snipe-it/app/Policies/AccessoryPolicy.php

<?php

namespace App\Policies;

use App\Models\Accessory;
use App\Models\Company;
use App\Models\User;
use Illuminate\Auth\Access\HandlesAuthorization;

class AccessoryPolicy
{
    use HandlesAuthorization;

    public function before(User $user, $ability, $accessory)
    {
        // Lets move all company related checks here.
        if ($accessory instanceof \App\Models\Accessory && !Company::isCurrentUserHasAccess($accessory)) {
            return false;
        }
        // If an admin, they can do all asset related tasks.
        if ($user->hasAccess('admin')) {
            return true;
        }
    }

    public function index(User $user)
    {
        // dd('here');
        return $user->hasAccess('accessories.view');
    }
    /**
     * Determine whether the user can view the accessory.
     *
     * @param  \App\User  $user
     * @param  \App\Accessory  $accessory
     * @return mixed
     */
    public function view(User $user, Accessory $accessory = null)
    {
        //
        return $user->hasAccess('accessories.view');
    }

    /**
     * Determine whether the user can create accessories.
     *
     * @param  \App\User  $user
     * @return mixed
     */
    public function create(User $user)
    {
        //
        return $user->hasAccess('accessories.create');
    }

    /**
     * Determine whether the user can update the accessory.
     *
     * @param  \App\User  $user
     * @param  \App\Accessory  $accessory
     * @return mixed
     */
    public function update(User $user, Accessory $accessory = null)
    {
        //
        return $user->hasAccess('accessories.edit');
    }

    /**
     * Determine whether the user can delete the accessory.
     *
     * @param  \App\User  $user
     * @param  \App\Accessory  $accessory
     * @return mixed
     */
    public function delete(User $user, Accessory $accessory = null)
    {
        //
        return $user->hasAccess('accessories.delete');
    }

   /**
     * Determine whether the user can checkout the accessory.
     *
     * @param  \App\User  $user
     * @param  \App\Accessory  $accessory
     * @return mixed
     */
    public function checkout(User $user, Accessory $accessory = null)
    {
        return $user->hasAccess('accessories.checkout');
    }

   /**
     * Determine whether the user can checkin the accessory.
     *
     * @param  \App\User  $user
     * @param  \App\Accessory  $accessory
     * @return mixed
     */
    public function checkin(User $user, Accessory $accessory = null)
    {
        return $user->hasAccess('accessories.checkin');
    }

     /**
     * Determine whether the user can manage the accessory.
     *
     * @param  \App\User  $user
     * @param  \App\Accessory  $accessory
     * @return mixed
     */
    public function manage(User $user, Accessory $accessory = null)
    {
        return $user->hasAccess('accessories.checkin')
             || $user->hasAccess('accessories.edit')
             || $user->hasAccess('accessories.checkout');
    }
}
Discussion: Moving to policies for controller based authorization (#3080) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. 2016-12-19 11:04:28 -08:00			`<?php`

			`namespace App\Policies;`

			`use App\Models\Accessory;`
			`use App\Models\Company;`
			`use App\Models\User;`
			`use Illuminate\Auth\Access\HandlesAuthorization;`

			`class AccessoryPolicy`
			`{`
			`use HandlesAuthorization;`

			`public function before(User $user, $ability, $accessory)`
			`{`
			`// Lets move all company related checks here.`
			`if ($accessory instanceof \App\Models\Accessory && !Company::isCurrentUserHasAccess($accessory)) {`
			`return false;`
			`}`
			`// If an admin, they can do all asset related tasks.`
			`if ($user->hasAccess('admin')) {`
			`return true;`
			`}`
			`}`

			`public function index(User $user)`
			`{`
			`// dd('here');`
			`return $user->hasAccess('accessories.view');`
			`}`
			`/**`
			`* Determine whether the user can view the accessory.`
			`*`
			`* @param \App\User $user`
			`* @param \App\Accessory $accessory`
			`* @return mixed`
			`*/`
			`public function view(User $user, Accessory $accessory = null)`
			`{`
			`//`
			`return $user->hasAccess('accessories.view');`
			`}`

			`/**`
			`* Determine whether the user can create accessories.`
			`*`
			`* @param \App\User $user`
			`* @return mixed`
			`*/`
			`public function create(User $user)`
			`{`
			`//`
			`return $user->hasAccess('accessories.create');`
			`}`

			`/**`
			`* Determine whether the user can update the accessory.`
			`*`
			`* @param \App\User $user`
			`* @param \App\Accessory $accessory`
			`* @return mixed`
			`*/`
			`public function update(User $user, Accessory $accessory = null)`
			`{`
			`//`
			`return $user->hasAccess('accessories.edit');`
			`}`

			`/**`
			`* Determine whether the user can delete the accessory.`
			`*`
			`* @param \App\User $user`
			`* @param \App\Accessory $accessory`
			`* @return mixed`
			`*/`
			`public function delete(User $user, Accessory $accessory = null)`
			`{`
			`//`
			`return $user->hasAccess('accessories.delete');`
			`}`

			`/**`
			`* Determine whether the user can checkout the accessory.`
			`*`
			`* @param \App\User $user`
			`* @param \App\Accessory $accessory`
			`* @return mixed`
			`*/`
			`public function checkout(User $user, Accessory $accessory = null)`
			`{`
			`return $user->hasAccess('accessories.checkout');`
			`}`

			`/**`
			`* Determine whether the user can checkin the accessory.`
			`*`
			`* @param \App\User $user`
			`* @param \App\Accessory $accessory`
			`* @return mixed`
			`*/`
			`public function checkin(User $user, Accessory $accessory = null)`
			`{`
			`return $user->hasAccess('accessories.checkin');`
			`}`

			`/**`
			`* Determine whether the user can manage the accessory.`
			`*`
			`* @param \App\User $user`
			`* @param \App\Accessory $accessory`
			`* @return mixed`
			`*/`
			`public function manage(User $user, Accessory $accessory = null)`
			`{`
			`return $user->hasAccess('accessories.checkin')`
			`\|\| $user->hasAccess('accessories.edit')`
			`\|\| $user->hasAccess('accessories.checkout');`
			`}`
			`}`