blue-twilight/app/Policies/AlbumPolicy.php
2017-03-22 09:25:22 +00:00

78 lines
1.7 KiB
PHP

<?php
namespace App\Policies;
use App\Album;
use App\Group;
use App\Permission;
use App\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class AlbumPolicy
{
use HandlesAuthorization;
/**
* Create a new policy instance.
*
* @return void
*/
public function __construct()
{
//
}
public function before($user, $ability)
{
if ($user->is_admin)
{
// Admins can do anything
return true;
}
}
public function edit(User $user, Album $album)
{
if ($user->id == $album->user_id)
{
// The album's owner and can do everything
return true;
}
// Get the edit permission
$permission = Permission::where([
'section' => 'album',
'description' => 'edit'
])->first();
// If any of the user's groups are granted the permission
/** @var Group $group */
foreach ($user->groups as $group)
{
$groupPermission = $album->groupPermissions()->where([
'group_id' => $group->id,
'permission_id' => $permission->id
])->first();
if (!is_null($groupPermission))
{
return true;
}
}
// If the user is directly granted the permission
$userPermission = $album->userPermissions()->where([
'user_id' => $user->id,
'permission_id' => $permission->id
])->first();
if (!is_null($userPermission))
{
return true;
}
// Nope, no permission
return false;
}
}