laravel-roles/src/Traits/HasPermissions.php

<?php

namespace Blax\Roles\Traits;

use Illuminate\Support\Collection;
use Illuminate\Support\Facades\DB;

trait HasPermissions
{
    /**
     * Check if the entity has a specific permission.
     *
     * Supports hierarchical matching: having permission 'lection' also
     * grants 'lection.45', 'lection.foo.bar', etc. (parent acts as wildcard).
     */
    public function hasPermission(string $permission): bool
    {
        $allpermissions = $this->permissions();

        // Wildcard: '*' grants everything
        if ($allpermissions->contains('slug', '*')) {
            return true;
        }

        return $allpermissions->contains(function ($perm) use ($permission) {
            // Exact match
            if ($perm->slug === $permission) {
                return true;
            }

            // Hierarchical: permission 'lection' grants 'lection.45', 'lection.foo.bar', etc.
            if (str_starts_with($permission, $perm->slug . '.')) {
                return true;
            }

            return false;
        });
    }

    /**
     * Get permissions inherited through roles.
     *
     * Resolves: entity → role_members (get role IDs) → permission_members
     * where member_type is a Role → permissions.
     */
    public function rolePermissions(): Collection
    {
        $roleModel = config('roles.models.role');
        $permissionModel = config('roles.models.permission');
        $roleMemberTable = config('roles.table_names.role_member', 'role_members');
        $permMemberTable = config('roles.table_names.permission_member', 'permission_members');

        // Get role IDs this entity belongs to (via role_members)
        $roleIds = DB::table($roleMemberTable)
            ->where('member_id', $this->getKey())
            ->where('member_type', $this->getMorphClass())
            ->where(function ($q) {
                $q->whereNull('expires_at')->orWhere('expires_at', '>', now());
            })
            ->pluck('role_id');

        if ($roleIds->isEmpty()) {
            return collect();
        }

        // Get permission IDs assigned to those roles (roles are members in permission_members)
        $permissionIds = DB::table($permMemberTable)
            ->whereIn('member_id', $roleIds)
            ->where('member_type', $roleModel)
            ->where(function ($q) {
                $q->whereNull('expires_at')->orWhere('expires_at', '>', now());
            })
            ->pluck('permission_id')
            ->unique();

        if ($permissionIds->isEmpty()) {
            return collect();
        }

        return $permissionModel::whereIn('id', $permissionIds)->get();
    }

    /**
     * Get permissions directly assigned to this entity (via permission_members morphToMany).
     */
    public function individualPermissions()
    {
        return $this->morphToMany(
            config('roles.models.permission'),
            'member',
            config('roles.table_names.permission_member', 'permission_members')
        );
    }

    /**
     * Get all permissions: role-based + directly assigned, deduplicated.
     */
    public function permissions(): Collection
    {
        $rolePerms   = $this->rolePermissions();
        $directPerms = $this->individualPermissions()->get();

        return $rolePerms
            ->merge($directPerms)
            ->unique('id');
    }

    public function assignPermission($permission)
    {
        $permission_class = config('roles.models.permission');

        if (is_numeric($permission)) {
            $permission = $permission_class::find($permission);
        } elseif (is_string($permission)) {
            $permission = $permission_class::firstOrCreate([
                'slug' => $permission
            ]);
        }

        if (! ($permission instanceof $permission_class)) {
            throw new \InvalidArgumentException('Permission must be a string, numeric ID, or an instance of Permission.');
        }

