DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-11-10 07:34:06 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
snipe-it/app/Policies/SnipePermissionsPolicy.php

164 lines
4.7 KiB
PHP
Raw Normal View History

Add missing policies (#4330) * Add Authorizable trait and interface to our user model so we have access to User::can/User::cant. We should take a look at where else our user model has diverged from Larvel since it was created... * Policy cleanup/fixes. This commit adds policies for the missing backend/"settings" areas. The permissions were implemented a while back but the policies did not, so authorizing actions was failing. In addition, this condenses a lot of code in the policies into base classes. Most of the files were identical except for table names, so we move all of the checks into a base class and override the table name in each policy. * Use a better name and permission for the check in the default layout.
2017-10-27 18:01:11 -07:00
<?php
Adopt Laravel coding style Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions. You may customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config file to your project root. Feel free to use [Shift's Laravel ruleset][2] to help you get started. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200
2021-06-10 13:15:52 -07:00
Add missing policies (#4330) * Add Authorizable trait and interface to our user model so we have access to User::can/User::cant. We should take a look at where else our user model has diverged from Larvel since it was created... * Policy cleanup/fixes. This commit adds policies for the missing backend/"settings" areas. The permissions were implemented a while back but the policies did not, so authorizing actions was failing. In addition, this condenses a lot of code in the policies into base classes. Most of the files were identical except for table names, so we move all of the checks into a base class and override the table name in each policy. * Use a better name and permission for the check in the default layout.
2017-10-27 18:01:11 -07:00
namespace App\Policies;
use App\Models\Company;
use App\Models\User;
use Illuminate\Auth\Access\HandlesAuthorization;
Added comments to SnipePermissionsPolicy for clarity
2017-12-07 21:00:09 -08:00
/**
* SnipePermissionsPolicy provides methods for handling the granular permissions used throughout Snipe-IT.
* Each "area" of a permission (which is usually a model, like Assets, Departments, etc), has a setting
* in config/permissions.php like view/create/edit/delete (and sometimes some extra stuff like
* checkout/checkin, etc.)
*
* A Policy should exist for each of these models, however if they only use the standard view/create/edit/delete,
* the policy can be pretty simple, for example with just one method setting the column name:
*
* protected function columnName()
* {
* return 'manufacturers';
* }
*/
Add missing policies (#4330) * Add Authorizable trait and interface to our user model so we have access to User::can/User::cant. We should take a look at where else our user model has diverged from Larvel since it was created... * Policy cleanup/fixes. This commit adds policies for the missing backend/"settings" areas. The permissions were implemented a while back but the policies did not, so authorizing actions was failing. In addition, this condenses a lot of code in the policies into base classes. Most of the files were identical except for table names, so we move all of the checks into a base class and override the table name in each policy. * Use a better name and permission for the check in the default layout.
2017-10-27 18:01:11 -07:00
abstract class SnipePermissionsPolicy
{
Added comments to SnipePermissionsPolicy for clarity
2017-12-07 21:00:09 -08:00
/**
* This should return the key of the model in the users json permission string.
*
Adopt Laravel coding style Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions. You may customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config file to your project root. Feel free to use [Shift's Laravel ruleset][2] to help you get started. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200
2021-06-10 13:15:52 -07:00
* @return bool
Added comments to SnipePermissionsPolicy for clarity
2017-12-07 21:00:09 -08:00
*/
//
Add missing policies (#4330) * Add Authorizable trait and interface to our user model so we have access to User::can/User::cant. We should take a look at where else our user model has diverged from Larvel since it was created... * Policy cleanup/fixes. This commit adds policies for the missing backend/"settings" areas. The permissions were implemented a while back but the policies did not, so authorizing actions was failing. In addition, this condenses a lot of code in the policies into base classes. Most of the files were identical except for table names, so we move all of the checks into a base class and override the table name in each policy. * Use a better name and permission for the check in the default layout.
2017-10-27 18:01:11 -07:00
abstract protected function columnName();
Adopt Laravel coding style Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions. You may customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config file to your project root. Feel free to use [Shift's Laravel ruleset][2] to help you get started. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200
2021-06-10 13:15:52 -07:00
use HandlesAuthorization;
Add missing policies (#4330) * Add Authorizable trait and interface to our user model so we have access to User::can/User::cant. We should take a look at where else our user model has diverged from Larvel since it was created... * Policy cleanup/fixes. This commit adds policies for the missing backend/"settings" areas. The permissions were implemented a while back but the policies did not, so authorizing actions was failing. In addition, this condenses a lot of code in the policies into base classes. Most of the files were identical except for table names, so we move all of the checks into a base class and override the table name in each policy. * Use a better name and permission for the check in the default layout.
