snipe-it/app/Policies/ConsumablePolicy.php

<?php

namespace App\Policies;

use App\Models\Company;
use App\Models\Consumable;
use App\Models\User;
use Illuminate\Auth\Access\HandlesAuthorization;

class ConsumablePolicy
{
    use HandlesAuthorization;


    public function before(User $user, $ability, $consumable)
    {
        // Lets move all company related checks here.
        if ($consumable instanceof \App\Models\Consumable && !Company::isCurrentUserHasAccess($consumable)) {
            return false;
        }
        // If an admin, they can do all asset related tasks.
        if ($user->hasAccess('admin')) {
            return true;
        }
    }
    /**
     * Determine whether the user can view the consumable.
     *
     * @param  \App\User  $user
     * @param  \App\Consumable  $consumable
     * @return mixed
     */
    public function view(User $user, Consumable $consumable = null)
    {
        //
        return $user->hasAccess('consumables.view');
    }

    /**
     * Determine whether the user can create consumables.
     *
     * @param  \App\User  $user
     * @return mixed
     */
    public function create(User $user)
    {
        //
        return $user->hasAccess('consumables.create');
    }

    /**
     * Determine whether the user can update the consumable.
     *
     * @param  \App\User  $user
     * @param  \App\Consumable  $consumable
     * @return mixed
     */
    public function update(User $user, Consumable $consumable = null)
    {
        //
        return $user->hasAccess('consumables.edit');
    }

    /**
     * Determine whether the user can delete the consumable.
     *
     * @param  \App\User  $user
     * @param  \App\Consumable  $consumable
     * @return mixed
     */
    public function delete(User $user, Consumable $consumable = null)
    {
        //
        return $user->hasAccess('consumables.delete');
    }

   /**
     * Determine whether the user can checkout the consumable.
     *
     * @param  \App\User  $user
     * @param  \App\Accessory  $consumable
     * @return mixed
     */
    public function checkout(User $user, Consumable $consumable = null)
    {
        return $user->hasAccess('consumables.checkout');
    }

   /**
     * Determine whether the user can checkin the consumable.
     *
     * @param  \App\User  $user
     * @param  \App\Consumable  $consumable
     * @return mixed
     */
    public function checkin(User $user, Consumable $consumable = null)
    {
        return $user->hasAccess('consumables.checkin');
    }

    public function index(User $user)
    {
        return $user->hasAccess('consumables.view');
    }

     /**
     * Determine whether the user can manage the consumable.
     *
     * @param  \App\User  $user
     * @param  \App\Consumable  $consumable
     * @return mixed
     */
    public function manage(User $user, Consumable $consumable = null)
    {
        return $user->hasAccess('consumables.checkin')
             || $user->hasAccess('consumables.edit')
             || $user->hasAccess('consumables.checkout');
    }
}
Discussion: Moving to policies for controller based authorization (#3080) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. 2016-12-19 11:04:28 -08:00			`<?php`

			`namespace App\Policies;`

			`use App\Models\Company;`
			`use App\Models\Consumable;`
			`use App\Models\User;`
			`use Illuminate\Auth\Access\HandlesAuthorization;`

			`class ConsumablePolicy`
			`{`
			`use HandlesAuthorization;`


			`public function before(User $user, $ability, $consumable)`
			`{`
			`// Lets move all company related checks here.`
			`if ($consumable instanceof \App\Models\Consumable && !Company::isCurrentUserHasAccess($consumable)) {`
			`return false;`
			`}`
			`// If an admin, they can do all asset related tasks.`
			`if ($user->hasAccess('admin')) {`
			`return true;`
			`}`
			`}`
			`/**`
			`* Determine whether the user can view the consumable.`
			`*`
			`* @param \App\User $user`
			`* @param \App\Consumable $consumable`
			`* @return mixed`
			`*/`
			`public function view(User $user, Consumable $consumable = null)`
			`{`
			`//`
			`return $user->hasAccess('consumables.view');`
			`}`

			`/**`
			`* Determine whether the user can create consumables.`
			`*`
			`* @param \App\User $user`
			`* @return mixed`
			`*/`
			`public function create(User $user)`
			`{`
			`//`
			`return $user->hasAccess('consumables.create');`
			`}`

			`/**`
			`* Determine whether the user can update the consumable.`
			`*`
			`* @param \App\User $user`
			`* @param \App\Consumable $consumable`
			`* @return mixed`
			`*/`
			`public function update(User $user, Consumable $consumable = null)`
			`{`
			`//`
			`return $user->hasAccess('consumables.edit');`
			`}`

			`/**`
			`* Determine whether the user can delete the consumable.`
			`*`
			`* @param \App\User $user`
			`* @param \App\Consumable $consumable`
			`* @return mixed`
			`*/`
			`public function delete(User $user, Consumable $consumable = null)`
			`{`
			`//`
			`return $user->hasAccess('consumables.delete');`
			`}`

			`/**`
			`* Determine whether the user can checkout the consumable.`
			`*`
			`* @param \App\User $user`
			`* @param \App\Accessory $consumable`
			`* @return mixed`
			`*/`
			`public function checkout(User $user, Consumable $consumable = null)`
			`{`
			`return $user->hasAccess('consumables.checkout');`
			`}`

			`/**`
			`* Determine whether the user can checkin the consumable.`
			`*`
			`* @param \App\User $user`
			`* @param \App\Consumable $consumable`
			`* @return mixed`
			`*/`
			`public function checkin(User $user, Consumable $consumable = null)`
			`{`
			`return $user->hasAccess('consumables.checkin');`
			`}`

			`public function index(User $user)`
			`{`
			`return $user->hasAccess('consumables.view');`
			`}`

			`/**`
			`* Determine whether the user can manage the consumable.`
			`*`
			`* @param \App\User $user`
			`* @param \App\Consumable $consumable`
			`* @return mixed`
			`*/`
			`public function manage(User $user, Consumable $consumable = null)`
			`{`
			`return $user->hasAccess('consumables.checkin')`
			`\|\| $user->hasAccess('consumables.edit')`
			`\|\| $user->hasAccess('consumables.checkout');`
			`}`
			`}`