aheathershaw/blue-twilight
1
0
Fork 0
Code Issues 32 Pull Requests Releases 15 Wiki Activity
56f555cda6
blue-twilight/app/Policies/AlbumPolicy.php

203 lines
5.2 KiB
PHP
Raw Normal View History

#9: Removed Bootstrap and added Semantic UI instead
2017-03-22 09:25:14 +00:00
<?php
namespace App\Policies;
use App\Album;
use App\Group;
use App\Permission;
use App\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class AlbumPolicy
{
use HandlesAuthorization;
/**
* Create a new policy instance.
*
* @return void
*/
public function __construct()
{
//
}
public function before($user, $ability)
{
if ($user->is_admin)
{
// Admins can do anything
return true;
}
}
#3: Permissions can now be set on what users can do with photos in an album. This required re-thinking the available permissions slightly. Photo owners can do anything.
2017-04-16 09:00:57 +01:00
public function changePermissions(User $user, Album $album)
{
// Only the album's owner (or an admin, matched by the before() rule) can change permissions
return $user->id == $album->user_id;
}
public function changePhotoMetadata(User $user, Album $album)
{
if ($user->id == $album->user_id)
{
// The album's owner and can do everything
return true;
}
// Get the edit permission
$permission = Permission::where([
'section' => 'album',
'description' => 'change-photo-metadata'
])->first();
return $this->userHasPermission($user, $album, $permission);
}
Added album deletion policy
2017-09-10 17:21:52 +01:00
public function delete(User $user, Album $album)
{
if ($user->id == $album->user_id)
{
// The album's owner and can do everything
return true;
}
// Get the edit permission
$permission = Permission::where([
'section' => 'album',
'description' => 'delete'
])->first();
return $this->userHasPermission($user, $album, $permission);
}
#3: Permissions can now be set on what users can do with photos in an album. This required re-thinking the available permissions slightly. Photo owners can do anything.
2017-04-16 09:00:57 +01:00
public function deletePhotos(User $user, Album $album)
{
if ($user->id == $album->user_id)
{
// The album's owner and can do everything
return true;
}
// Get the edit permission
$permission = Permission::where([
'section' => 'album',
'description' => 'delete-photos'
])->first();
return $this->userHasPermission($user, $album, $permission);
}
#9: Removed Bootstrap and added Semantic UI instead
2017-03-22 09:25:14 +00:00
public function edit(User $user, Album $album)
{
if ($user->id == $album->user_id)
{
// The album's owner and can do everything
return true;
}
// Get the edit permission
$permission = Permission::where([
'section' => 'album',
'description' => 'edit'
])->first();
#3: Implemented security when viewing an album and its photos
2017-04-15 08:36:17 +01:00
return $this->userHasPermission($user, $album, $permission);
}
#3: Permissions can now be set on what users can do with photos in an album. This required re-thinking the available permissions slightly. Photo owners can do anything.
2017-04-16 09:00:57 +01:00
public function manipulatePhotos(User $user, Album $album)
{
if ($user->id == $album->user_id)
{
// The album's owner and can do everything
return true;
}
// Get the edit permission
$permission = Permission::where([
'section' => 'album',
'description' => 'manipulate-photos'
])->first();
return $this->userHasPermission($user, $album, $permission);
}
public function uploadPhotos(User $user, Album $album)
{
if ($user->id == $album->user_id)
{
// The album's owner and can do everything
return true;
}
// Get the edit permission
$permission = Permission::where([
'section' => 'album',
'description' => 'upload-photos'
])->first();
return $this->userHasPermission($user, $album, $permission);
}
#3: Implemented security when viewing an album and its photos
2017-04-15 08:36:17 +01:00
public function view(User $user, Album $album)
{
if ($user->id == $album->user_id)
{
// The album's owner and can do everything
return true;
}
// Get the edit permission
$permission = Permission::where([
'section' => 'album',
'description' => 'view'
])->first();
return $this->userHasPermission($user, $album, $permission);
}
private function userHasPermission(User $user, Album $album, Permission $permission)
{
if ($user->isAnonymous())
{
$query = Album::query()->join('album_anonymous_permissions', 'album_anonymous_permissions.album_id', '=', 'albums.id')
->join('permissions', 'permissions.id', '=', 'album_anonymous_permissions.permission_id')
#33: Fixed an issue where by the anonymous album check did not include the album ID, thereby allowing access if other albums allowed anonymous users.
2017-09-10 11:18:12 +01:00
->where([
['albums.id', $album->id],
['permissions.id', $permission->id]
]);
#3: Implemented security when viewing an album and its photos
2017-04-15 08:36:17 +01:00
return $query->count() > 0;
}
#9: Removed Bootstrap and added Semantic UI instead
2017-03-22 09:25:14 +00:00
// If any of the user's groups are granted the permission
/** @var Group $group */
foreach ($user->groups as $group)
{
$groupPermission = $album->groupPermissions()->where([
'group_id' => $group->id,
'permission_id' => $permission->id
])->first();
if (!is_null($groupPermission))
{
return true;
}
}
// If the user is directly granted the permission
$userPermission = $album->userPermissions()->where([
'user_id' => $user->id,
'permission_id' => $permission->id
])->first();
if (!is_null($userPermission))
{
return true;
}
// Nope, no permission
return false;
}
}
Reference in New Issue Copy Permalink