2016-03-25 01:18:05 -07:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace App\Providers;
|
|
|
|
|
|
2016-12-19 11:04:28 -08:00
|
|
|
use App\Models\Accessory;
|
|
|
|
|
use App\Models\Asset;
|
2017-10-27 18:01:11 -07:00
|
|
|
use App\Models\AssetModel;
|
2017-10-07 14:49:47 -07:00
|
|
|
use App\Models\Category;
|
2019-03-13 20:12:03 -07:00
|
|
|
use App\Models\Company;
|
2017-10-27 18:01:11 -07:00
|
|
|
use App\Models\Component;
|
2016-12-19 11:04:28 -08:00
|
|
|
use App\Models\Consumable;
|
2017-10-27 18:01:11 -07:00
|
|
|
use App\Models\CustomField;
|
2018-07-12 18:28:20 -07:00
|
|
|
use App\Models\CustomFieldset;
|
2017-10-27 18:01:11 -07:00
|
|
|
use App\Models\Department;
|
2019-03-13 20:12:03 -07:00
|
|
|
use App\Models\Depreciation;
|
2016-12-19 11:04:28 -08:00
|
|
|
use App\Models\License;
|
2017-10-27 18:01:11 -07:00
|
|
|
use App\Models\Location;
|
2019-03-13 20:12:03 -07:00
|
|
|
use App\Models\Manufacturer;
|
2021-01-26 11:56:42 -08:00
|
|
|
use App\Models\PredefinedKit;
|
2017-10-27 18:01:11 -07:00
|
|
|
use App\Models\Statuslabel;
|
|
|
|
|
use App\Models\Supplier;
|
2016-12-19 11:04:28 -08:00
|
|
|
use App\Models\User;
|
|
|
|
|
use App\Policies\AccessoryPolicy;
|
2017-10-27 18:01:11 -07:00
|
|
|
use App\Policies\AssetModelPolicy;
|
2016-12-19 11:04:28 -08:00
|
|
|
use App\Policies\AssetPolicy;
|
2017-10-27 18:01:11 -07:00
|
|
|
use App\Policies\CategoryPolicy;
|
2019-03-13 20:12:03 -07:00
|
|
|
use App\Policies\CompanyPolicy;
|
2016-12-19 11:04:28 -08:00
|
|
|
use App\Policies\ComponentPolicy;
|
|
|
|
|
use App\Policies\ConsumablePolicy;
|
2017-10-27 18:01:11 -07:00
|
|
|
use App\Policies\CustomFieldPolicy;
|
2018-07-12 18:28:20 -07:00
|
|
|
use App\Policies\CustomFieldsetPolicy;
|
2017-10-27 18:01:11 -07:00
|
|
|
use App\Policies\DepartmentPolicy;
|
2018-03-07 18:22:49 -08:00
|
|
|
use App\Policies\DepreciationPolicy;
|
2016-12-19 11:04:28 -08:00
|
|
|
use App\Policies\LicensePolicy;
|
2017-10-07 15:07:31 -07:00
|
|
|
use App\Policies\LocationPolicy;
|
2019-03-13 20:12:03 -07:00
|
|
|
use App\Policies\ManufacturerPolicy;
|
2021-01-26 11:56:42 -08:00
|
|
|
use App\Policies\PredefinedKitPolicy;
|
2017-10-27 18:01:11 -07:00
|
|
|
use App\Policies\StatuslabelPolicy;
|
|
|
|
|
use App\Policies\SupplierPolicy;
|
2016-12-19 11:04:28 -08:00
|
|
|
use App\Policies\UserPolicy;
|
2017-10-27 18:01:11 -07:00
|
|
|
use Carbon\Carbon;
|
2016-03-25 01:18:05 -07:00
|
|
|
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
|
2016-12-19 11:04:28 -08:00
|
|
|
use Illuminate\Support\Facades\Gate;
|
|
|
|
|
use Laravel\Passport\Passport;
|
2016-03-25 01:18:05 -07:00
|
|
|
|
|
|
|
|
class AuthServiceProvider extends ServiceProvider
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* The policy mappings for the application.
