blue-twilight/app/Policies/AlbumPolicy.php

183 lines
4.7 KiB
PHP

<?php
namespace App\Policies;
use App\Album;
use App\Group;
use App\Permission;
use App\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class AlbumPolicy
{
use HandlesAuthorization;
/**
* Create a new policy instance.
*
* @return void
*/
public function __construct()
{
//
}
public function before($user, $ability)
{
if ($user->is_admin)
{
// Admins can do anything
return true;
}
}
public function changePermissions(User $user, Album $album)
{
// Only the album's owner (or an admin, matched by the before() rule) can change permissions
return $user->id == $album->user_id;
}
public function changePhotoMetadata(User $user, Album $album)
{
if ($user->id == $album->user_id)
{
// The album's owner and can do everything
return true;
}
// Get the edit permission
$permission = Permission::where([
'section' => 'album',
'description' => 'change-photo-metadata'
])->first();
return $this->userHasPermission($user, $album, $permission);
}
public function deletePhotos(User $user, Album $album)
{
if ($user->id == $album->user_id)
{
// The album's owner and can do everything
return true;
}
// Get the edit permission
$permission = Permission::where([
'section' => 'album',
'description' => 'delete-photos'
])->first();
return $this->userHasPermission($user, $album, $permission);
}
public function edit(User $user, Album $album)
{
if ($user->id == $album->user_id)
{
// The album's owner and can do everything
return true;
}
// Get the edit permission
$permission = Permission::where([
'section' => 'album',
'description' => 'edit'
])->first();
return $this->userHasPermission($user, $album, $permission);
}
public function manipulatePhotos(User $user, Album $album)
{
if ($user->id == $album->user_id)
{
// The album's owner and can do everything
return true;
}
// Get the edit permission
$permission = Permission::where([
'section' => 'album',
'description' => 'manipulate-photos'
])->first();
return $this->userHasPermission($user, $album, $permission);
}
public function uploadPhotos(User $user, Album $album)
{
if ($user->id == $album->user_id)
{
// The album's owner and can do everything
return true;
}
// Get the edit permission
$permission = Permission::where([
'section' => 'album',
'description' => 'upload-photos'
])->first();
return $this->userHasPermission($user, $album, $permission);
}
public function view(User $user, Album $album)
{
if ($user->id == $album->user_id)
{
// The album's owner and can do everything
return true;
}
// Get the edit permission
$permission = Permission::where([
'section' => 'album',
'description' => 'view'
])->first();
return $this->userHasPermission($user, $album, $permission);
}
private function userHasPermission(User $user, Album $album, Permission $permission)
{
if ($user->isAnonymous())
{
$query = Album::query()->join('album_anonymous_permissions', 'album_anonymous_permissions.album_id', '=', 'albums.id')
->join('permissions', 'permissions.id', '=', 'album_anonymous_permissions.permission_id')
->where('permissions.id', $permission->id);
return $query->count() > 0;
}
// If any of the user's groups are granted the permission
/** @var Group $group */
foreach ($user->groups as $group)
{
$groupPermission = $album->groupPermissions()->where([
'group_id' => $group->id,
'permission_id' => $permission->id
])->first();
if (!is_null($groupPermission))
{
return true;
}
}
// If the user is directly granted the permission
$userPermission = $album->userPermissions()->where([
'user_id' => $user->id,
'permission_id' => $permission->id
])->first();
if (!is_null($userPermission))
{
return true;
}
// Nope, no permission
return false;
}
}