2017-10-27 18:01:11 -07:00
public function before(User $user, $ability, $item)
{
Re-ordered scoping for admins, added comments Signed-off-by: snipe <snipe@snipe.net>
2024-04-11 06:39:37 -07:00
/**
Updated comment Signed-off-by: snipe <snipe@snipe.net>
2024-04-11 06:51:49 -07:00
* If an admin, they can do all item related tasks, but ARE constrained by FMCSA company access.
Re-ordered scoping for admins, added comments Signed-off-by: snipe <snipe@snipe.net>
2024-04-11 06:39:37 -07:00
* That scoping happens on the model level (except for the Users model) via the Companyable trait.
*
* This does lead to some inconsistencies in the responses, since attempting to edit assets,
* accessories, etc (anything other than users) will result in a Forbidden error, whereas the users
* area will redirect with "That user doesn't exist" since the scoping is handled directly on those queries.
*
* The *superuser* global permission gets handled in the AuthServiceProvider before() method.
*
* @see https://snipe-it.readme.io/docs/permissions
*/
Add missing policies (#4330) * Add Authorizable trait and interface to our user model so we have access to User::can/User::cant. We should take a look at where else our user model has diverged from Larvel since it was created... * Policy cleanup/fixes. This commit adds policies for the missing backend/"settings" areas. The permissions were implemented a while back but the policies did not, so authorizing actions was failing. In addition, this condenses a lot of code in the policies into base classes. Most of the files were identical except for table names, so we move all of the checks into a base class and override the table name in each policy. * Use a better name and permission for the check in the default layout.
2017-10-27 18:01:11 -07:00
if ($user->hasAccess('admin')) {
return true;
}
Re-ordered scoping for admins, added comments Signed-off-by: snipe <snipe@snipe.net>
2024-04-11 06:39:37 -07:00
Fixed tests Signed-off-by: snipe <snipe@snipe.net>
2024-04-17 01:26:07 -07:00
/**
* If we got here by $this→authorize('something', $actualModel) then we can continue on Il but if we got here
* via $this→authorize('something', Model::class) then calling Company:: isCurrentUserHasAccess($item) gets weird.
* Bail out here by returning "nothing" and allow the relevant method lower in this class to be called and handle authorization.
*/
if (!$item instanceof Model){
return;
}
Re-ordered scoping for admins, added comments Signed-off-by: snipe <snipe@snipe.net>
2024-04-11 06:39:37 -07:00
/**
* The Company::isCurrentUserHasAccess() method from the company model handles the check for FMCS already so we
* don't have to do that here.
*/
if (!Company::isCurrentUserHasAccess($item)) {
return false;
}
Add missing policies (#4330) * Add Authorizable trait and interface to our user model so we have access to User::can/User::cant. We should take a look at where else our user model has diverged from Larvel since it was created... * Policy cleanup/fixes. This commit adds policies for the missing backend/"settings" areas. The permissions were implemented a while back but the policies did not, so authorizing actions was failing. In addition, this condenses a lot of code in the policies into base classes. Most of the files were identical except for table names, so we move all of the checks into a base class and override the table name in each policy. * Use a better name and permission for the check in the default layout.
2017-10-27 18:01:11 -07:00
}
Re-ordered scoping for admins, added comments Signed-off-by: snipe <snipe@snipe.net>
2024-04-11 06:39:37 -07:00
/**
* These methods handle the generic view/create/edit/delete permissions for the model.
*
* @param User $user
* @return bool
*/
Add missing policies (#4330) * Add Authorizable trait and interface to our user model so we have access to User::can/User::cant. We should take a look at where else our user model has diverged from Larvel since it was created... * Policy cleanup/fixes. This commit adds policies for the missing backend/"settings" areas. The permissions were implemented a while back but the policies did not, so authorizing actions was failing. In addition, this condenses a lot of code in the policies into base classes. Most of the files were identical except for table names, so we move all of the checks into a base class and override the table name in each policy. * Use a better name and permission for the check in the default layout.
2017-10-27 18:01:11 -07:00
public function index(User $user)
{
return $user->hasAccess($this->columnName().'.view');
}
Adopt Laravel coding style Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions. You may customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config file to your project root. Feel free to use [Shift's Laravel ruleset][2] to help you get started. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200
2021-06-10 13:15:52 -07:00
Add missing policies (#4330) * Add Authorizable trait and interface to our user model so we have access to User::can/User::cant. We should take a look at where else our user model has diverged from Larvel since it was created... * Policy cleanup/fixes. This commit adds policies for the missing backend/"settings" areas. The permissions were implemented a while back but the policies did not, so authorizing actions was failing. In addition, this condenses a lot of code in the policies into base classes. Most of the files were identical except for table names, so we move all of the checks into a base class and override the table name in each policy. * Use a better name and permission for the check in the default layout.
2017-10-27 18:01:11 -07:00
/**
* Determine whether the user can view the accessory.
