blue-twilight/app/Providers/AuthServiceProvider.php

<?php

namespace App\Providers;

use App\Album;
use App\Facade\UserConfig;
use App\Group;
use App\Permission;
use App\Photo;
use App\Policies\AlbumPolicy;
use App\Policies\PhotoPolicy;
use App\User;
use function GuzzleHttp\Psr7\mimetype_from_extension;
use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;

class AuthServiceProvider extends ServiceProvider
{
    /**
     * @var Permission[]
     */
    private $permissions;

    /**
     * The policy mappings for the application.
     *
     * @var array
     */
    protected $policies = [
        Album::class => AlbumPolicy::class,
        Photo::class => PhotoPolicy::class
    ];

    /**
     * Register any authentication / authorization services.
     *
     * @return void
     */
    public function boot()
    {
        $this->registerPolicies();

        Gate::define('admin:access', function ($user)
        {
            return $this->userHasAdminPermission($user, 'access');
        });
        Gate::define('admin:configure', function ($user)
        {
            return $this->userHasAdminPermission($user, 'configure');
        });
        Gate::define('admin:manage-albums', function ($user)
        {
            return $this->userHasAdminPermission($user, 'manage-albums');
        });
        Gate::define('admin:manage-groups', function ($user)
        {
            return $this->userHasAdminPermission($user, 'manage-groups');
        });
        Gate::define('admin:manage-labels', function ($user)
        {
            return $this->userHasAdminPermission($user, 'manage-labels');
        });
        Gate::define('admin:manage-storage', function ($user)
        {
            return $this->userHasAdminPermission($user, 'manage-storage');
        });
        Gate::define('admin:manage-users', function ($user)
        {
            return $this->userHasAdminPermission($user, 'manage-users');
        });

        Gate::define('photo.download_original', function ($user, Photo $photo)
        {
            if (!UserConfig::get('restrict_original_download'))
            {
                return true;
            }

            return ($user->id == $photo->user_id);
        });

        Gate::define('photo.quick_upload', function($user)
        {
            $can = true;
            $can &= $this->userHasAdminPermission($user, 'access');
            $can &= $this->userHasAdminPermission($user, 'manage-albums');

            return $can;
        });

        Gate::define('statistics.public-access', function ($user)
        {
            return UserConfig::get('public_statistics') || !$user->isAnonymous();
        });
    }

    private function userHasAdminPermission(User $user, $permissionDescription)
    {
        if ($user->is_admin)
        {
            return true;
        }

        /** @var Group $group */
        foreach ($user->groups as $group)
        {
            if ($group->hasAdminPermission($group, $this->getAdminPermission($permissionDescription)))
            {
                return true;
            }
        }

        return false;
    }

    private function getAdminPermission($description)
    {
        if (is_null($this->permissions))
        {
            $this->permissions = Permission::where('section', 'admin')->get();
        }

        foreach ($this->permissions as $permission)
        {
            if (strtolower($permission->description) == strtolower($description))
            {
                return $permission;
            }
        }

        return null;
    }
}
Added Laravel 5.3.6 and the basic registration, login and the start of the admin section 2016-09-01 16:23:39 +01:00			`<?php`

			`namespace App\Providers;`

Added a new option for albums - private albums. These are only visible (and accessible) to owners. 2016-09-09 16:59:13 +01:00			`use App\Album;`
Added hotlink protection and restricting access to the original image to the photo's owner 2016-09-11 07:19:11 +01:00			`use App\Facade\UserConfig;`
#3: It's now possible to restrict access to the admin panel, managing albums and settings functions by user group 2017-04-15 09:41:15 +01:00			`use App\Group;`
			`use App\Permission;`
Added hotlink protection and restricting access to the original image to the photo's owner 2016-09-11 07:19:11 +01:00			`use App\Photo;`
#3: Implemented more fine-grained permissions into the admin portal 2017-03-21 22:10:36 +00:00			`use App\Policies\AlbumPolicy;`
#3: Permissions can now be set on what users can do with photos in an album. This required re-thinking the available permissions slightly. Photo owners can do anything. 2017-04-16 09:00:57 +01:00			`use App\Policies\PhotoPolicy;`
#3: It's now possible to restrict access to the admin panel, managing albums and settings functions by user group 2017-04-15 09:41:15 +01:00			`use App\User;`
			`use function GuzzleHttp\Psr7\mimetype_from_extension;`
Added Laravel 5.3.6 and the basic registration, login and the start of the admin section 2016-09-01 16:23:39 +01:00			`use Illuminate\Support\Facades\Gate;`
			`use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;`

			`class AuthServiceProvider extends ServiceProvider`
			`{`
#3: It's now possible to restrict access to the admin panel, managing albums and settings functions by user group 2017-04-15 09:41:15 +01:00			`/**`
			`* @var Permission[]`
			`*/`
			`private $permissions;`

Added Laravel 5.3.6 and the basic registration, login and the start of the admin section 2016-09-01 16:23:39 +01:00			`/**`
			`* The policy mappings for the application.`
			`*`
			`* @var array`
			`*/`
			`protected $policies = [`
#3: Permissions can now be set on what users can do with photos in an album. This required re-thinking the available permissions slightly. Photo owners can do anything. 2017-04-16 09:00:57 +01:00			`Album::class => AlbumPolicy::class,`
			`Photo::class => PhotoPolicy::class`
Added Laravel 5.3.6 and the basic registration, login and the start of the admin section 2016-09-01 16:23:39 +01:00			`];`

