Additional auth policies

This commit is contained in:
snipe 2017-10-07 14:49:47 -07:00
parent 6e33f36595
commit 8c406e8e55
3 changed files with 202 additions and 0 deletions

View file

@ -0,0 +1,99 @@
<?php
namespace App\Policies;
use App\Models\Company;
use App\Models\Category;
use App\Models\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class CategoryPolicy
{
use HandlesAuthorization;
public function before(User $user, $ability, $category)
{
// Lets move all company related checks here.
if ($category instanceof \App\Models\Category && !Company::isCurrentUserHasAccess($category)) {
return false;
}
// If an admin, they can do all asset related tasks.
if ($user->hasAccess('admin')) {
return true;
}
}
/**
* Determine whether the user can view the category.
*
* @param \App\Models\User $user
* @param \App\Category $category
* @return mixed
*/
public function view(User $user, Category $category = null)
{
return $user->hasAccess('categories.view');
}
/**
* Determine whether the user can create categories.
*
* @param \App\Models\User $user
* @return mixed
*/
public function create(User $user)
{
return $user->hasAccess('categories.create');
}
/**
* Determine whether the user can update the category.
*
* @param \App\Models\User $user
* @param \App\Category $category
* @return mixed
*/
public function update(User $user, Category $category = null)
{
//
return $user->hasAccess('categories.edit');
}
/**
* Determine whether the user can delete the category.
*
* @param \App\Models\User $user
* @param \App\Category $category
* @return mixed
*/
public function delete(User $user, Category $category = null)
{
//
return $user->hasAccess('categories.delete');
}
/**
* Determine whether the user can view the category index.
*
* @param \App\Models\User $user
* @param \App\Models\Category $category
* @return mixed
*/
public function index(User $user)
{
return $user->hasAccess('categories.view');
}
/**
* Determine whether the user can manage the category.
*
* @param \App\Models\User $user
* @param \App\Models\Category $category
* @return mixed
*/
public function manage(User $user, Category $category = null)
{
return $user->hasAccess('categories.edit');
}
}

View file

@ -0,0 +1,99 @@
<?php
namespace App\Policies;
use App\Models\Company;
use App\Models\Location;
use App\Models\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class LocationPolicy
{
use HandlesAuthorization;
public function before(User $user, $ability, $location)
{
// Lets move all company related checks here.
if ($location instanceof \App\Models\Location && !Company::isCurrentUserHasAccess($location)) {
return false;
}
// If an admin, they can do all asset related tasks.
if ($user->hasAccess('admin')) {
return true;
}
}
/**
* Determine whether the user can view the location.
*
* @param \App\Models\User $user
* @param \App\Models\Location $location
* @return mixed
*/
public function view(User $user, Location $location = null)
{
return $user->hasAccess('locations.view');
}
/**
* Determine whether the user can create locations.
*
* @param \App\Models\\User $user
* @return mixed
*/
public function create(User $user)
{
return $user->hasAccess('locations.create');
}
/**
* Determine whether the user can update the location.
*
* @param \App\Models\User $user
* @param \App\Models\Location $location
* @return mixed
*/
public function update(User $user, Location $location = null)
{
//
return $user->hasAccess('locations.edit');
}
/**
* Determine whether the user can delete the location.
*
* @param \App\Models\User $user
* @param \App\Models\Location $location
* @return mixed
*/
public function delete(User $user, Location $location = null)
{
//
return $user->hasAccess('locations.delete');
}
/**
* Determine whether the user can view the location index.
*
* @param \App\Models\User $user
* @param \App\Models\Accessory $location
* @return mixed
*/
public function index(User $user)
{
return $user->hasAccess('locations.view');
}
/**
* Determine whether the user can manage the location.
*
* @param \App\Models\User $user
* @param \App\Models\Location $location
* @return mixed
*/
public function manage(User $user, Location $location = null)
{
return $user->hasAccess('locations.edit');
}
}

View file

@ -5,7 +5,9 @@ namespace App\Providers;
use App\Models\Accessory;
use Carbon\Carbon;
use App\Models\Asset;
use App\Models\Location;
use App\Models\Component;
use App\Models\Category;
use App\Models\Consumable;
use App\Models\License;
use App\Models\User;
@ -33,6 +35,8 @@ class AuthServiceProvider extends ServiceProvider
Consumable::class => ConsumablePolicy::class,
License::class => LicensePolicy::class,
User::class => UserPolicy::class,
Location::class => LocationPolicy::class,
Category::class => LocationPolicy::class,
];
/**