añadir funicionalidades de permisos y grupos
This commit is contained in:
@@ -4,10 +4,13 @@ namespace App\Policies;
|
||||
|
||||
use App\Models\Document;
|
||||
use App\Models\User;
|
||||
use Illuminate\Auth\Access\HandlesAuthorization;
|
||||
use Illuminate\Auth\Access\Response;
|
||||
|
||||
class DocumentPolicy
|
||||
{
|
||||
use HandlesAuthorization;
|
||||
|
||||
/**
|
||||
* Determine whether the user can view any models.
|
||||
*/
|
||||
@@ -22,7 +25,8 @@ class DocumentPolicy
|
||||
public function view(User $user, Document $document)
|
||||
{
|
||||
return $user->hasPermissionTo('view documents')
|
||||
&& $user->hasProjectAccess($document->project_id);
|
||||
&& $user->hasProjectAccess($document->project_id)
|
||||
&& $user->hasPermissionToResource($document->resource(), 'view');
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -38,7 +42,7 @@ class DocumentPolicy
|
||||
*/
|
||||
public function update(User $user, Document $document): bool
|
||||
{
|
||||
return false;
|
||||
return $user->hasPermissionToResource($document->resource(), 'edit');
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -46,7 +50,7 @@ class DocumentPolicy
|
||||
*/
|
||||
public function delete(User $user, Document $document): bool
|
||||
{
|
||||
return false;
|
||||
return $user->hasPermissionTo('delete documents');
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
39
app/Policies/FolderPolicy.php
Normal file
39
app/Policies/FolderPolicy.php
Normal file
@@ -0,0 +1,39 @@
|
||||
<?php
|
||||
|
||||
namespace App\Policies;
|
||||
|
||||
use App\Models\User;
|
||||
use App\Models\Folder;
|
||||
|
||||
class FolderPolicy
|
||||
{
|
||||
/**
|
||||
* Create a new policy instance.
|
||||
*/
|
||||
public function __construct()
|
||||
{
|
||||
//
|
||||
}
|
||||
|
||||
public function create(User $user, Folder $folder = null)
|
||||
{
|
||||
if ($folder) {
|
||||
return $user->can('manage-projects') &&
|
||||
$user->projects->contains($folder->project_id);
|
||||
}
|
||||
|
||||
return $user->can('manage-projects');
|
||||
}
|
||||
|
||||
public function move(User $user, Folder $folder)
|
||||
{
|
||||
return $user->can('manage-projects') &&
|
||||
$user->projects->contains($folder->project_id);
|
||||
}
|
||||
|
||||
public function delete(User $user, Folder $folder)
|
||||
{
|
||||
return $user->can('delete-projects') &&
|
||||
$user->projects->contains($folder->project_id);
|
||||
}
|
||||
}
|
||||
@@ -74,5 +74,10 @@ class ProjectPolicy
|
||||
$project->managers->contains($user->id) ||
|
||||
$project->users->contains($user->id);
|
||||
}
|
||||
|
||||
public function managePermissions(User $user, Project $project)
|
||||
{
|
||||
return $user->hasPermissionToResource($project, 'manage_permissions');
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
namespace App\Policies;
|
||||
|
||||
use App\Models\Role;
|
||||
use Spatie\Permission\Models\Role;
|
||||
use App\Models\User;
|
||||
use Illuminate\Auth\Access\Response;
|
||||
|
||||
@@ -13,7 +13,7 @@ class RolePolicy
|
||||
*/
|
||||
public function viewAny(User $user): bool
|
||||
{
|
||||
return $user->hasPermissionTo('manage roles');
|
||||
return $user->hasPermissionTo('view roles');
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -29,7 +29,7 @@ class RolePolicy
|
||||
*/
|
||||
public function create(User $user): bool
|
||||
{
|
||||
return $user->hasPermissionTo('manage roles');
|
||||
return $user->hasPermissionTo('create roles');
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -37,7 +37,7 @@ class RolePolicy
|
||||
*/
|
||||
public function update(User $user, Role $role): bool
|
||||
{
|
||||
return $user->hasPermissionTo('manage roles') && !$role->is_protected;
|
||||
return $user->hasPermissionTo('edit roles') && !$role->is_protected;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -45,7 +45,7 @@ class RolePolicy
|
||||
*/
|
||||
public function delete(User $user, Role $role): bool
|
||||
{
|
||||
return $user->hasPermissionTo('manage roles') && !$role->is_protected;
|
||||
return $user->hasPermissionTo('delete roles') && !$role->is_protected;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user