snipe-it/app/Policies/CheckoutablePermissionsPolicy.php
Daniel Meltzer 3cea12565b Add missing policies (#4330)
* Add Authorizable trait and interface to our user model so we have access to User::can/User::cant.  We should take a look at where else our user model has diverged from Larvel since it was created...

* Policy cleanup/fixes.

This commit adds policies for the missing backend/"settings" areas.  The
permissions were implemented a while back but the policies did not, so
authorizing actions was failing.

In addition, this condenses a lot of code in the policies into base
classes.  Most of the files were identical except for table names, so we
move all of the checks into a base class and override the table name in
each policy.

* Use a better name and permission for the check in the default layout.
2017-10-27 18:01:11 -07:00

45 lines
1.1 KiB
PHP

<?php
namespace App\Policies;
use App\Models\User;
use App\Policies\SnipePermissionsPolicy;
abstract class CheckoutablePermissionsPolicy extends SnipePermissionsPolicy
{
/**
* Determine whether the user can checkout the accessory.
*
* @param \App\User $user
* @return mixed
*/
public function checkout(User $user, $item = null)
{
return $user->hasAccess($this->columnName().'.checkout');
}
/**
* Determine whether the user can checkin the accessory.
*
* @param \App\User $user
* @return mixed
*/
public function checkin(User $user, $item = null)
{
return $user->hasAccess($this->columnName().'.checkin');
}
/**
* Determine whether the user can manage the accessory.
*
* @param \App\User $user
* @return mixed
*/
public function manage(User $user, $item = null)
{
return $user->hasAccess($this->columnName().'.checkin')
|| $user->hasAccess($this->columnName().'.edit')
|| $user->hasAccess($this->columnName().'.checkout');
}
}