok        = false;
+            $permission_model     = "{$check}:{$model}";
+            $permission_reference = "{$check}:{$model}:{$reference_id}";
+            $checks           = [
+                // If user have global permission.
+                $check,
+                // If user have permission to this model.
+                $permission_model,
+                // If user have permission to this model and reference_id.
+                $permission_reference
+            ];
+            foreach ($checks as $c) {
+                if (isset($permissions[$c]) && $permissions[$c] == true) {
+                    $permission_ok = true;
+                }
+            }
+            if ( ! $permission_ok) {
                 return false;
             }
         }
 
         return true;
     }
 
+
     /**
-     * @param $permission
-     * @param $permissions
+     * @param string $permission
+     * @param array  $permissions
+     * @param string $model
+     * @param int    $reference_id
+     *
      * @return bool
      */
-    protected function canWithOr($permission, $permissions)
+    protected function canWithOr($permission, $permissions, $model = '', $reference_id = 0)
     {
         foreach ($permission as $check) {
-            if ( in_array($check, $permissions) && isset($permissions[$check]) && $permissions[$check] == true ) {
-                return true;
+            $permission_model     = "{$check}:{$model}";
+            $permission_reference = "{$check}:{$model}:{$reference_id}";
+            $checks           = [
+                // If user have global permission.
+                $check,
+                // If user have permission to this model.
+                $permission_model,
+                // If user have permission to this model and reference_id.
+                $permission_reference
+            ];
+            foreach ($checks as $c) {
+                if (isset($permissions[$c]) && $permissions[$c] == true) {
+                    return true;
+                }
             }
         }
 

src/Kodeine/Acl/Traits/HasPermission.php

@@ -46,16 +46,24 @@ function () {
         // more permissive permission wins
         // if user has multiple roles we keep
         // true values.
-        foreach ($this->roles as $role) {
+        foreach ($this->roles()->get() as $role) {
+            $model_string = $role->pivot->model;
+            $reference_id = $role->pivot->reference_id;
+            $model_reference_key = '';
+            if ( ! empty($model_string) && !empty($reference_id)) {
+                $model_reference_key = "{$model_string}:{$reference_id}";
+            }
+
             foreach ($role->getPermissions() as $slug => $array) {
-                if ( array_key_exists($slug, $permissions) ) {
+                $permission_key = empty($model_reference_key) ? $slug : "{$slug}:{$model_reference_key}";
+                if ( array_key_exists($permission_key, $permissions) ) {
                     foreach ($array as $clearance => $value) {
-                        if( !array_key_exists( $clearance, $permissions[$slug] ) ) {
-                            ! $value ?: $permissions[$slug][$clearance] = true;
+                        if( !array_key_exists( $clearance, $permissions[$permission_key] ) ) {
+                            ! $value ?: $permissions[$permission_key][$clearance] = true;
                         }
                     }
                 } else {
-                    $permissions = array_merge($permissions, [$slug => $array]);
+                    $permissions = array_merge($permissions, [$permission_key => $array]);
                 }
             }
         }
@@ -66,11 +74,13 @@ function () {
     /**
      * Check if User has the given permission.
      *
-     * @param  string $permission
-     * @param  string $operator
+     * @param        $permission
+     * @param string $model_string
+     * @param int    $reference_id
+     * @param string $operator
      * @return bool
      */
-    public function can($permission, $operator = null)
+    public function can($permission, $model_string = '', $reference_id = 0, $operator = null)
     {
         // user permissions including
         // all of user role permissions
@@ -87,7 +97,7 @@ function () {
         // has user & role permissions
         $model = config('acl.role', 'Kodeine\Acl\Models\Eloquent\Role');
 
-        return (new $model)->can($permission, $operator, $merge);
+        return (new $model)->can($permission, $model_string, $reference_id, $operator, $merge);
     }
 
     /**

src/Kodeine/Acl/Traits/HasPermissionInheritance.php

@@ -15,7 +15,7 @@ trait HasPermissionInheritance
     public function getPermissionsInherited()
     {
         $rights = [];
-        $permissions = $this->permissions;
+        $permissions = $this->permissions()->get();
 
         // ntfs permissions
         // determine if ntfs is enabled
@@ -48,7 +48,7 @@ public function getPermissionsInherited()
             $merge = $permissions->where('name', $row->name);
             $merge = method_exists($merge, 'pluck') ? $merge->pluck('slug', 'name') : $merge->lists('slug', 'name');
 
-                // fix for l5.1 and backward compatibility.
+            // fix for l5.1 and backward compatibility.
             // lists() method should return as an array.
             $merge = $this->collectionAsArray($merge);