snipe-it/app/Policies/LicensePolicy.php

<?php

namespace App\Policies;

use App\Models\Company;
use App\Models\License;
use App\Models\LicenseSeat;
use App\Models\User;
use Illuminate\Auth\Access\HandlesAuthorization;

class LicensePolicy
{
    use HandlesAuthorization;


    public function before(User $user, $ability, $license)
    {
        // Lets move all company related checks here.
        if ($license instanceof \App\Models\License && !Company::isCurrentUserHasAccess($license)) {
            return false;
        }
        // If an admin, they can do all asset related tasks.
        if ($user->hasAccess('admin')) {
            return true;
        }
    }
    /**
     * Determine whether the user can view the license.
     *
     * @param  \App\User  $user
     * @param  \App\License  $license
     * @return mixed
     */
    public function view(User $user, License $license = null)
    {
        //
        return $user->hasAccess('licenses.view');
    }

    /**
     * Determine whether the user can create licenses.
     *
     * @param  \App\User  $user
     * @return mixed
     */
    public function create(User $user)
    {
        //
        return $user->hasAccess('licenses.create');
    }

    /**
     * Determine whether the user can update the license.
     *
     * @param  \App\User  $user
     * @param  \App\License  $license
     * @return mixed
     */
    public function update(User $user, License $license = null)
    {
        //
        return $user->hasAccess('licenses.edit');
    }

    /**
     * Determine whether the user can delete the license.
     *
     * @param  \App\User  $user
     * @param  \App\License  $license
     * @return mixed
     */
    public function delete(User $user, License $license = null)
    {
        //
        return $user->hasAccess('licenses.delete');
    }

   /**
     * Determine whether the user can checkout the license.
     *
     * @param  \App\User  $user
     * @param  \App\Accessory  $license
     * @return mixed
     */
    public function checkout(User $user, LicenseSeat $license = null)
    {
        return $user->hasAccess('licenses.checkout');
    }

   /**
     * Determine whether the user can checkin the license.
     *
     * @param  \App\User  $user
     * @param  \App\License  $license
     * @return mixed
     */
    public function checkin(User $user, LicenseSeat $license = null)
    {
        return $user->hasAccess('licenses.checkin');
    }
   /**
     * Determine whether the user can view license keys
     *
     * @param  \App\User  $user
     * @param  \App\License  $license
     * @return mixed
     */
    public function viewKeys(User $user, License $license = null)
    {
        return $user->hasAccess('licenses.keys');
    }

     /**
     * Determine whether the user can manage the license.
     *
     * @param  \App\User  $user
     * @param  \App\License  $license
     * @return mixed
     */
    public function manage(User $user, License $license = null)
    {
        return $user->hasAccess('licenses.checkin')
             || $user->hasAccess('licenses.edit')
             || $user->hasAccess('licenses.delete')
             || $user->hasAccess('licenses.checkout');
    }
}
Discussion: Moving to policies for controller based authorization (#3080) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. 2016-12-19 11:04:28 -08:00			`<?php`

			`namespace App\Policies;`

			`use App\Models\Company;`
			`use App\Models\License;`
			`use App\Models\LicenseSeat;`
			`use App\Models\User;`
			`use Illuminate\Auth\Access\HandlesAuthorization;`

			`class LicensePolicy`
			`{`
			`use HandlesAuthorization;`


			`public function before(User $user, $ability, $license)`
			`{`
			`// Lets move all company related checks here.`
			`if ($license instanceof \App\Models\License && !Company::isCurrentUserHasAccess($license)) {`
			`return false;`
			`}`
			`// If an admin, they can do all asset related tasks.`
			`if ($user->hasAccess('admin')) {`
			`return true;`
			`}`
			`}`
			`/**`
			`* Determine whether the user can view the license.`
			`*`
			`* @param \App\User $user`
			`* @param \App\License $license`
			`* @return mixed`
			`*/`
			`public function view(User $user, License $license = null)`
			`{`
			`//`
			`return $user->hasAccess('licenses.view');`
			`}`

			`/**`
			`* Determine whether the user can create licenses.`
			`*`
			`* @param \App\User $user`
			`* @return mixed`
			`*/`
			`public function create(User $user)`
			`{`
			`//`
			`return $user->hasAccess('licenses.create');`
			`}`

			`/**`
			`* Determine whether the user can update the license.`
			`*`
			`* @param \App\User $user`
			`* @param \App\License $license`
			`* @return mixed`
			`*/`
			`public function update(User $user, License $license = null)`
			`{`
			`//`
			`return $user->hasAccess('licenses.edit');`
			`}`

			`/**`
			`* Determine whether the user can delete the license.`
			`*`
			`* @param \App\User $user`
			`* @param \App\License $license`
			`* @return mixed`
			`*/`
			`public function delete(User $user, License $license = null)`
			`{`
			`//`
			`return $user->hasAccess('licenses.delete');`
			`}`

			`/**`
			`* Determine whether the user can checkout the license.`
			`*`
			`* @param \App\User $user`
			`* @param \App\Accessory $license`
			`* @return mixed`
			`*/`
			`public function checkout(User $user, LicenseSeat $license = null)`
			`{`
			`return $user->hasAccess('licenses.checkout');`
			`}`

			`/**`
			`* Determine whether the user can checkin the license.`
			`*`
			`* @param \App\User $user`
			`* @param \App\License $license`
			`* @return mixed`
			`*/`
			`public function checkin(User $user, LicenseSeat $license = null)`
			`{`
			`return $user->hasAccess('licenses.checkin');`
			`}`
			`/**`
			`* Determine whether the user can view license keys`
			`*`
			`* @param \App\User $user`
			`* @param \App\License $license`
			`* @return mixed`
			`*/`
			`public function viewKeys(User $user, License $license = null)`
			`{`
			`return $user->hasAccess('licenses.keys');`
			`}`

			`/**`
			`* Determine whether the user can manage the license.`
			`*`
			`* @param \App\User $user`
			`* @param \App\License $license`
			`* @return mixed`
			`*/`
			`public function manage(User $user, License $license = null)`
			`{`
			`return $user->hasAccess('licenses.checkin')`
			`\|\| $user->hasAccess('licenses.edit')`
			`\|\| $user->hasAccess('licenses.delete')`
			`\|\| $user->hasAccess('licenses.checkout');`
			`}`
			`}`