*
Fixes/import permissions mask (#6826) * Check for empty headers in import * Added import permission * Fixed model path in docblock * Added import gate to default blade * Check if the user is an admin OR idf they have import permissions * Walked back that admin permission Since admins are bound by full company support, it makes less sense to let admins have this permission by default, versus having them specifically designated to the import permission
2019-03-18 11:58:08 -07:00
* @param \App\Models\User $user
Add missing policies (#4330) * Add Authorizable trait and interface to our user model so we have access to User::can/User::cant. We should take a look at where else our user model has diverged from Larvel since it was created... * Policy cleanup/fixes. This commit adds policies for the missing backend/"settings" areas. The permissions were implemented a while back but the policies did not, so authorizing actions was failing. In addition, this condenses a lot of code in the policies into base classes. Most of the files were identical except for table names, so we move all of the checks into a base class and override the table name in each policy. * Use a better name and permission for the check in the default layout.
2017-10-27 18:01:11 -07:00
* @return mixed
*/
public function view(User $user, $item = null)
{
return $user->hasAccess($this->columnName().'.view');
}
Check for licenses.files permissions Signed-off-by: snipe <snipe@snipe.net>
2022-09-16 14:00:27 -07:00
public function files(User $user, $item = null)
{
return $user->hasAccess($this->columnName().'.files');
}
Add missing policies (#4330) * Add Authorizable trait and interface to our user model so we have access to User::can/User::cant. We should take a look at where else our user model has diverged from Larvel since it was created... * Policy cleanup/fixes. This commit adds policies for the missing backend/"settings" areas. The permissions were implemented a while back but the policies did not, so authorizing actions was failing. In addition, this condenses a lot of code in the policies into base classes. Most of the files were identical except for table names, so we move all of the checks into a base class and override the table name in each policy. * Use a better name and permission for the check in the default layout.
2017-10-27 18:01:11 -07:00
/**
* Determine whether the user can create accessories.
*
Fixes/import permissions mask (#6826) * Check for empty headers in import * Added import permission * Fixed model path in docblock * Added import gate to default blade * Check if the user is an admin OR idf they have import permissions * Walked back that admin permission Since admins are bound by full company support, it makes less sense to let admins have this permission by default, versus having them specifically designated to the import permission
2019-03-18 11:58:08 -07:00
* @param \App\Models\User $user
Add missing policies (#4330) * Add Authorizable trait and interface to our user model so we have access to User::can/User::cant. We should take a look at where else our user model has diverged from Larvel since it was created... * Policy cleanup/fixes. This commit adds policies for the missing backend/"settings" areas. The permissions were implemented a while back but the policies did not, so authorizing actions was failing. In addition, this condenses a lot of code in the policies into base classes. Most of the files were identical except for table names, so we move all of the checks into a base class and override the table name in each policy. * Use a better name and permission for the check in the default layout.
2017-10-27 18:01:11 -07:00
* @return mixed
*/
public function create(User $user)
{
return $user->hasAccess($this->columnName().'.create');
}
/**
* Determine whether the user can update the accessory.
*
Fixes/import permissions mask (#6826) * Check for empty headers in import * Added import permission * Fixed model path in docblock * Added import gate to default blade * Check if the user is an admin OR idf they have import permissions * Walked back that admin permission Since admins are bound by full company support, it makes less sense to let admins have this permission by default, versus having them specifically designated to the import permission
2019-03-18 11:58:08 -07:00
* @param \App\Models\User $user
Add missing policies (#4330) * Add Authorizable trait and interface to our user model so we have access to User::can/User::cant. We should take a look at where else our user model has diverged from Larvel since it was created... * Policy cleanup/fixes. This commit adds policies for the missing backend/"settings" areas. The permissions were implemented a while back but the policies did not, so authorizing actions was failing. In addition, this condenses a lot of code in the policies into base classes. Most of the files were identical except for table names, so we move all of the checks into a base class and override the table name in each policy. * Use a better name and permission for the check in the default layout.
2017-10-27 18:01:11 -07:00
* @return mixed
*/
public function update(User $user, $item = null)
{
return $user->hasAccess($this->columnName().'.edit');
}
Added checkout to permissions check Signed-off-by: snipe <snipe@snipe.net>
2022-05-11 19:02:23 -07:00
/**
* Determine whether the user can update the accessory.
*
* @param \App\Models\User $user
* @return mixed
*/
public function checkout(User $user, $item = null)
{
return $user->hasAccess($this->columnName().'.checkout');
}
Add missing policies (#4330) * Add Authorizable trait and interface to our user model so we have access to User::can/User::cant. We should take a look at where else our user model has diverged from Larvel since it was created... * Policy cleanup/fixes. This commit adds policies for the missing backend/"settings" areas. The permissions were implemented a while back but the policies did not, so authorizing actions was failing. In addition, this condenses a lot of code in the policies into base classes. Most of the files were identical except for table names, so we move all of the checks into a base class and override the table name in each policy. * Use a better name and permission for the check in the default layout.
