<?php namespace App\Providers; use App\Album; use App\Facade\UserConfig; use App\Group; use App\Permission; use App\Photo; use App\Policies\AlbumPolicy; use App\Policies\PhotoPolicy; use App\User; use function GuzzleHttp\Psr7\mimetype_from_extension; use Illuminate\Support\Facades\Gate; use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider; class AuthServiceProvider extends ServiceProvider { /** * @var Permission[] */ private $permissions; /** * The policy mappings for the application. * * @var array */ protected $policies = [ Album::class => AlbumPolicy::class, Photo::class => PhotoPolicy::class ]; /** * Register any authentication / authorization services. * * @return void */ public function boot() { $this->registerPolicies(); Gate::define('admin:access', function ($user) { return $this->userHasAdminPermission($user, 'access'); }); Gate::define('admin:configure', function ($user) { return $this->userHasAdminPermission($user, 'configure'); }); Gate::define('admin:manage-albums', function ($user) { return $this->userHasAdminPermission($user, 'manage-albums'); }); Gate::define('admin:manage-groups', function ($user) { return $this->userHasAdminPermission($user, 'manage-groups'); }); Gate::define('admin:manage-labels', function ($user) { return $this->userHasAdminPermission($user, 'manage-labels'); }); Gate::define('admin:manage-storage', function ($user) { return $this->userHasAdminPermission($user, 'manage-storage'); }); Gate::define('admin:manage-users', function ($user) { return $this->userHasAdminPermission($user, 'manage-users'); }); Gate::define('photo.download_original', function ($user, Photo $photo) { if (!UserConfig::get('restrict_original_download')) { return true; } return ($user->id == $photo->user_id); }); } private function userHasAdminPermission(User $user, $permissionDescription) { if ($user->is_admin) { return true; } /** @var Group $group */ foreach ($user->groups as $group) { if ($group->hasAdminPermission($group, $this->getAdminPermission($permissionDescription))) { return true; } } return false; } private function getAdminPermission($description) { if (is_null($this->permissions)) { $this->permissions = Permission::where('section', 'admin')->get(); } foreach ($this->permissions as $permission) { if (strtolower($permission->description) == strtolower($description)) { return $permission; } } return null; } }