AccessoryPolicy::class, Asset::class => AssetPolicy::class, AssetModel::class => AssetModelPolicy::class, Category::class => CategoryPolicy::class, Component::class => ComponentPolicy::class, Consumable::class => ConsumablePolicy::class, CustomField::class => CustomFieldPolicy::class, CustomFieldset::class => CustomFieldsetPolicy::class, Department::class => DepartmentPolicy::class, Depreciation::class => DepreciationPolicy::class, License::class => LicensePolicy::class, Location::class => LocationPolicy::class, PredefinedKit::class => PredefinedKitPolicy::class, Statuslabel::class => StatuslabelPolicy::class, Supplier::class => SupplierPolicy::class, User::class => UserPolicy::class, Manufacturer::class => ManufacturerPolicy::class, Company::class => CompanyPolicy::class, ]; /** * Register any authentication / authorization services. * * @return void */ public function boot() { $this->commands([ \Laravel\Passport\Console\InstallCommand::class, \Laravel\Passport\Console\ClientCommand::class, \Laravel\Passport\Console\KeysCommand::class, ]); $this->registerPolicies(); Passport::routes(); Passport::tokensExpireIn(Carbon::now()->addYears(config('passport.expiration_years'))); Passport::refreshTokensExpireIn(Carbon::now()->addYears(config('passport.expiration_years'))); Passport::personalAccessTokensExpireIn(Carbon::now()->addYears(config('passport.expiration_years'))); Passport::withCookieSerialization(); // -------------------------------- // BEFORE ANYTHING ELSE // -------------------------------- // If this condition is true, ANYTHING else below will be assumed // to be true. This can cause weird blade behavior. Gate::before(function ($user) { if ($user->isSuperUser()) { return true; } }); // -------------------------------- // GENERAL GATES // These control general sections of the admin // -------------------------------- Gate::define('admin', function ($user) { if ($user->hasAccess('admin')) { return true; } }); // Can the user import CSVs? Gate::define('import', function ($user) { if ($user->hasAccess('import')) { return true; } }); Gate::define('licenses.files', function ($user) { if ($user->hasAccess('licenses.files')) { return true; } }); // ----------------------------------------- // Reports // ----------------------------------------- Gate::define('reports.view', function ($user) { if ($user->hasAccess('reports.view')) { return true; } }); // ----------------------------------------- // Self // ----------------------------------------- Gate::define('self.two_factor', function ($user) { if (($user->hasAccess('self.two_factor')) || ($user->hasAccess('admin'))) { return true; } }); Gate::define('self.api', function ($user) { return $user->hasAccess('self.api'); }); Gate::define('self.edit_location', function ($user) { return $user->hasAccess('self.edit_location'); }); Gate::define('self.checkout_assets', function ($user) { return $user->hasAccess('self.checkout_assets'); }); // This is largely used to determine whether to display the gear icon sidenav // in the left-side navigation Gate::define('backend.interact', function ($user) { return $user->can('view', Statuslabel::class) || $user->can('view', AssetModel::class) || $user->can('view', Category::class) || $user->can('view', Manufacturer::class) || $user->can('view', Supplier::class) || $user->can('view', Department::class) || $user->can('view', Location::class) || $user->can('view', Company::class) || $user->can('view', Manufacturer::class) || $user->can('view', CustomField::class) || $user->can('view', CustomFieldset::class) || $user->can('view', Depreciation::class); }); // This determines whether or not an API user should be able to get the selectlists. // This can seem a little confusing, since view properties may not have been granted // to the logged in API user, but creating assets, licenses, etc won't work // if the user can't view and interact with the select lists. Gate::define('view.selectlists', function ($user) { return $user->can('update', Asset::class) || $user->can('create', Asset::class) || $user->can('checkout', Asset::class) || $user->can('checkin', Asset::class) || $user->can('audit', Asset::class) || $user->can('update', License::class) || $user->can('create', License::class) || $user->can('update', Component::class) || $user->can('create', Component::class) || $user->can('update', Consumable::class) || $user->can('create', Consumable::class) || $user->can('update', Accessory::class) || $user->can('create', Accessory::class) || $user->can('update', User::class) || $user->can('create', User::class); }); } }