2017-04-16 09:00:57 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace App\Policies;
|
|
|
|
|
|
|
|
use App\Photo;
|
|
|
|
use App\User;
|
|
|
|
use Illuminate\Auth\Access\HandlesAuthorization;
|
|
|
|
|
|
|
|
class PhotoPolicy
|
|
|
|
{
|
|
|
|
use HandlesAuthorization;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create a new policy instance.
|
|
|
|
*
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
public function __construct()
|
|
|
|
{
|
|
|
|
//
|
|
|
|
}
|
|
|
|
|
|
|
|
public function before($user, $ability)
|
|
|
|
{
|
|
|
|
if ($user->is_admin)
|
|
|
|
{
|
|
|
|
// Admins can do anything
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
public function changeMetadata(User $user, Photo $photo)
|
|
|
|
{
|
|
|
|
if ($user->id == $photo->user_id)
|
|
|
|
{
|
|
|
|
// The photo's owner can do everything
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
return $user->can('change-photo-metadata', $photo->album);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function delete(User $user, Photo $photo)
|
|
|
|
{
|
|
|
|
if ($user->id == $photo->user_id)
|
|
|
|
{
|
|
|
|
// The photo's owner can do everything
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
return $user->can('delete-photos', $photo->album);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function manipulate(User $user, Photo $photo)
|
|
|
|
{
|
|
|
|
if ($user->id == $photo->user_id)
|
|
|
|
{
|
|
|
|
// The photo's owner can do everything
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
return $user->can('manipulate-photos', $photo->album);
|
|
|
|
}
|
2018-09-19 19:54:59 +01:00
|
|
|
|
|
|
|
public function moderateComments(User $user, Photo $photo)
|
|
|
|
{
|
|
|
|
if ($user->id == $photo->user_id)
|
|
|
|
{
|
|
|
|
// The photo's owner can do everything
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
return $user->can('moderate-comments', $photo->album);
|
|
|
|
}
|
2017-04-16 09:00:57 +01:00
|
|
|
}
|