			`/**`
			`* Register any authentication / authorization services.`
			`*`
			`* @return void`
			`*/`
			`public function boot()`
			`{`
			`$this->registerPolicies();`

#3: It's now possible to restrict access to the admin panel, managing albums and settings functions by user group 2017-04-15 09:41:15 +01:00			`Gate::define('admin:access', function ($user)`
Added hotlink protection and restricting access to the original image to the photo's owner 2016-09-11 07:19:11 +01:00			`{`
#3: It's now possible to restrict access to the admin panel, managing albums and settings functions by user group 2017-04-15 09:41:15 +01:00			`return $this->userHasAdminPermission($user, 'access');`
Added Laravel 5.3.6 and the basic registration, login and the start of the admin section 2016-09-01 16:23:39 +01:00			`});`
#3: It's now possible to restrict access to the admin panel, managing albums and settings functions by user group 2017-04-15 09:41:15 +01:00			`Gate::define('admin:configure', function ($user)`
#3: User permissions can now be specified for an album. Added a new config to the User class that allows users to login and manage albums without needing full admin access 2017-03-21 21:48:55 +00:00			`{`
#3: It's now possible to restrict access to the admin panel, managing albums and settings functions by user group 2017-04-15 09:41:15 +01:00			`return $this->userHasAdminPermission($user, 'configure');`
#3: User permissions can now be specified for an album. Added a new config to the User class that allows users to login and manage albums without needing full admin access 2017-03-21 21:48:55 +00:00			`});`
#3: It's now possible to restrict access to the admin panel, managing albums and settings functions by user group 2017-04-15 09:41:15 +01:00			`Gate::define('admin:manage-albums', function ($user)`
			`{`
			`return $this->userHasAdminPermission($user, 'manage-albums');`
			`});`
#3: Implemented admin security for groups, users and storage locations 2017-04-15 09:58:33 +01:00			`Gate::define('admin:manage-groups', function ($user)`
			`{`
			`return $this->userHasAdminPermission($user, 'manage-groups');`
			`});`
#29: Labels can now be added and managed through the admin panel 2017-09-10 09:07:56 +01:00			`Gate::define('admin:manage-labels', function ($user)`
			`{`
			`return $this->userHasAdminPermission($user, 'manage-labels');`
			`});`
#3: Implemented admin security for groups, users and storage locations 2017-04-15 09:58:33 +01:00			`Gate::define('admin:manage-storage', function ($user)`
			`{`
			`return $this->userHasAdminPermission($user, 'manage-storage');`
			`});`
			`Gate::define('admin:manage-users', function ($user)`
			`{`
			`return $this->userHasAdminPermission($user, 'manage-users');`
			`});`
#3: It's now possible to restrict access to the admin panel, managing albums and settings functions by user group 2017-04-15 09:41:15 +01:00
Added hotlink protection and restricting access to the original image to the photo's owner 2016-09-11 07:19:11 +01:00			`Gate::define('photo.download_original', function ($user, Photo $photo)`
			`{`
			`if (!UserConfig::get('restrict_original_download'))`
			`{`
			`return true;`
			`}`

			`return ($user->id == $photo->user_id);`
			`});`
#2: Basic implementation of the quick-upload/quick-post feature 2017-09-10 15:10:45 +01:00
			`Gate::define('photo.quick_upload', function($user)`
			`{`
			`$can = true;`
			`$can &= $this->userHasAdminPermission($user, 'access');`
			`$can &= $this->userHasAdminPermission($user, 'manage-albums');`

			`return $can;`
			`});`
#3: Merged the two photo charts into one and added a "number at-a-glance" widget on the statistics page 2017-09-10 17:02:15 +01:00
			`Gate::define('statistics.public-access', function ($user)`
			`{`
			`return UserConfig::get('public_statistics') \|\| !$user->isAnonymous();`
			`});`
Added Laravel 5.3.6 and the basic registration, login and the start of the admin section 2016-09-01 16:23:39 +01:00			`}`
#3: It's now possible to restrict access to the admin panel, managing albums and settings functions by user group 2017-04-15 09:41:15 +01:00
			`private function userHasAdminPermission(User $user, $permissionDescription)`
			`{`
			`if ($user->is_admin)`
			`{`
			`return true;`
			`}`

			`/** @var Group $group */`
			`foreach ($user->groups as $group)`
			`{`
			`if ($group->hasAdminPermission($group, $this->getAdminPermission($permissionDescription)))`
			`{`
			`return true;`
			`}`
			`}`

			`return false;`
			`}`

			`private function getAdminPermission($description)`
			`{`
			`if (is_null($this->permissions))`
			`{`
			`$this->permissions = Permission::where('section', 'admin')->get();`
			`}`

			`foreach ($this->permissions as $permission)`
			`{`
			`if (strtolower($permission->description) == strtolower($description))`
			`{`
			`return $permission;`
			`}`
			`}`

			`return null;`
			`}`
Added Laravel 5.3.6 and the basic registration, login and the start of the admin section 2016-09-01 16:23:39 +01:00			`}`