        $this->individualPermissions()->syncWithoutDetaching($permission);

        return true;
    }

    public function removePermission($permission): bool
    {
        $permission_class = config('roles.models.permission');

        if (is_numeric($permission)) {
            $permission = $permission_class::find($permission);
        } elseif (is_string($permission)) {
            $permission = $permission_class::where('slug', $permission)->first();
        }

        if ($permission) {
            $this->individualPermissions()->detach($permission);
        }

        return true;
    }
}
A traits, I fields 2025-06-16 07:49:36 +00:00			`<?php`

			`namespace Blax\Roles\Traits;`

RMI permissions table/structure & has permission trait 2025-06-19 11:36:10 +00:00			`use Illuminate\Support\Collection;`
BF joints 2026-02-10 14:22:26 +00:00			`use Illuminate\Support\Facades\DB;`
RMI permissions table/structure & has permission trait 2025-06-19 11:36:10 +00:00
A traits, I fields 2025-06-16 07:49:36 +00:00			`trait HasPermissions`
			`{`
BF joints 2026-02-10 14:22:26 +00:00			`/**`
			`* Check if the entity has a specific permission.`
			`*`
			`* Supports hierarchical matching: having permission 'lection' also`
			`* grants 'lection.45', 'lection.foo.bar', etc. (parent acts as wildcard).`
			`*/`
IBF hasRoles 2025-06-19 12:45:06 +00:00			`public function hasPermission(string $permission): bool`
A traits, I fields 2025-06-16 07:49:36 +00:00			`{`
I has permissions trait 2025-07-10 08:29:53 +00:00			`$allpermissions = $this->permissions();`
RMI permissions table/structure & has permission trait 2025-06-19 11:36:10 +00:00
BF joints 2026-02-10 14:22:26 +00:00			`// Wildcard: '*' grants everything`
IBF hasRoles 2025-06-19 12:45:06 +00:00			`if ($allpermissions->contains('slug', '*')) {`
BF joints 2026-02-10 14:22:26 +00:00			`return true;`
RMI permissions table/structure & has permission trait 2025-06-19 11:36:10 +00:00			`}`

IBF hasRoles 2025-06-19 12:45:06 +00:00			`return $allpermissions->contains(function ($perm) use ($permission) {`
BF joints 2026-02-10 14:22:26 +00:00			`// Exact match`
			`if ($perm->slug === $permission) {`
			`return true;`
			`}`

			`// Hierarchical: permission 'lection' grants 'lection.45', 'lection.foo.bar', etc.`
			`if (str_starts_with($permission, $perm->slug . '.')) {`
			`return true;`
			`}`

			`return false;`
IBF hasRoles 2025-06-19 12:45:06 +00:00			`});`
			`}`
RMI permissions table/structure & has permission trait 2025-06-19 11:36:10 +00:00
BF joints 2026-02-10 14:22:26 +00:00			`/**`
			`* Get permissions inherited through roles.`
			`*`
			`* Resolves: entity → role_members (get role IDs) → permission_members`
			`* where member_type is a Role → permissions.`
			`*/`
			`public function rolePermissions(): Collection`
IBF hasRoles 2025-06-19 12:45:06 +00:00			`{`
BF joints 2026-02-10 14:22:26 +00:00			`$roleModel = config('roles.models.role');`
			`$permissionModel = config('roles.models.permission');`
			`$roleMemberTable = config('roles.table_names.role_member', 'role_members');`
			`$permMemberTable = config('roles.table_names.permission_member', 'permission_members');`

			`// Get role IDs this entity belongs to (via role_members)`
			`$roleIds = DB::table($roleMemberTable)`
			`->where('member_id', $this->getKey())`
			`->where('member_type', $this->getMorphClass())`
			`->where(function ($q) {`
			`$q->whereNull('expires_at')->orWhere('expires_at', '>', now());`
			`})`
			`->pluck('role_id');`

			`if ($roleIds->isEmpty()) {`
			`return collect();`
			`}`

			`// Get permission IDs assigned to those roles (roles are members in permission_members)`
			`$permissionIds = DB::table($permMemberTable)`
			`->whereIn('member_id', $roleIds)`
			`->where('member_type', $roleModel)`
			`->where(function ($q) {`
			`$q->whereNull('expires_at')->orWhere('expires_at', '>', now());`
			`})`
			`->pluck('permission_id')`
			`->unique();`