|
|
|
|
|
*
|
2017-12-07 20:59:55 -08:00
|
|
|
* See SnipePermissionsPolicy for additional information.
|
|
|
|
|
*
|
2016-03-25 01:18:05 -07:00
|
|
|
* @var array
|
|
|
|
|
*/
|
|
|
|
|
protected $policies = [
|
2016-12-19 11:04:28 -08:00
|
|
|
Accessory::class => AccessoryPolicy::class,
|
2017-10-27 18:01:11 -07:00
|
|
|
Asset::class => AssetPolicy::class,
|
|
|
|
|
AssetModel::class => AssetModelPolicy::class,
|
|
|
|
|
Category::class => CategoryPolicy::class,
|
2016-12-19 11:04:28 -08:00
|
|
|
Component::class => ComponentPolicy::class,
|
|
|
|
|
Consumable::class => ConsumablePolicy::class,
|
2017-10-27 18:01:11 -07:00
|
|
|
CustomField::class => CustomFieldPolicy::class,
|
2018-07-12 18:28:20 -07:00
|
|
|
CustomFieldset::class => CustomFieldsetPolicy::class,
|
2017-10-27 18:01:11 -07:00
|
|
|
Department::class => DepartmentPolicy::class,
|
2018-03-07 18:22:49 -08:00
|
|
|
Depreciation::class => DepreciationPolicy::class,
|
2016-12-19 11:04:28 -08:00
|
|
|
License::class => LicensePolicy::class,
|
2017-10-07 15:07:31 -07:00
|
|
|
Location::class => LocationPolicy::class,
|
2021-01-26 11:56:42 -08:00
|
|
|
PredefinedKit::class => PredefinedKitPolicy::class,
|
2017-10-27 18:01:11 -07:00
|
|
|
Statuslabel::class => StatuslabelPolicy::class,
|
|
|
|
|
Supplier::class => SupplierPolicy::class,
|
|
|
|
|
User::class => UserPolicy::class,
|
2017-12-07 20:59:55 -08:00
|
|
|
Manufacturer::class => ManufacturerPolicy::class,
|
2018-01-19 17:51:28 -08:00
|
|
|
Company::class => CompanyPolicy::class,
|
2016-03-25 01:18:05 -07:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
/**
|
2016-12-14 04:32:24 -08:00
|
|
|
* Register any authentication / authorization services.
|
2016-03-25 01:18:05 -07:00
|
|
|
*
|
|
|
|
|
* @return void
|
|
|
|
|
*/
|
2016-12-14 04:32:24 -08:00
|
|
|
public function boot()
|
2016-03-25 01:18:05 -07:00
|
|
|
{
|
2017-04-27 07:09:46 -07:00
|
|
|
$this->commands([
|
|
|
|
|
\Laravel\Passport\Console\InstallCommand::class,
|
|
|
|
|
\Laravel\Passport\Console\ClientCommand::class,
|
|
|
|
|
\Laravel\Passport\Console\KeysCommand::class,
|
|
|
|
|
]);
|
2017-10-27 18:01:11 -07:00
|
|
|
|
2016-12-14 10:06:05 -08:00
|
|
|
$this->registerPolicies();
|
2020-11-09 22:52:55 -08:00
|
|
|
Passport::tokensExpireIn(Carbon::now()->addYears(config('passport.expiration_years')));
|
|
|
|
|
Passport::refreshTokensExpireIn(Carbon::now()->addYears(config('passport.expiration_years')));
|
|
|
|
|
Passport::personalAccessTokensExpireIn(Carbon::now()->addYears(config('passport.expiration_years')));
|
2017-01-11 03:38:55 -08:00
|
|
|
|
2024-07-22 06:22:19 -07:00
|
|
|
Passport::cookie(config('passport.cookie_name'));
|
2024-07-22 06:17:16 -07:00
|
|
|
|
2024-04-11 07:15:56 -07:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* BEFORE ANYTHING ELSE
|
|
|
|
|
*
|
|
|
|
|
* If this condition is true, ANYTHING else below will be assumed to be true.