2017-10-27 18:01:11 -07:00
/**
* Determine whether the user can delete the accessory.
*
Fixes/import permissions mask (#6826) * Check for empty headers in import * Added import permission * Fixed model path in docblock * Added import gate to default blade * Check if the user is an admin OR idf they have import permissions * Walked back that admin permission Since admins are bound by full company support, it makes less sense to let admins have this permission by default, versus having them specifically designated to the import permission
2019-03-18 11:58:08 -07:00
* @param \App\Models\User $user
Add missing policies (#4330) * Add Authorizable trait and interface to our user model so we have access to User::can/User::cant. We should take a look at where else our user model has diverged from Larvel since it was created... * Policy cleanup/fixes. This commit adds policies for the missing backend/"settings" areas. The permissions were implemented a while back but the policies did not, so authorizing actions was failing. In addition, this condenses a lot of code in the policies into base classes. Most of the files were identical except for table names, so we move all of the checks into a base class and override the table name in each policy. * Use a better name and permission for the check in the default layout.
2017-10-27 18:01:11 -07:00
* @return mixed
*/
public function delete(User $user, $item = null)
{
Clean up Transformers and extract an isDeletable() method to models where it makes sense.
2020-05-23 10:36:02 -07:00
$itemConditional = true;
if ($item) {
Adopt Laravel coding style Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions. You may customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config file to your project root. Feel free to use [Shift's Laravel ruleset][2] to help you get started. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200
2021-06-10 13:15:52 -07:00
$itemConditional = empty($item->deleted_at);
Clean up Transformers and extract an isDeletable() method to models where it makes sense.
2020-05-23 10:36:02 -07:00
}
Adopt Laravel coding style Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions. You may customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config file to your project root. Feel free to use [Shift's Laravel ruleset][2] to help you get started. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200
2021-06-10 13:15:52 -07:00
Clean up Transformers and extract an isDeletable() method to models where it makes sense.
2020-05-23 10:36:02 -07:00
return $itemConditional && $user->hasAccess($this->columnName().'.delete');
Add missing policies (#4330) * Add Authorizable trait and interface to our user model so we have access to User::can/User::cant. We should take a look at where else our user model has diverged from Larvel since it was created... * Policy cleanup/fixes. This commit adds policies for the missing backend/"settings" areas. The permissions were implemented a while back but the policies did not, so authorizing actions was failing. In addition, this condenses a lot of code in the policies into base classes. Most of the files were identical except for table names, so we move all of the checks into a base class and override the table name in each policy. * Use a better name and permission for the check in the default layout.
2017-10-27 18:01:11 -07:00
}
Adopt Laravel coding style Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions. You may customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config file to your project root. Feel free to use [Shift's Laravel ruleset][2] to help you get started. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200
2021-06-10 13:15:52 -07:00
/**
Add missing policies (#4330) * Add Authorizable trait and interface to our user model so we have access to User::can/User::cant. We should take a look at where else our user model has diverged from Larvel since it was created... * Policy cleanup/fixes. This commit adds policies for the missing backend/"settings" areas. The permissions were implemented a while back but the policies did not, so authorizing actions was failing. In addition, this condenses a lot of code in the policies into base classes. Most of the files were identical except for table names, so we move all of the checks into a base class and override the table name in each policy. * Use a better name and permission for the check in the default layout.
2017-10-27 18:01:11 -07:00
* Determine whether the user can manage the accessory.
*
Fixes/import permissions mask (#6826) * Check for empty headers in import * Added import permission * Fixed model path in docblock * Added import gate to default blade * Check if the user is an admin OR idf they have import permissions * Walked back that admin permission Since admins are bound by full company support, it makes less sense to let admins have this permission by default, versus having them specifically designated to the import permission
2019-03-18 11:58:08 -07:00
* @param \App\Models\User $user
Add missing policies (#4330) * Add Authorizable trait and interface to our user model so we have access to User::can/User::cant. We should take a look at where else our user model has diverged from Larvel since it was created... * Policy cleanup/fixes. This commit adds policies for the missing backend/"settings" areas. The permissions were implemented a while back but the policies did not, so authorizing actions was failing. In addition, this condenses a lot of code in the policies into base classes. Most of the files were identical except for table names, so we move all of the checks into a base class and override the table name in each policy. * Use a better name and permission for the check in the default layout.
2017-10-27 18:01:11 -07:00
* @return mixed
*/
public function manage(User $user, $item = null)
{
return $user->hasAccess($this->columnName().'.edit');
}
}
Reference in a new issue Copy permalink