snipe-it/app/Providers/AuthServiceProvider.php

<?php

namespace App\Providers;

use App\Models\Accessory;
use Carbon\Carbon;
use App\Models\Asset;
use App\Models\Component;
use App\Models\Consumable;
use App\Models\License;
use App\Models\User;
use App\Policies\AccessoryPolicy;
use App\Policies\AssetPolicy;
use App\Policies\ComponentPolicy;
use App\Policies\ConsumablePolicy;
use App\Policies\LicensePolicy;
use App\Policies\UserPolicy;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Illuminate\Support\Facades\Gate;
use Laravel\Passport\Passport;

class AuthServiceProvider extends ServiceProvider
{
    /**
     * The policy mappings for the application.
     *
     * @var array
     */
    protected $policies = [
        Asset::class => AssetPolicy::class,
        Accessory::class => AccessoryPolicy::class,
        Component::class => ComponentPolicy::class,
        Consumable::class => ConsumablePolicy::class,
        License::class => LicensePolicy::class,
        User::class => UserPolicy::class,
    ];

    /**
     * Register any authentication / authorization services.
     *
     * @return void
     */
    public function boot()
    {

        $this->commands([
            \Laravel\Passport\Console\InstallCommand::class,
            \Laravel\Passport\Console\ClientCommand::class,
            \Laravel\Passport\Console\KeysCommand::class,
        ]);
        

        $this->registerPolicies();
        Passport::routes();
        Passport::tokensExpireIn(Carbon::now()->addYears(20));
        Passport::refreshTokensExpireIn(Carbon::now()->addYears(20));


        // --------------------------------
        // BEFORE ANYTHING ELSE
        // --------------------------------
        // If this condition is true, ANYTHING else below will be assumed
        // to be true. This can cause weird blade behavior.
        Gate::before(function ($user) {
            if ($user->isSuperUser()) {
                return true;
            }
        });

        // --------------------------------
        // GENERAL GATES
        // These control general sections of the admin
        // --------------------------------
        Gate::define('admin', function ($user) {
            if ($user->hasAccess('admin')) {
                return true;
            }
        });


        # -----------------------------------------
        # Reports
        # -----------------------------------------
        Gate::define('reports.view', function ($user) {
            if ($user->hasAccess('reports.view')) {
                return true;
            }
        });

        # -----------------------------------------
        # Self
        # -----------------------------------------
        Gate::define('self.two_factor', function ($user) {
            if (($user->hasAccess('self.two_factor')) || ($user->hasAccess('admin'))) {
                return true;
            }
        });
    }
}
Version 3 - hold onto your butts 2016-03-25 01:18:05 -07:00			`<?php`

			`namespace App\Providers;`

Discussion: Moving to policies for controller based authorization (#3080) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. 2016-12-19 11:04:28 -08:00			`use App\Models\Accessory;`
Set longer token expiration 2017-01-11 14:50:26 -08:00			`use Carbon\Carbon;`
Discussion: Moving to policies for controller based authorization (#3080) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. 2016-12-19 11:04:28 -08:00			`use App\Models\Asset;`
			`use App\Models\Component;`
			`use App\Models\Consumable;`
			`use App\Models\License;`
			`use App\Models\User;`
			`use App\Policies\AccessoryPolicy;`
			`use App\Policies\AssetPolicy;`
			`use App\Policies\ComponentPolicy;`
			`use App\Policies\ConsumablePolicy;`
			`use App\Policies\LicensePolicy;`
			`use App\Policies\UserPolicy;`
Version 3 - hold onto your butts 2016-03-25 01:18:05 -07:00			`use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;`
Discussion: Moving to policies for controller based authorization (#3080) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. 2016-12-19 11:04:28 -08:00			`use Illuminate\Support\Facades\Gate;`
			`use Laravel\Passport\Passport;`
Version 3 - hold onto your butts 2016-03-25 01:18:05 -07:00
			`class AuthServiceProvider extends ServiceProvider`
			`{`
			`/**`
			`* The policy mappings for the application.`
			`*`
			`* @var array`
			`*/`
			`protected $policies = [`
Discussion: Moving to policies for controller based authorization (#3080) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. 2016-12-19 11:04:28 -08:00			`Asset::class => AssetPolicy::class,`
			`Accessory::class => AccessoryPolicy::class,`
			`Component::class => ComponentPolicy::class,`
			`Consumable::class => ConsumablePolicy::class,`
			`License::class => LicensePolicy::class,`
			`User::class => UserPolicy::class,`
Version 3 - hold onto your butts 2016-03-25 01:18:05 -07:00			`];`

