snipe-it/app/Policies/LicensePolicy.php
snipe d016076806
Fixed #6956 - viewKeys policy inconsistent (#7009)
* Fixed #6956 - Added additional gates show showing/hiding license keys

* Modified gate to allow user to see licenses if they can create or edit the license as well
2019-05-08 08:14:49 -04:00

40 lines
1.1 KiB
PHP

<?php
namespace App\Policies;
use App\Models\License;
use App\Models\User;
use App\Policies\CheckoutablePermissionsPolicy;
class LicensePolicy extends CheckoutablePermissionsPolicy
{
protected function columnName()
{
return 'licenses';
}
/**
* Determine whether the user can view license keys.
* This gets a little tricky, UX/logic-wise. If a user has the ability
* to create a license (which requires a product key), shouldn't they
* have the ability to see the product key as well?
*
* Example: I create the license, realize I need to change
* something (maybe I got the product key wrong), and now I can never
* see/edit that product key.
*
* @see https://github.com/snipe/snipe-it/issues/6956
* @param \App\Models\User $user
* @param \App\Models\License $license
* @return mixed
*/
public function viewKeys(User $user, License $license = null)
{
if ($user->hasAccess('licenses.keys') || $user->hasAccess('licenses.create') || $user->hasAccess('licenses.edit')) {
return true;
}
return false;
}
}