			`if ($permissionIds->isEmpty()) {`
			`return collect();`
			`}`

			`return $permissionModel::whereIn('id', $permissionIds)->get();`
IBF hasRoles 2025-06-19 12:45:06 +00:00			`}`
RMI permissions table/structure & has permission trait 2025-06-19 11:36:10 +00:00
BF joints 2026-02-10 14:22:26 +00:00			`/**`
			`* Get permissions directly assigned to this entity (via permission_members morphToMany).`
			`*/`
I has permissions trait 2025-07-10 08:29:53 +00:00			`public function individualPermissions()`
IBF hasRoles 2025-06-19 12:45:06 +00:00			`{`
			`return $this->morphToMany(`
			`config('roles.models.permission'),`
			`'member',`
BF joints 2026-02-10 14:22:26 +00:00			`config('roles.table_names.permission_member', 'permission_members')`
IBF hasRoles 2025-06-19 12:45:06 +00:00			`);`
RMI permissions table/structure & has permission trait 2025-06-19 11:36:10 +00:00			`}`

BF joints 2026-02-10 14:22:26 +00:00			`/**`
			`* Get all permissions: role-based + directly assigned, deduplicated.`
			`*/`
			`public function permissions(): Collection`
I has permissions trait 2025-07-10 08:29:53 +00:00			`{`
BF joints 2026-02-10 14:22:26 +00:00			`$rolePerms = $this->rolePermissions();`
BF relation 2025-07-10 08:31:51 +00:00			`$directPerms = $this->individualPermissions()->get();`
I has permissions trait 2025-07-10 08:29:53 +00:00
			`return $rolePerms`
			`->merge($directPerms)`
			`->unique('id');`
			`}`

I hasPermissions 2025-06-19 12:52:09 +00:00			`public function assignPermission($permission)`
RMI permissions table/structure & has permission trait 2025-06-19 11:36:10 +00:00			`{`
			`$permission_class = config('roles.models.permission');`

			`if (is_numeric($permission)) {`
			`$permission = $permission_class::find($permission);`
			`} elseif (is_string($permission)) {`
I hasPermissions 2025-06-19 13:08:49 +00:00			`$permission = $permission_class::firstOrCreate([`
			`'slug' => $permission`
			`]);`
IBF hasRoles 2025-06-19 12:45:06 +00:00			`}`

BF joints 2026-02-10 14:22:26 +00:00			`if (! ($permission instanceof $permission_class)) {`
RMI permissions table/structure & has permission trait 2025-06-19 11:36:10 +00:00			`throw new \InvalidArgumentException('Permission must be a string, numeric ID, or an instance of Permission.');`
			`}`

BF joints 2026-02-10 14:22:26 +00:00			`$this->individualPermissions()->syncWithoutDetaching($permission);`
RMI permissions table/structure & has permission trait 2025-06-19 11:36:10 +00:00
BF joints 2026-02-10 14:22:26 +00:00			`return true;`
RMI permissions table/structure & has permission trait 2025-06-19 11:36:10 +00:00			`}`

			`public function removePermission($permission): bool`
			`{`
			`$permission_class = config('roles.models.permission');`

			`if (is_numeric($permission)) {`
			`$permission = $permission_class::find($permission);`
			`} elseif (is_string($permission)) {`
			`$permission = $permission_class::where('slug', $permission)->first();`
IBF hasRoles 2025-06-19 12:45:06 +00:00			`}`

RMI permissions table/structure & has permission trait 2025-06-19 11:36:10 +00:00			`if ($permission) {`
BF joints 2026-02-10 14:22:26 +00:00			`$this->individualPermissions()->detach($permission);`
RMI permissions table/structure & has permission trait 2025-06-19 11:36:10 +00:00			`}`

I hasPermissions 2025-06-19 13:08:49 +00:00			`return true;`
RMI permissions table/structure & has permission trait 2025-06-19 11:36:10 +00:00			`}`
A traits, I fields 2025-06-16 07:49:36 +00:00			`}`