app/Policies/UserPolicy.php

<?php

namespace App\Policies;

use App\Models\User;
use Illuminate\Auth\Access\Response;

class UserPolicy
{
    /**
     * Determine whether the user can view any models.
     */
    public function viewAny(User $user): bool
    {
        return $user->hasPermissionTo('manage users');
    }

    /**
     * Determine whether the user can view the model.
     */
    public function view(User $user, User $model): bool
    {
        return false;
    }

    /**
     * Determine whether the user can create models.
     */
    public function create(User $user): bool
    {
        return $user->hasPermissionTo('manage users');
    }

    /**
     * Determine whether the user can update the model.
     */
    public function update(User $user, User $model): bool
    {
        return $user->hasPermissionTo('manage users') && !$model->is_protected;
    }

    /**
     * Determine whether the user can delete the model.
     */
    public function delete(User $user, User $model): bool
    {
        return $user->hasPermissionTo('manage users') 
        && !$model->is_protected
        && $user->id !== $model->id;
    }

    /**
     * Determine whether the user can restore the model.
     */
    public function restore(User $user, User $model): bool
    {
        return false;
    }

    /**
     * Determine whether the user can permanently delete the model.
     */
    public function forceDelete(User $user, User $model): bool
    {
        return false;
    }

    public function managePermissions(User $user)
    {
        // recomendada: return $authUser->isAdmin() && !$targetUser->isSuperAdmin();
        return $user->hasRole('admin'); // Solo los admins pueden gestionar permisos
    }
}
first commit 2025-04-23 00:14:33 +06:00			`<?php`

			`namespace App\Policies;`

			`use App\Models\User;`
			`use Illuminate\Auth\Access\Response;`

			`class UserPolicy`
			`{`
			`/**`
			`* Determine whether the user can view any models.`
			`*/`
			`public function viewAny(User $user): bool`
			`{`
			`return $user->hasPermissionTo('manage users');`
			`}`

			`/**`
			`* Determine whether the user can view the model.`
			`*/`
			`public function view(User $user, User $model): bool`
			`{`
			`return false;`
			`}`

			`/**`
			`* Determine whether the user can create models.`
			`*/`
			`public function create(User $user): bool`
			`{`
			`return $user->hasPermissionTo('manage users');`
			`}`

			`/**`
			`* Determine whether the user can update the model.`
			`*/`
			`public function update(User $user, User $model): bool`
			`{`
			`return $user->hasPermissionTo('manage users') && !$model->is_protected;`
			`}`

			`/**`
			`* Determine whether the user can delete the model.`
			`*/`
			`public function delete(User $user, User $model): bool`
			`{`
			`return $user->hasPermissionTo('manage users')`
			`&& !$model->is_protected`
			`&& $user->id !== $model->id;`
			`}`

			`/**`
			`* Determine whether the user can restore the model.`
			`*/`
			`public function restore(User $user, User $model): bool`
			`{`
			`return false;`
			`}`

			`/**`
			`* Determine whether the user can permanently delete the model.`
			`*/`
			`public function forceDelete(User $user, User $model): bool`
			`{`
			`return false;`
			`}`

			`public function managePermissions(User $user)`
			`{`
			`// recomendada: return $authUser->isAdmin() && !$targetUser->isSuperAdmin();`
			`return $user->hasRole('admin'); // Solo los admins pueden gestionar permisos`
			`}`
			`}`