|
|
|
|
|
* This is where we set the superadmin permission to allow superadmins to be able to do everything within the system.
|
|
|
|
|
*
|
|
|
|
|
*/
|
2016-12-14 04:32:24 -08:00
|
|
|
Gate::before(function ($user) {
|
2016-06-02 02:40:49 -07:00
|
|
|
if ($user->isSuperUser()) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
2024-04-11 07:15:56 -07:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* GENERAL GATES
|
|
|
|
|
*
|
|
|
|
|
* These control general sections of the admin. These definitions are used in our blades via @can('blah) and also
|
|
|
|
|
* use in our controllers to determine if a user has access to a certain area.
|
|
|
|
|
*/
|
|
|
|
|
|
2016-12-14 04:32:24 -08:00
|
|
|
Gate::define('admin', function ($user) {
|
2016-06-02 02:40:49 -07:00
|
|
|
if ($user->hasAccess('admin')) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
2023-01-17 16:59:50 -08:00
|
|
|
Gate::define('accessories.files', function ($user) {
|
|
|
|
|
if ($user->hasAccess('accessories.files')) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
2023-01-17 15:45:40 -08:00
|
|
|
Gate::define('components.files', function ($user) {
|
|
|
|
|
if ($user->hasAccess('components.files')) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
2023-01-17 17:15:23 -08:00
|
|
|
Gate::define('consumables.files', function ($user) {
|
|
|
|
|
if ($user->hasAccess('consumables.files')) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
2019-03-18 11:58:08 -07:00
|
|
|
// Can the user import CSVs?
|
|
|
|
|
Gate::define('import', function ($user) {
|
2021-06-10 13:15:52 -07:00
|
|
|
if ($user->hasAccess('import')) {
|
2019-03-18 11:58:08 -07:00
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
2022-09-16 14:00:27 -07:00
|
|
|
Gate::define('licenses.files', function ($user) {
|
|
|
|
|
if ($user->hasAccess('licenses.files')) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
2023-07-19 18:44:59 -07:00
|
|
|
Gate::define('assets.view.encrypted_custom_fields', function ($user) {
|
|
|
|
|
if($user->hasAccess('assets.view.encrypted_custom_fields')){
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
});
|
2022-09-16 14:00:27 -07:00
|
|
|
|
2021-06-10 13:15:52 -07:00
|
|
|
// -----------------------------------------
|
|
|
|
|
// Reports
|
|
|
|
|
// -----------------------------------------
|
2016-12-14 04:32:24 -08:00
|
|
|
Gate::define('reports.view', function ($user) {
|
2016-06-02 02:40:49 -07:00
|
|
|
if ($user->hasAccess('reports.view')) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
2021-06-10 13:15:52 -07:00
|
|
|
// -----------------------------------------
|
|
|
|
|
// Self
|
|
|
|
|
// -----------------------------------------
|
2016-12-14 04:32:24 -08:00
|
|
|
Gate::define('self.two_factor', function ($user) {
|
2016-10-31 16:52:25 -07:00
|
|
|
if (($user->hasAccess('self.two_factor')) || ($user->hasAccess('admin'))) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
});
|
2017-10-27 18:01:11 -07:00
|
|
|
|
2021-06-10 13:15:52 -07:00
|
|
|
Gate::define('self.api', function ($user) {
|
2018-02-25 12:10:02 -08:00
|
|
|
return $user->hasAccess('self.api');
|
|
|
|
|
});
|
|
|
|
|
|
2021-06-10 13:15:52 -07:00
|
