From 205473a23f5d1b007ee671ff4dbc7001dfe082ea Mon Sep 17 00:00:00 2001 From: root Date: Tue, 23 Dec 2025 17:43:36 -0500 Subject: [PATCH] improved permissions --- core/lib/Models/Identity/User.php | 8 +++---- core/lib/Stores/UserStore.php | 37 ++++++++++++++++++++++++++++++- 2 files changed, 40 insertions(+), 5 deletions(-) diff --git a/core/lib/Models/Identity/User.php b/core/lib/Models/Identity/User.php index 1ae0e83..1d3e252 100644 --- a/core/lib/Models/Identity/User.php +++ b/core/lib/Models/Identity/User.php @@ -21,21 +21,21 @@ class User $this->id = $data['uid'] ?? null; // 'uid' maps to 'id' $this->identity = $data['identity'] ?? null; $this->label = $data['label'] ?? null; - $this->roles = (array)$data['roles'] ?? []; + $this->roles = (array)($data['roles'] ?? []); $this->enabled = $data['enabled'] ?? null; $this->provider = $data['provider'] ?? null; $this->externalSubject = $data['external_subject'] ?? null; $this->initialLogin = $data['initial_login'] ?? null; $this->recentLogin = $data['recent_login'] ?? null; - $this->permissions = (array)$data['permissions'] ?? []; + $this->permissions = (array)($data['permissions'] ?? []); } if ($source === 'jwt') { $this->id = $data['identifier'] ?? null; $this->identity = $data['identity'] ?? null; $this->label = $data['label'] ?? null; - $this->roles = (array)$data['role'] ?? []; - $this->permissions = (array)$data['permissions'] ?? []; + $this->roles = (array)($data['role'] ?? []); + $this->permissions = (array)($data['permissions'] ?? []); $this->enabled = true; } diff --git a/core/lib/Stores/UserStore.php b/core/lib/Stores/UserStore.php index 16e92fd..aeff880 100644 --- a/core/lib/Stores/UserStore.php +++ b/core/lib/Stores/UserStore.php @@ -62,7 +62,42 @@ class UserStore public function fetchByIdentifier(string $tenant, string $identifier): array | null { - $entry = $this->store->selectCollection('users')->findOne(['tid' => $tenant, 'uid' => $identifier]); + $pipeline = [ + [ + '$match' => [ + 'tid' => $tenant, + 'uid' => $identifier + ] + ], + [ + '$lookup' => [ + 'from' => 'user_roles', + 'localField' => 'roles', + 'foreignField' => 'rid', + 'as' => 'role_details' + ] + ], + [ + '$addFields' => [ + 'permissions' => [ + '$reduce' => [ + 'input' => [ + '$map' => [ + 'input' => '$role_details', + 'as' => 'r', + 'in' => [ '$ifNull' => ['$$r.permissions', []] ] + ] + ], + 'initialValue' => [], + 'in' => [ '$setUnion' => ['$$value', '$$this'] ] + ] + ] + ] + ], + [ '$unset' => 'role_details' ] + ]; + + $entry = $this->store->selectCollection('users')->aggregate($pipeline)->toArray()[0] ?? null; if (!$entry) { return null; } return (array)$entry; }