AlbumPolicy::class, Photo::class => PhotoPolicy::class, User::class => UserPolicy::class ]; /** * Register any authentication / authorization services. * * @return void */ public function boot() { $this->registerPolicies(); Gate::define('admin:access', function ($user) { return $this->userHasAdminPermission($user, 'access'); }); Gate::define('admin:configure', function ($user) { return $this->userHasAdminPermission($user, 'configure'); }); Gate::define('admin:manage-albums', function ($user) { return $this->userHasAdminPermission($user, 'manage-albums'); }); Gate::define('admin:manage-groups', function ($user) { return $this->userHasAdminPermission($user, 'manage-groups'); }); Gate::define('admin:manage-labels', function ($user) { return $this->userHasAdminPermission($user, 'manage-labels'); }); Gate::define('admin:manage-storage', function ($user) { return $this->userHasAdminPermission($user, 'manage-storage'); }); Gate::define('admin:manage-users', function ($user) { return $this->userHasAdminPermission($user, 'manage-users'); }); Gate::define('photo.download_original', function ($user, Photo $photo) { if (!UserConfig::get('restrict_original_download')) { return true; } return ($user->id == $photo->user_id); }); Gate::define('photo.quick_upload', function($user) { $can = true; $can &= $this->userHasAdminPermission($user, 'access'); $can &= $this->userHasAdminPermission($user, 'manage-albums'); return $can; }); Gate::define('statistics.public-access', function ($user) { return UserConfig::get('public_statistics') || !$user->isAnonymous(); }); Gate::define('photo:post-comment', function(User $user) { if ($user->isAnonymous()) { return UserConfig::get('allow_photo_comments_anonymous'); }; return true; }); } private function userHasAdminPermission(User $user, $permissionDescription) { if ($user->is_admin) { return true; } /** @var Group $group */ foreach ($user->groups as $group) { if ($group->hasAdminPermission($group, $this->getAdminPermission($permissionDescription))) { return true; } } return false; } private function getAdminPermission($description) { if (is_null($this->permissions)) { $this->permissions = Permission::where('section', 'admin')->get(); } foreach ($this->permissions as $permission) { if (strtolower($permission->description) == strtolower($description)) { return $permission; } } return null; } }