snipe-it/app/Policies/AssetPolicy.php
Daniel Meltzer cd8c585377 Discussion: Moving to policies for controller based authorization (#3080)
* Make delete routes work.  We put a little form in the modal that spoofs the delete field.

* Fix route on creating a user.

* Fix redundant id parameter.

* Port acceptance tests to new urls.

* Initial work on migrating to model based policies instead of global gates.  Will allow for much more detailed permissions bits in the future.

* This needs to stay for the dashboard checks.

* Add user states for permissions to build tests.

* Build up unit tests for gates/permissions.  Move accessories/consumables/assets to policies instead of in authserviceprovider

* Migrate various locations to new syntax.  Update test to be more specific

* Fix functional tests.

Add an artisan command for installing a settings setup on travis-ci

* Try a different id... Need to come up with a better way of passing the id for tests that need an existing one.

* Try to fix travis

* Update urls to use routes and not hardcode old paths.  Also fix some migration errors found along the way.:

* Add a environment for travis functional tests.

* Adjust config file to make travis use it.

* Use redirect()->route instead of redirect()-to

* Dump all failures in the output directory if travis fails.

* Cleanups and minor fixes.

* Adjust the supplier modelfactory to comply with new validation restrictions.

* Some test fixes.

* Locales can be longer than 5 characters according to faker... fex gez_ET.  Increase lenght in mysql and add a validation

* Update test database dump to latest migrations.
2016-12-19 11:04:28 -08:00

82 lines
1.9 KiB
PHP

<?php
namespace App\Policies;
use App\Models\Asset;
use App\Models\Company;
use App\Models\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class AssetPolicy
{
use HandlesAuthorization;
/**
* Create a new policy instance.
*
* @return void
*/
public function __construct()
{
//
}
public function before(User $user, $ability, $asset)
{
// Lets move all company related checks here.
if ($asset instanceof \App\Models\Asset && !Company::isCurrentUserHasAccess($asset)) {
return false;
}
// If an admin, they can do all asset related tasks.
if ($user->hasAccess('admin')) {
return true;
}
}
public function index(User $user)
{
return $user->hasAccess('assets.view');
}
public function view(User $user, Asset $asset)
{
return $user->hasAccess('assets.view');
}
public function viewRequestable(User $user, Asset $asset=null)
{
return $user->hasAccess('assets.view.requestable');
}
public function create(User $user)
{
return $user->hasAccess('assets.create');
}
public function checkout(User $user, Asset $asset = null)
{
return $user->hasAccess('assets.checkout');
}
public function checkin(User $user, Asset $asset = null)
{
return $user->hasAccess('assets.checkin');
}
public function delete(User $user, Asset $asset = null)
{
return $user->hasAccess('assets.delete');
}
public function manage(User $user, Asset $asset = null)
{
return $user->hasAccess('assets.checkin')
|| $user->hasAccess('assets.edit')
|| $user->hasAccess('assets.delete')
|| $user->hasAccess('assets.checkout');
}
public function update(User $user, Asset $asset = null)
{
return $user->hasAccess('assets.edit');
}
}