AlbumPolicy::class ]; /** * Register any authentication / authorization services. * * @return void */ public function boot() { $this->registerPolicies(); Gate::define('admin:access', function ($user) { return $this->userHasAdminPermission($user, 'access'); }); Gate::define('admin:configure', function ($user) { return $this->userHasAdminPermission($user, 'configure'); }); Gate::define('admin:manage-albums', function ($user) { return $this->userHasAdminPermission($user, 'manage-albums'); }); Gate::define('photo.download_original', function ($user, Photo $photo) { if (!UserConfig::get('restrict_original_download')) { return true; } return ($user->id == $photo->user_id); }); } private function userHasAdminPermission(User $user, $permissionDescription) { if ($user->is_admin) { return true; } /** @var Group $group */ foreach ($user->groups as $group) { if ($group->hasAdminPermission($group, $this->getAdminPermission($permissionDescription))) { return true; } } return false; } private function getAdminPermission($description) { if (is_null($this->permissions)) { $this->permissions = Permission::where('section', 'admin')->get(); } foreach ($this->permissions as $permission) { if (strtolower($permission->description) == strtolower($description)) { return $permission; } } return null; } }