snipe-it/app/Policies/SnipePermissionsPolicy.php

<?php
namespace App\Policies;

use App\Models\Company;
use App\Models\User;
use Illuminate\Auth\Access\HandlesAuthorization;

abstract class SnipePermissionsPolicy
{
    // This should return the key of the model in the users json permission string.
    abstract protected function columnName();

        use HandlesAuthorization;

    public function before(User $user, $ability, $item)
    {
        // Lets move all company related checks here.
        if ($item instanceof \App\Models\SnipeModel && !Company::isCurrentUserHasAccess($item)) {
            return false;
        }
        // If an admin, they can do all asset related tasks.
        if ($user->hasAccess('admin')) {
            return true;
        }
    }

    public function index(User $user)
    {
        return $user->hasAccess($this->columnName().'.view');
    }
    /**
     * Determine whether the user can view the accessory.
     *
     * @param  \App\User  $user
     * @return mixed
     */
    public function view(User $user, $item = null)
    {
        return $user->hasAccess($this->columnName().'.view');
    }

    /**
     * Determine whether the user can create accessories.
     *
     * @param  \App\User  $user
     * @return mixed
     */
    public function create(User $user)
    {
        return $user->hasAccess($this->columnName().'.create');
    }

    /**
     * Determine whether the user can update the accessory.
     *
     * @param  \App\User  $user
     * @return mixed
     */
    public function update(User $user, $item = null)
    {
        return $user->hasAccess($this->columnName().'.edit');
    }

    /**
     * Determine whether the user can delete the accessory.
     *
     * @param  \App\User  $user
     * @return mixed
     */
    public function delete(User $user, $item = null)
    {
        return $user->hasAccess($this->columnName().'.delete');
    }

     /**
     * Determine whether the user can manage the accessory.
     *
     * @param  \App\User  $user
     * @return mixed
     */
    public function manage(User $user, $item = null)
    {
        return $user->hasAccess($this->columnName().'.edit');
    }
}
Add missing policies (#4330) * Add Authorizable trait and interface to our user model so we have access to User::can/User::cant. We should take a look at where else our user model has diverged from Larvel since it was created... * Policy cleanup/fixes. This commit adds policies for the missing backend/"settings" areas. The permissions were implemented a while back but the policies did not, so authorizing actions was failing. In addition, this condenses a lot of code in the policies into base classes. Most of the files were identical except for table names, so we move all of the checks into a base class and override the table name in each policy. * Use a better name and permission for the check in the default layout. 2017-10-27 18:01:11 -07:00			`<?php`
			`namespace App\Policies;`

			`use App\Models\Company;`
			`use App\Models\User;`
			`use Illuminate\Auth\Access\HandlesAuthorization;`

			`abstract class SnipePermissionsPolicy`
			`{`
			`// This should return the key of the model in the users json permission string.`
			`abstract protected function columnName();`

			`use HandlesAuthorization;`

			`public function before(User $user, $ability, $item)`
			`{`
			`// Lets move all company related checks here.`
			`if ($item instanceof \App\Models\SnipeModel && !Company::isCurrentUserHasAccess($item)) {`
			`return false;`
			`}`
			`// If an admin, they can do all asset related tasks.`
			`if ($user->hasAccess('admin')) {`
			`return true;`
			`}`
			`}`

			`public function index(User $user)`
			`{`
			`return $user->hasAccess($this->columnName().'.view');`
			`}`
			`/**`
			`* Determine whether the user can view the accessory.`
			`*`
			`* @param \App\User $user`
			`* @return mixed`
			`*/`
			`public function view(User $user, $item = null)`
			`{`
			`return $user->hasAccess($this->columnName().'.view');`
			`}`

			`/**`
			`* Determine whether the user can create accessories.`
			`*`
			`* @param \App\User $user`
			`* @return mixed`
			`*/`
			`public function create(User $user)`
			`{`
			`return $user->hasAccess($this->columnName().'.create');`
			`}`

			`/**`
			`* Determine whether the user can update the accessory.`
			`*`
			`* @param \App\User $user`
			`* @return mixed`
			`*/`
			`public function update(User $user, $item = null)`
			`{`
			`return $user->hasAccess($this->columnName().'.edit');`
			`}`

			`/**`
			`* Determine whether the user can delete the accessory.`
			`*`
			`* @param \App\User $user`
			`* @return mixed`
			`*/`
			`public function delete(User $user, $item = null)`
			`{`
			`return $user->hasAccess($this->columnName().'.delete');`
			`}`

			`/**`
			`* Determine whether the user can manage the accessory.`
			`*`
			`* @param \App\User $user`
			`* @return mixed`
			`*/`
			`public function manage(User $user, $item = null)`
			`{`
			`return $user->hasAccess($this->columnName().'.edit');`
			`}`
			`}`