|
|
Gate::define('self.edit_location', function ($user) {
|
2018-07-24 12:42:16 -07:00
|
|
|
return $user->hasAccess('self.edit_location');
|
|
|
|
|
});
|
|
|
|
|
|
2021-06-10 13:15:52 -07:00
|
|
|
Gate::define('self.checkout_assets', function ($user) {
|
2018-08-21 23:26:12 -07:00
|
|
|
return $user->hasAccess('self.checkout_assets');
|
|
|
|
|
});
|
|
|
|
|
|
2022-12-14 21:00:35 -08:00
|
|
|
Gate::define('self.view_purchase_cost', function ($user) {
|
|
|
|
|
return $user->hasAccess('self.view_purchase_cost');
|
|
|
|
|
});
|
|
|
|
|
|
2022-02-11 11:46:14 -08:00
|
|
|
// This is largely used to determine whether to display the gear icon sidenav
|
|
|
|
|
// in the left-side navigation
|
2017-10-27 18:01:11 -07:00
|
|
|
Gate::define('backend.interact', function ($user) {
|
2018-03-07 18:22:49 -08:00
|
|
|
return $user->can('view', Statuslabel::class)
|
|
|
|
|
|| $user->can('view', AssetModel::class)
|
|
|
|
|
|| $user->can('view', Category::class)
|
|
|
|
|
|| $user->can('view', Manufacturer::class)
|
|
|
|
|
|| $user->can('view', Supplier::class)
|
|
|
|
|
|| $user->can('view', Department::class)
|
|
|
|
|
|| $user->can('view', Location::class)
|
|
|
|
|
|| $user->can('view', Company::class)
|
|
|
|
|
|| $user->can('view', Manufacturer::class)
|
|
|
|
|
|| $user->can('view', CustomField::class)
|
2021-06-10 13:15:52 -07:00
|
|
|
|| $user->can('view', CustomFieldset::class)
|
2018-03-07 18:22:49 -08:00
|
|
|
|| $user->can('view', Depreciation::class);
|
2017-10-27 18:01:11 -07:00
|
|
|
});
|
2022-02-11 11:46:14 -08:00
|
|
|
|
|
|
|
|
|
2022-02-11 12:02:14 -08:00
|
|
|
// This determines whether or not an API user should be able to get the selectlists.
|
|
|
|
|
// This can seem a little confusing, since view properties may not have been granted
|
2022-02-11 11:46:14 -08:00
|
|
|
// to the logged in API user, but creating assets, licenses, etc won't work
|
|
|
|
|
// if the user can't view and interact with the select lists.
|
|
|
|
|
Gate::define('view.selectlists', function ($user) {
|
2022-02-28 14:38:38 -08:00
|
|
|
return $user->can('update', Asset::class)
|
|
|
|
|
|| $user->can('create', Asset::class)
|
|
|
|
|
|| $user->can('checkout', Asset::class)
|
|
|
|
|
|| $user->can('checkin', Asset::class)
|
|
|
|
|
|| $user->can('audit', Asset::class)
|
|
|
|
|
|| $user->can('update', License::class)
|
|
|
|
|
|| $user->can('create', License::class)
|
|
|
|
|
|| $user->can('update', Component::class)
|
|
|
|
|
|| $user->can('create', Component::class)
|
|
|
|
|
|| $user->can('update', Consumable::class)
|
|
|
|
|
|| $user->can('create', Consumable::class)
|
|
|
|
|
|| $user->can('update', Accessory::class)
|
|
|
|
|
|| $user->can('create', Accessory::class)
|
|
|
|
|
|| $user->can('update', User::class)
|
|
|
|
|
|| $user->can('create', User::class);
|
2017-10-27 18:01:11 -07:00
|
|
|
});
|
2024-06-24 06:02:40 -07:00
|
|
|
|
|
|
|
|
|
|
|
|
|
// This determines whether the user can edit their profile based on the setting in Admin > General
|
|
|
|
|
Gate::define('self.profile', function ($user) {
|
|
|
|
|
return $user->canEditProfile();
|
|
|
|
|
});
|
|
|
|
|
|
2016-03-25 01:18:05 -07:00
|
|
|
}
|
|
|
|
|
}
|
