TryGhost · jgable · Jun 5, 2013
diff --git a/core/shared/data/fixtures/001.js b/core/shared/data/fixtures/001.js
diff --git a/core/shared/data/migration/001.js b/core/shared/data/migration/001.js
@@ -47,6 +47,38 @@
                 t.integer('updated_by');
             }),
 
+            knex.Schema.createTable('roles', function (t) {
+                t.increments().primary();
+                t.string('name');
+                t.string('description');
+            }),
+
+            knex.Schema.createTable('roles_users', function (t) {
+                t.increments().primary();
+                t.integer('role_id');
+                t.integer('user_id');
+            }),
+
+            knex.Schema.createTable('permissions', function (t) {
+                t.increments().primary();
+                t.string('name');
+                t.string('object_type');
+                t.string('action_type');
+                t.integer('object_id');
+            }),
+
+            knex.Schema.createTable('permissions_users', function (t) {
+                t.increments().primary();
+                t.integer('user_id');
+                t.integer('permission_id');
+            }),
+
+            knex.Schema.createTable('permissions_roles', function(t) {
+                t.increments().primary();
+                t.integer('role_id');
+                t.integer('permission_id');
+            }),
+
             knex.Schema.createTable('settings', function (t) {
                 t.increments().primary();
                 t.string('key');
@@ -63,6 +95,10 @@
             return when.all([
                 knex('posts').insert(fixtures.posts),
                 knex('users').insert(fixtures.users),
+                knex('roles').insert(fixtures.roles),
+                knex('roles_users').insert(fixtures.roles_users),
+                knex('permissions').insert(fixtures.permissions),
+                knex('permissions_roles').insert(fixtures.permissions_roles),
                 knex('settings').insert(fixtures.settings)
             ]);
 
@@ -74,8 +110,17 @@
         return when.all([
             knex.Schema.dropTableIfExists("posts"),
             knex.Schema.dropTableIfExists("users"),
-            knex.Schema.dropTableIfExists("settings")
-        ]);
+            knex.Schema.dropTableIfExists("roles"),
+            knex.Schema.dropTableIfExists("settings"),
+            knex.Schema.dropTableIfExists("permissions")
+        ]).then(function() {
+            // Drop the relation tables after the model tables?
+            return when.all([
+                knex.Schema.dropTableIfExists("roles_users"),
+                knex.Schema.dropTableIfExists("permissions_users"),
+                knex.Schema.dropTableIfExists("permissions_roles")
+            ]);
+        });
     };
 
     exports.up = up;

diff --git a/core/shared/errorHandling.js b/core/shared/errorHandling.js
@@ -21,6 +21,7 @@
         },
 
         logError: function (err) {
+            err = err || "Unknown";
             // TODO: Logging framework hookup
             console.log("Error occurred: ", err.message || err);
         },

diff --git a/core/shared/models/index.js b/core/shared/models/index.js
@@ -9,6 +9,8 @@
     module.exports = {
         Post: require('./post').Post,
         User: require('./user').User,
+        Role: require('./role').Role,
+        Permission: require('./permission').Permission,
         Setting: require('./setting').Setting,
         init: function () {
             return knex.Schema.hasTable('posts').then(null, function () {

diff --git a/core/shared/models/permission.js b/core/shared/models/permission.js
@@ -0,0 +1,31 @@
+(function () {
+    "use strict";
+
+    var GhostBookshelf = require('./base'),
+        User = require('./user').User,
+        Role = require('./role').Role,
+        Permission,
+        Permissions;
+
+    Permission = GhostBookshelf.Model.extend({
+        tableName: 'permissions',
+
+        roles: function () {
+            return this.belongsToMany(Role);
+        },
+
+        users: function () {
+            return this.belongsToMany(User);
+        }
+    });
+
+    Permissions = GhostBookshelf.Collection.extend({
+        model: Permission
+    });
+
+    module.exports = {
+        Permission: Permission,
+        Permissions: Permissions
+    };
+
+}());
diff --git a/core/shared/models/role.js b/core/shared/models/role.js
@@ -0,0 +1,32 @@
+(function () {
+
+    "use strict";
+
+    var User = require('./user').User,
+        Permission = require('./permission').Permission,
+        GhostBookshelf = require('./base'),
+        Role,
+        Roles;
+
+    Role = GhostBookshelf.Model.extend({
+        tableName: 'roles',
+
+        users: function () {
+            return this.belongsToMany(User);
+        },
+
+        permissions: function () {
+            return this.belongsToMany(Permission);
+        }
+    });
+
+    Roles = GhostBookshelf.Collection.extend({
+        model: Role
+    });
+
+    module.exports = {
+        Role: Role,
+        Roles: Roles
+    };
+
+}());
diff --git a/core/shared/models/user.js b/core/shared/models/user.js
@@ -8,7 +8,9 @@
         nodefn = require('when/node/function'),
         bcrypt = require('bcrypt-nodejs'),
         Posts = require('./post').Posts,
-        GhostBookshelf = require('./base');
+        GhostBookshelf = require('./base'),
+        Role = require('./role').Role,
+        Permission = require('./permission').Permission;
 
     User = GhostBookshelf.Model.extend({
 
@@ -18,6 +20,14 @@
 
         posts: function () {
             return this.hasMany(Posts, 'created_by');
+        },
+
+        roles: function () {
+            return this.belongsToMany(Role);
+        },
+
+        permissions: function () {
+            return this.belongsToMany(Permission);
         }
 
     }, {
@@ -62,6 +72,35 @@
                     return user;
                 });
             });
+        },
+
+        effectivePermissions: function (id) {
+            return this.read({id: id}, { withRelated: ['permissions', 'roles.permissions'] })
+                .then(function (foundUser) {
+                    var seenPerms = {},
+                        rolePerms = _.map(foundUser.related('roles').models, function (role) {
+                            return role.related('permissions').models;
+                        }),
+                        allPerms = [];
+
+                    rolePerms.push(foundUser.related('permissions').models);
+
+                    _.each(rolePerms, function (rolePermGroup) {
+                        _.each(rolePermGroup, function (perm) {
+                            var key = perm.get('action_type') + '-' + perm.get('object_type') + '-' + perm.get('object_id');
+
+                            // Only add perms once
+                            if (seenPerms[key]) {
+                                return;
+                            }
+
+                            allPerms.push(perm);
+                            seenPerms[key] = true;
+                        });
+                    });
+
+                    return when.resolve(allPerms);
+                });
         }
 
     });