blue-twilight/app/Policies/AlbumPolicy.php

153 lines
3.7 KiB
PHP
Raw Normal View History

<?php
namespace App\Policies;
use App\Album;
use App\Facade\UserConfig;
use App\Group;
use App\Helpers\PermissionsHelper;
use App\Permission;
use App\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class AlbumPolicy
{
use HandlesAuthorization;
/**
* Create a new policy instance.
*
* @return void
*/
public function __construct()
{
//
}
public function before($user, $ability)
{
if ($user->is_admin)
{
// Admins can do anything
return true;
}
}
public function changePermissions(User $user, Album $album)
{
// Only the album's owner (or an admin, matched by the before() rule) can change permissions
return $user->id == $album->user_id;
}
public function changePhotoMetadata(User $user, Album $album)
{
if ($user->id == $album->user_id)
{
// The album's owner and can do everything
return true;
}
return $this->userHasPermission($user, $album, 'change-photo-metadata');
}
2017-09-10 17:21:52 +01:00
public function delete(User $user, Album $album)
{
if ($user->id == $album->user_id)
{
// The album's owner and can do everything
return true;
}
return $this->userHasPermission($user, $album, 'delete');
2017-09-10 17:21:52 +01:00
}
public function deletePhotos(User $user, Album $album)
{
if ($user->id == $album->user_id)
{
// The album's owner and can do everything
return true;
}
return $this->userHasPermission($user, $album, 'delete-photos');
}
public function edit(User $user, Album $album)
{
if ($user->id == $album->user_id)
{
// The album's owner and can do everything
return true;
}
return $this->userHasPermission($user, $album, 'edit');
}
public function manipulatePhotos(User $user, Album $album)
{
if ($user->id == $album->user_id)
{
// The album's owner and can do everything
return true;
}
return $this->userHasPermission($user, $album, 'manipulate-photos');
}
public function moderateComments(User $user, Album $album)
{
if ($user->id == $album->user_id)
{
// The album's owner and can do everything
return true;
}
return $this->userHasPermission($user, $album, 'moderate-comments');
}
public function postComment(User $user, Album $album)
{
if ($user->id == $album->user_id)
{
// The album's owner and can do everything
return true;
}
// Don't allow comments to be posted if anonymous user, and anonymous comments disabled
if ($user->isAnonymous() && !UserConfig::get('allow_photo_comments_anonymous'))
{
return false;
}
return $this->userHasPermission($user, $album, 'post-comment');
}
public function uploadPhotos(User $user, Album $album)
{
if ($user->id == $album->user_id)
{
// The album's owner and can do everything
return true;
}
return $this->userHasPermission($user, $album, 'upload-photos');
}
public function view(User $user, Album $album)
{
if ($user->id == $album->user_id)
{
// The album's owner and can do everything
return true;
}
return $this->userHasPermission($user, $album, 'view');
}
private function userHasPermission(User $user, Album $album, $permission)
{
$helper = new PermissionsHelper();
return $helper->userCan_Album($album, $user, $permission);
}
}