Lager-v3/app/Policies/UserPolicy.php

157 lines
4.3 KiB
PHP

<?php
namespace App\Policies;
use App\Models\Permission;
use App\Models\User;
use Illuminate\Auth\Access\HandlesAuthorization;
use Illuminate\Auth\Access\Response;
use Illuminate\Support\Facades\Auth;
class UserPolicy
{
use HandlesAuthorization;
/**
* Create a new policy instance.
*
* @return void
*/
public function __construct()
{
//
}
/**
* Determine whether the user can view any models.
*
* @return Response
*/
public function viewAny(): Response
{
return Auth::user()->role->permissions->contains(Permission::firstWhere('name', '=', 'users_viewAny'))
? Response::allow()
: Response::deny('you are not the chosen one');
}
/**
* Determine whether the user can view any models.
*
* @return Response
*/
public function viewAny_deleted(): Response
{
return Auth::user()->role->permissions->contains(Permission::firstWhere('name', '=', 'users_viewAny_deleted'))
? Response::allow()
: Response::deny('you are not the chosen one');
}
/**
* Determine whether the user can view the model.
*
* @param User $user
* @param User $model
* @return Response
*/
public function view(User $user): Response
{
return ($user->id === Auth::user()->id
or Auth::user()->role->permissions->contains(Permission::firstWhere('name', '=', 'users_view')))
? Response::allow()
: Response::deny('you are not the chosen one');
}
/**
* Determine whether the user can create models.
*
* @return Response
*/
public function create(): Response
{
return Auth::user()->role->permissions->contains(Permission::firstWhere('name', '=', 'users_create'))
? Response::allow()
: Response::deny('you are not the chosen one');
}
/**
* Determine whether the user can update the model.
*
* @param User $user
* @return Response
*/
public function edit(User $user): Response
{
return ($user->id === Auth::user()->id
or Auth::user()->role->permissions->contains(Permission::firstWhere('name', '=', 'users_edit')))
? Response::allow()
: Response::deny('you are not the chosen one');
}
/**
* Determine whether the user can delete the model.
*
* @param User $user
* @return Response
*/
public function delete(User $user): Response
{
return Auth::user()->role->permissions->contains(Permission::firstWhere('name', '=', 'users_delete'))
? Response::allow()
: Response::deny('you are not the chosen one');
}
/**
* Determine whether the user can restore the model.
*
* @param User $user
* @return Response|bool
*/
public function restore(User $user)
{
return Auth::user()->role->permissions->contains(Permission::firstWhere('name', '=', 'users_restore'))
? Response::allow()
: Response::deny('you are not the chosen one');
}
/**
* Determine whether the user can permanently delete the model.
*
* @param User $user
* @return Response|bool
*/
public function delete_force(User $user)
{
return Auth::user()->role->permissions->contains(Permission::firstWhere('name', '=', 'users_delete_force'))
? Response::allow()
: Response::deny('you are not the chosen one');
}
/**
* Determine whether the user can permanently delete the model.
*
* @param User $user
* @return Response|bool
*/
public function edit_username(User $user)
{
return Auth::user()->role->permissions->contains(Permission::firstWhere('name', '=', 'users_edit_username'))
? Response::allow()
: Response::deny('you are not the chosen one');
}
/**
* Determine whether the user can permanently delete the model.
*
* @param User $user
* @return Response|bool
*/
public function edit_role(User $user)
{
return Auth::user()->role->permissions->contains(Permission::firstWhere('name', '=', 'users_edit_role'))
? Response::allow()
: Response::deny('you are not the chosen one');
}
}