Add constant for root privilege alias

orisai · Aug 14, 2023 · 725b3b8 · 725b3b8
1 parent c4fee75
commit 725b3b8
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 5 deletions.
diff --git a/src/Auth/Logic/AuthorizationDataCreator.php b/src/Auth/Logic/AuthorizationDataCreator.php
@@ -11,6 +11,8 @@
 final class AuthorizationDataCreator implements AuthorizationDataCreatorInterface
 {
 
+	public const RootPrivilege = '*';
+
 	/**
 	 * @param array<string> $privileges
 	 */
@@ -63,7 +65,7 @@ private function buildData(): AuthorizationData
 			$dataBuilder->addRole($role->name);
 
 			foreach ($role->privileges as $privilege) {
-				if ($privilege === '*') {
+				if ($privilege === self::RootPrivilege) {
 					$dataBuilder->addRoot($role->name);
 				} else {
 					$dataBuilder->allow($role->name, $privilege);

diff --git a/src/Auth/UI/UserIdentityCreator.php b/src/Auth/UI/UserIdentityCreator.php
@@ -2,6 +2,7 @@
 
 namespace OriCMF\Auth\UI;
 
+use OriCMF\Auth\Logic\AuthorizationDataCreator;
 use OriCMF\User\DB\User;
 use Orisai\Auth\Authorization\Authorizer;
 use Orisai\Auth\Authorization\IdentityAuthorizationDataBuilder;
@@ -35,7 +36,7 @@ private function setIdentityAuthData(User $user, UserIdentity $identity): void
 
 		$builder = new IdentityAuthorizationDataBuilder($this->authorizer->getData());
 		foreach ($user->privileges as $privilege) {
-			if ($privilege === '*') {
+			if ($privilege === AuthorizationDataCreator::RootPrivilege) {
 				$builder->addRoot($identity);
 			} else {
 				$builder->allow($identity, $privilege);

diff --git a/src/Role/CLI/RoleCreateCommand.php b/src/Role/CLI/RoleCreateCommand.php
@@ -3,6 +3,7 @@
 namespace OriCMF\Role\CLI;
 
 use Nextras\Orm\Model\IModel;
+use OriCMF\Auth\Logic\AuthorizationDataCreator;
 use OriCMF\Role\DB\Role;
 use OriCMF\Role\DB\RoleRepository;
 use Orisai\Auth\Authorization\Authorizer;
@@ -73,7 +74,10 @@ protected function execute(InputInterface $input, OutputInterface $output): int
 
 		$missingPrivileges = [];
 		foreach ($privilegeNames as $privilegeName) {
-			if ($privilegeName !== '*' && !$this->authorizer->getData()->privilegeExists($privilegeName)) {
+			if (
+				$privilegeName !== AuthorizationDataCreator::RootPrivilege
+				&& !$this->authorizer->getData()->privilegeExists($privilegeName)
+			) {
 				$missingPrivileges[] = $privilegeName;
 			}
 		}

diff --git a/src/User/DB/UserRepository.php b/src/User/DB/UserRepository.php
@@ -3,6 +3,7 @@
 namespace OriCMF\User\DB;
 
 use Nextras\Orm\Collection\ICollection;
+use OriCMF\Auth\Logic\AuthorizationDataCreator;
 use OriCMF\Orm\BaseRepository;
 use OriCMF\Orm\Functions\JsonAnyKeyOrValueExistsFunction;
 use Orisai\Auth\Authorization\PrivilegeProcessor;
@@ -23,14 +24,14 @@ public static function getEntityClassNames(): array
 	/**
 	 * @return ICollection&iterable<User>
 	 */
-	public function findByPrivilege(string $privilege, bool $includePowerUser = true): ICollection
+	public function findByPrivilege(string $privilege, bool $includeRoot = true): ICollection
 	{
 		$parents = PrivilegeProcessor::getPrivilegeParents($privilege);
 
 		return $this->findBy([
 			JsonAnyKeyOrValueExistsFunction::class,
 			'roles->privileges',
-			$includePowerUser ? ['*'] + $parents : $parents,
+			$includeRoot ? [AuthorizationDataCreator::RootPrivilege] + $parents : $parents,
 		]);
 	}