			`/**`
Updated providers for 5.3 2016-12-14 04:32:24 -08:00			`* Register any authentication / authorization services.`
Version 3 - hold onto your butts 2016-03-25 01:18:05 -07:00			`*`
			`* @return void`
			`*/`
Updated providers for 5.3 2016-12-14 04:32:24 -08:00			`public function boot()`
Version 3 - hold onto your butts 2016-03-25 01:18:05 -07:00			`{`
Add passport commands to boot() to allow us to call them via PHP 2017-04-27 07:09:46 -07:00
			`$this->commands([`
			`\Laravel\Passport\Console\InstallCommand::class,`
			`\Laravel\Passport\Console\ClientCommand::class,`
			`\Laravel\Passport\Console\KeysCommand::class,`
			`]);`


Passport scaffolding 2016-12-14 10:06:05 -08:00			`$this->registerPolicies();`
			`Passport::routes();`
Set longer token expiration 2017-01-11 14:50:26 -08:00			`Passport::tokensExpireIn(Carbon::now()->addYears(20));`
			`Passport::refreshTokensExpireIn(Carbon::now()->addYears(20));`
More vue/api work 2017-01-11 03:38:55 -08:00

Added gates to authservice provider for finer tuned permissions 2016-06-02 02:40:49 -07:00			`// --------------------------------`
			`// BEFORE ANYTHING ELSE`
			`// --------------------------------`
Set longer token expiration 2017-01-11 14:50:26 -08:00			`// If this condition is true, ANYTHING else below will be assumed`
Added gates to authservice provider for finer tuned permissions 2016-06-02 02:40:49 -07:00			`// to be true. This can cause weird blade behavior.`
Updated providers for 5.3 2016-12-14 04:32:24 -08:00			`Gate::before(function ($user) {`
Added gates to authservice provider for finer tuned permissions 2016-06-02 02:40:49 -07:00			`if ($user->isSuperUser()) {`
			`return true;`
			`}`
			`});`

			`// --------------------------------`
			`// GENERAL GATES`
			`// These control general sections of the admin`
			`// --------------------------------`
Updated providers for 5.3 2016-12-14 04:32:24 -08:00			`Gate::define('admin', function ($user) {`
Added gates to authservice provider for finer tuned permissions 2016-06-02 02:40:49 -07:00			`if ($user->hasAccess('admin')) {`
			`return true;`
			`}`
			`});`


			`# -----------------------------------------`
			`# Reports`
			`# -----------------------------------------`
Updated providers for 5.3 2016-12-14 04:32:24 -08:00			`Gate::define('reports.view', function ($user) {`
Added gates to authservice provider for finer tuned permissions 2016-06-02 02:40:49 -07:00			`if ($user->hasAccess('reports.view')) {`
			`return true;`
			`}`
			`});`

Allow certain users to override 2FA with permission 2016-10-31 16:52:25 -07:00			`# -----------------------------------------`
			`# Self`
			`# -----------------------------------------`
Updated providers for 5.3 2016-12-14 04:32:24 -08:00			`Gate::define('self.two_factor', function ($user) {`
Allow certain users to override 2FA with permission 2016-10-31 16:52:25 -07:00			`if (($user->hasAccess('self.two_factor')) \|\| ($user->hasAccess('admin'))) {`
			`return true;`
			`}`
			`});`
Version 3 - hold onto your butts 2016-03-25 01:18:05 -07:00			`}`
			`}`