is_admin) { /* Admin users always get everything, therefore no filters are necessary */ } else if (is_null($user)) { /* Anonymous users need to check the album_anonymous_permissions table. If not in this table, you're not allowed! */ $albumsQuery = Album::join('album_anonymous_permissions', 'album_anonymous_permissions.album_id', '=', 'albums.id') ->join('permissions', 'permissions.id', '=', 'album_anonymous_permissions.permission_id') ->where([ ['permissions.section', 'album'], ['permissions.description', 'list'] ]); } else { /* Other users need to check either the album_group_permissions or album_user_permissions table. If not in either of these tables, you're not allowed! */ $albumsQuery = Album::leftJoin('album_group_permissions', 'album_group_permissions.album_id', '=', 'albums.id') ->leftJoin('album_user_permissions', 'album_user_permissions.album_id', '=', 'albums.id') ->leftJoin('permissions AS group_permissions', 'group_permissions.id', '=', 'album_group_permissions.permission_id') ->leftJoin('permissions AS user_permissions', 'user_permissions.id', '=', 'album_user_permissions.permission_id') ->leftJoin('user_groups', 'user_groups.group_id', '=', 'album_group_permissions.group_id') ->where('albums.user_id', $user->id) ->orWhere([ ['group_permissions.section', 'album'], ['group_permissions.description', 'list'], ['user_groups.user_id', $user->id] ]) ->orWhere([ ['user_permissions.section', 'album'], ['user_permissions.description', 'list'], ['album_user_permissions.user_id', $user->id] ]); } return $albumsQuery->select('albums.*') ->distinct() ->orderBy('name') ->withCount('photos') ->paginate(UserConfig::get('items_per_page')); } }