114 lines
2.8 KiB
PHP
114 lines
2.8 KiB
PHP
<?php
|
|
|
|
namespace App\Providers;
|
|
|
|
use App\Album;
|
|
use App\Facade\UserConfig;
|
|
use App\Group;
|
|
use App\Permission;
|
|
use App\Photo;
|
|
use App\Policies\AlbumPolicy;
|
|
use App\User;
|
|
use function GuzzleHttp\Psr7\mimetype_from_extension;
|
|
use Illuminate\Support\Facades\Gate;
|
|
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
|
|
|
|
class AuthServiceProvider extends ServiceProvider
|
|
{
|
|
/**
|
|
* @var Permission[]
|
|
*/
|
|
private $permissions;
|
|
|
|
/**
|
|
* The policy mappings for the application.
|
|
*
|
|
* @var array
|
|
*/
|
|
protected $policies = [
|
|
Album::class => AlbumPolicy::class
|
|
];
|
|
|
|
/**
|
|
* Register any authentication / authorization services.
|
|
*
|
|
* @return void
|
|
*/
|
|
public function boot()
|
|
{
|
|
$this->registerPolicies();
|
|
|
|
Gate::define('admin:access', function ($user)
|
|
{
|
|
return $this->userHasAdminPermission($user, 'access');
|
|
});
|
|
Gate::define('admin:configure', function ($user)
|
|
{
|
|
return $this->userHasAdminPermission($user, 'configure');
|
|
});
|
|
Gate::define('admin:manage-albums', function ($user)
|
|
{
|
|
return $this->userHasAdminPermission($user, 'manage-albums');
|
|
});
|
|
Gate::define('admin:manage-groups', function ($user)
|
|
{
|
|
return $this->userHasAdminPermission($user, 'manage-groups');
|
|
});
|
|
Gate::define('admin:manage-storage', function ($user)
|
|
{
|
|
return $this->userHasAdminPermission($user, 'manage-storage');
|
|
});
|
|
Gate::define('admin:manage-users', function ($user)
|
|
{
|
|
return $this->userHasAdminPermission($user, 'manage-users');
|
|
});
|
|
|
|
Gate::define('photo.download_original', function ($user, Photo $photo)
|
|
{
|
|
if (!UserConfig::get('restrict_original_download'))
|
|
{
|
|
return true;
|
|
}
|
|
|
|
return ($user->id == $photo->user_id);
|
|
});
|
|
}
|
|
|
|
private function userHasAdminPermission(User $user, $permissionDescription)
|
|
{
|
|
if ($user->is_admin)
|
|
{
|
|
return true;
|
|
}
|
|
|
|
/** @var Group $group */
|
|
foreach ($user->groups as $group)
|
|
{
|
|
if ($group->hasAdminPermission($group, $this->getAdminPermission($permissionDescription)))
|
|
{
|
|
return true;
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
private function getAdminPermission($description)
|
|
{
|
|
if (is_null($this->permissions))
|
|
{
|
|
$this->permissions = Permission::where('section', 'admin')->get();
|
|
}
|
|
|
|
foreach ($this->permissions as $permission)
|
|
{
|
|
if (strtolower($permission->description) == strtolower($description))
|
|
{
|
|
return $permission;
|
|
}
|
|
}
|
|
|
|
return null;
|
|
}
|
|
}
|