mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-31 16:37:27 -08:00
3cea12565b
* Add Authorizable trait and interface to our user model so we have access to User::can/User::cant. We should take a look at where else our user model has diverged from Larvel since it was created... * Policy cleanup/fixes. This commit adds policies for the missing backend/"settings" areas. The permissions were implemented a while back but the policies did not, so authorizing actions was failing. In addition, this condenses a lot of code in the policies into base classes. Most of the files were identical except for table names, so we move all of the checks into a base class and override the table name in each policy. * Use a better name and permission for the check in the default layout.
45 lines
1.1 KiB
PHP
45 lines
1.1 KiB
PHP
<?php
|
|
namespace App\Policies;
|
|
|
|
|
|
use App\Models\User;
|
|
use App\Policies\SnipePermissionsPolicy;
|
|
|
|
abstract class CheckoutablePermissionsPolicy extends SnipePermissionsPolicy
|
|
{
|
|
/**
|
|
* Determine whether the user can checkout the accessory.
|
|
*
|
|
* @param \App\User $user
|
|
* @return mixed
|
|
*/
|
|
public function checkout(User $user, $item = null)
|
|
{
|
|
return $user->hasAccess($this->columnName().'.checkout');
|
|
}
|
|
|
|
/**
|
|
* Determine whether the user can checkin the accessory.
|
|
*
|
|
* @param \App\User $user
|
|
* @return mixed
|
|
*/
|
|
public function checkin(User $user, $item = null)
|
|
{
|
|
return $user->hasAccess($this->columnName().'.checkin');
|
|
}
|
|
|
|
/**
|
|
* Determine whether the user can manage the accessory.
|
|
*
|
|
* @param \App\User $user
|
|
* @return mixed
|
|
*/
|
|
public function manage(User $user, $item = null)
|
|
{
|
|
return $user->hasAccess($this->columnName().'.checkin')
|
|
|| $user->hasAccess($this->columnName().'.edit')
|
|
|| $user->hasAccess($this->columnName().'.checkout');
|
|
}
|
|
}
|