first commit

app/Policies/DashboardPolicy.php

@@ -0,0 +1,21 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\User;
+
+class DashboardPolicy
+{
+    /**
+     * Create a new policy instance.
+     */
+    public function __construct()
+    {
+        //
+    }
+    
+    public function view(User $user)
+    {
+        return $user->hasPermissionTo('view dashboard');
+    }
+}

app/Policies/DocumentPolicy.php

@@ -0,0 +1,67 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\Document;
+use App\Models\User;
+use Illuminate\Auth\Access\Response;
+
+class DocumentPolicy
+{
+    /**
+     * Determine whether the user can view any models.
+     */
+    public function viewAny(User $user): bool
+    {
+        return false;
+    }
+
+    /**
+     * Determine whether the user can view the model.
+     */
+    public function view(User $user, Document $document)
+    {
+        return $user->hasPermissionTo('view documents') 
+            && $user->hasProjectAccess($document->project_id);
+    }
+
+    /**
+     * Determine whether the user can create models.
+     */
+    public function create(User $user): bool
+    {
+        return false;
+    }
+
+    /**
+     * Determine whether the user can update the model.
+     */
+    public function update(User $user, Document $document): bool
+    {
+        return false;
+    }
+
+    /**
+     * Determine whether the user can delete the model.
+     */
+    public function delete(User $user, Document $document): bool
+    {
+        return false;
+    }
+
+    /**
+     * Determine whether the user can restore the model.
+     */
+    public function restore(User $user, Document $document): bool
+    {
+        return false;
+    }
+
+    /**
+     * Determine whether the user can permanently delete the model.
+     */
+    public function forceDelete(User $user, Document $document): bool
+    {
+        return false;
+    }
+}

app/Policies/PermissionPolicy.php

@@ -0,0 +1,73 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\Permission;
+use App\Models\User;
+use Illuminate\Auth\Access\Response;
+use Spatie\Permission\Models\Permission;
+
+class PermissionPolicy
+{
+    /**
+     * Determine whether the user can view any models.
+     */
+    public function viewAny(User $user): bool
+    {
+        return $user->hasPermissionTo('view permissions');
+    }
+
+    /**
+     * Determine whether the user can view the model.
+     */
+    public function view(User $user, Permission $permission): bool
+    {
+        return $user->hasPermissionTo('view permissions');
+    }
+
+    /**
+     * Determine whether the user can create models.
+     */
+    public function create(User $user): bool
+    {
+        return $user->hasPermissionTo('create permissions');
+    }
+
+    /**
+     * Determine whether the user can update the model.
+     */
+    public function update(User $user, Permission $permission): bool
+    {
+        if($permission->is_system) return false;
+        
+        return $user->hasPermissionTo('edit permissions');
+    }
+
+    /**
+     * Determine whether the user can delete the model.
+     */
+    public function delete(User $user, Permission $permission): bool
+    {
+        if($permission->is_system || $permission->roles()->exists()) {
+            return false;
+        }
+        
+        return $user->hasPermissionTo('delete permissions');
+    }
+
+    /**
+     * Determine whether the user can restore the model.
+     */
+    public function restore(User $user, Permission $permission): bool
+    {
+        return $user->hasPermissionTo('manage permissions');
+    }
+
+    /**
+     * Determine whether the user can permanently delete the model.
+     */
+    public function forceDelete(User $user, Permission $permission): bool
+    {
+        return $user->hasPermissionTo('manage permissions');
+    }
+}

app/Policies/ProfilePolicy.php

@@ -0,0 +1,21 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\User;
+
+class ProfilePolicy
+{
+    /**
+     * Create a new policy instance.
+     */
+    public function __construct()
+    {
+        //
+    }
+
+    public function update(User $user)
+    {
+        return $user->is(auth()->user());
+    }
+}

