improved permissions

2025-12-23 17:43:36 -05:00
parent d8fa85a4a8
commit 205473a23f
2 changed files with 40 additions and 5 deletions
--- a/core/lib/Models/Identity/User.php
+++ b/core/lib/Models/Identity/User.php
@@ -21,21 +21,21 @@ class User
            $this->id = $data['uid'] ?? null; // 'uid' maps to 'id'
            $this->identity = $data['identity'] ?? null;
            $this->label = $data['label'] ?? null;
-            $this->roles = (array)$data['roles'] ?? [];
+            $this->roles = (array)($data['roles'] ?? []);
            $this->enabled = $data['enabled'] ?? null;
            $this->provider = $data['provider'] ?? null;
            $this->externalSubject = $data['external_subject'] ?? null;
            $this->initialLogin = $data['initial_login'] ?? null;
            $this->recentLogin = $data['recent_login'] ?? null;
-            $this->permissions = (array)$data['permissions'] ?? [];
+            $this->permissions = (array)($data['permissions'] ?? []);
        }

        if ($source === 'jwt') {
            $this->id = $data['identifier'] ?? null;
            $this->identity = $data['identity'] ?? null;
            $this->label = $data['label'] ?? null;
-            $this->roles = (array)$data['role'] ?? [];
-            $this->permissions = (array)$data['permissions'] ?? [];
+            $this->roles = (array)($data['role'] ?? []);
+            $this->permissions = (array)($data['permissions'] ?? []);
            $this->enabled = true;
        }

--- a/core/lib/Stores/UserStore.php
+++ b/core/lib/Stores/UserStore.php
@@ -62,7 +62,42 @@ class UserStore

    public function fetchByIdentifier(string $tenant, string $identifier): array | null
    {
-        $entry = $this->store->selectCollection('users')->findOne(['tid' => $tenant, 'uid' => $identifier]);
+        $pipeline = [
+            [
+                '$match' => [
+                    'tid' => $tenant,
+                    'uid' => $identifier
+                ]
+            ],
+            [
+                '$lookup' => [
+                    'from' => 'user_roles',
+                    'localField' => 'roles',
+                    'foreignField' => 'rid',
+                    'as' => 'role_details'
+                ]
+            ],
+            [
+                '$addFields' => [
+                    'permissions' => [
+                        '$reduce' => [
+                            'input' => [
+                                '$map' => [
+                                    'input' => '$role_details',
+                                    'as' => 'r',
+                                    'in' => [ '$ifNull' => ['$$r.permissions', []] ]
+                                ]
+                            ],
+                            'initialValue' => [],
+                            'in' => [ '$setUnion' => ['$$value', '$$this'] ]
+                        ]
+                    ]
+                ]
+            ],
+            [ '$unset' => 'role_details' ]
+        ];
+
+        $entry = $this->store->selectCollection('users')->aggregate($pipeline)->toArray()[0] ?? null;
        if (!$entry) { return null; }
        return (array)$entry;
    }