blue-twilight/app/Providers/AuthServiceProvider.php

120 lines
3.1 KiB
PHP

<?php
namespace App\Providers;
use App\Album;
use App\Facade\UserConfig;
use App\Group;
use App\Permission;
use App\Photo;
use App\Policies\AlbumPolicy;
use App\Policies\PhotoPolicy;
use App\User;
use function GuzzleHttp\Psr7\mimetype_from_extension;
use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
class AuthServiceProvider extends ServiceProvider
{
/**
* @var Permission[]
*/
private $permissions;
/**
* The policy mappings for the application.
*
* @var array
*/
protected $policies = [
Album::class => AlbumPolicy::class,
Photo::class => PhotoPolicy::class
];
/**
* Register any authentication / authorization services.
*
* @return void
*/
public function boot()
{
$this->registerPolicies();
Gate::define('admin:access', function ($user)
{
return $this->userHasAdminPermission($user, 'access');
});
Gate::define('admin:configure', function ($user)
{
return $this->userHasAdminPermission($user, 'configure');
});
Gate::define('admin:manage-albums', function ($user)
{
return $this->userHasAdminPermission($user, 'manage-albums');
});
Gate::define('admin:manage-groups', function ($user)
{
return $this->userHasAdminPermission($user, 'manage-groups');
});
Gate::define('admin:manage-labels', function ($user)
{
return $this->userHasAdminPermission($user, 'manage-labels');
});
Gate::define('admin:manage-storage', function ($user)
{
return $this->userHasAdminPermission($user, 'manage-storage');
});
Gate::define('admin:manage-users', function ($user)
{
return $this->userHasAdminPermission($user, 'manage-users');
});
Gate::define('photo.download_original', function ($user, Photo $photo)
{
if (!UserConfig::get('restrict_original_download'))
{
return true;
}
return ($user->id == $photo->user_id);
});
}
private function userHasAdminPermission(User $user, $permissionDescription)
{
if ($user->is_admin)
{
return true;
}
/** @var Group $group */
foreach ($user->groups as $group)
{
if ($group->hasAdminPermission($group, $this->getAdminPermission($permissionDescription)))
{
return true;
}
}
return false;
}
private function getAdminPermission($description)
{
if (is_null($this->permissions))
{
$this->permissions = Permission::where('section', 'admin')->get();
}
foreach ($this->permissions as $permission)
{
if (strtolower($permission->description) == strtolower($description))
{
return $permission;
}
}
return null;
}
}