app/Policies/ProjectPolicy.php

@@ -0,0 +1,78 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\Project;
+use App\Models\User;
+use Illuminate\Auth\Access\Response;
+
+class ProjectPolicy
+{
+    /**
+     * Determine whether the user can view any models.
+     */
+    public function viewAny(User $user): bool
+    {
+        return $user->hasPermissionTo('view projects');
+    }
+
+    /**
+     * Determine whether the user can view the model.
+     */
+    public function view(User $user, Project $project): bool
+    {
+        return $user->hasPermissionTo('view projects') && 
+               $this->hasProjectAccess($user, $project);
+    }
+
+    /**
+     * Determine whether the user can create models.
+     */
+    public function create(User $user): bool
+    {
+        return $user->hasPermissionTo('create projects');
+    }
+
+    /**
+     * Determine whether the user can update the model.
+     */
+    public function update(User $user, Project $project): bool
+    {
+        return $user->hasPermissionTo('edit projects') && 
+               $this->hasProjectAccess($user, $project);
+    }
+
+    /**
+     * Determine whether the user can delete the model.
+     */
+    public function delete(User $user, Project $project): bool
+    {
+        return $user->hasPermissionTo('delete projects') && 
+               $this->hasProjectAccess($user, $project);
+    }
+
+    /**
+     * Determine whether the user can restore the model.
+     */
+    public function restore(User $user, Project $project): bool
+    {
+        return false;
+    }
+
+    /**
+     * Determine whether the user can permanently delete the model.
+     */
+    public function forceDelete(User $user, Project $project): bool
+    {
+        return false;
+    }
+
+    protected function hasProjectAccess(User $user, Project $project)
+    {
+        // Verificar si el usuario es creador, gestor o tiene acceso directo
+        return $project->creator_id === $user->id ||
+               $project->managers->contains($user->id) ||
+               $project->users->contains($user->id);
+    }
+    
+}

app/Policies/RolePolicy.php

@@ -0,0 +1,66 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\Role;
+use App\Models\User;
+use Illuminate\Auth\Access\Response;
+
+class RolePolicy
+{
+    /**
+     * Determine whether the user can view any models.
+     */
+    public function viewAny(User $user): bool
+    {
+        return $user->hasPermissionTo('manage roles');
+    }
+
+    /**
+     * Determine whether the user can view the model.
+     */
+    public function view(User $user, Role $role): bool
+    {
+        return false;
+    }
+
+    /**
+     * Determine whether the user can create models.
+     */
+    public function create(User $user): bool
+    {
+        return $user->hasPermissionTo('manage roles');
+    }
+
+    /**
+     * Determine whether the user can update the model.
+     */
+    public function update(User $user, Role $role): bool
+    {
+        return $user->hasPermissionTo('manage roles') && !$role->is_protected;
+    }
+
+    /**
+     * Determine whether the user can delete the model.
+     */
+    public function delete(User $user, Role $role): bool
+    {
+        return $user->hasPermissionTo('manage roles') && !$role->is_protected;
+    }
+
+    /**
+     * Determine whether the user can restore the model.
+     */
+    public function restore(User $user, Role $role): bool
+    {
+        return false;
+    }
+
+    /**
+     * Determine whether the user can permanently delete the model.
+     */
+    public function forceDelete(User $user, Role $role): bool
+    {
+        return false;
+    }
+}

app/Policies/UserPolicy.php

@@ -0,0 +1,73 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\User;
+use Illuminate\Auth\Access\Response;
+
+class UserPolicy
+{
+    /**
+     * Determine whether the user can view any models.
+     */
+    public function viewAny(User $user): bool
+    {
+        return $user->hasPermissionTo('manage users');
+    }
+
+    /**
+     * Determine whether the user can view the model.
+     */
+    public function view(User $user, User $model): bool
+    {
+        return false;
+    }
+
+    /**
+     * Determine whether the user can create models.
+     */
+    public function create(User $user): bool
+    {
+        return $user->hasPermissionTo('manage users');
+    }
+
+    /**
+     * Determine whether the user can update the model.
+     */
+    public function update(User $user, User $model): bool
+    {
+        return $user->hasPermissionTo('manage users') && !$model->is_protected;
+    }
+
+    /**
+     * Determine whether the user can delete the model.
+     */
+    public function delete(User $user, User $model): bool
+    {
+        return $user->hasPermissionTo('manage users') 
+        && !$model->is_protected
+        && $user->id !== $model->id;
+    }
+
+    /**
+     * Determine whether the user can restore the model.
+     */
+    public function restore(User $user, User $model): bool
+    {
+        return false;
+    }
+
+    /**
+     * Determine whether the user can permanently delete the model.
+     */
+    public function forceDelete(User $user, User $model): bool
+    {
+        return false;
+    }
+
+    public function managePermissions(User $user)
+    {
+        // recomendada: return $authUser->isAdmin() && !$targetUser->isSuperAdmin();
+        return $user->hasRole('admin'); // Solo los admins pueden gestionar permisos
+    }
+}