|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace App\Policies; |
|
4
|
|
|
|
|
5
|
|
|
use App\Models\User; |
|
6
|
|
|
use App\Models\JobPoster; |
|
7
|
|
|
use App\Policies\BasePolicy; |
|
8
|
|
|
use Illuminate\Support\Facades\Log; |
|
9
|
|
|
|
|
10
|
|
|
class JobPolicy extends BasePolicy |
|
11
|
|
|
{ |
|
12
|
|
|
|
|
13
|
|
|
/** |
|
14
|
|
|
* Determine whether the user can view the job poster. |
|
15
|
|
|
* |
|
16
|
|
|
* @param \App\Models\User $user |
|
17
|
|
|
* @param \App\Models\JobPoster $jobPoster |
|
18
|
|
|
* @return mixed |
|
19
|
|
|
*/ |
|
20
|
|
|
public function view(?User $user, JobPoster $jobPoster) |
|
21
|
|
|
{ |
|
22
|
|
|
// Anyone can view a published job |
|
23
|
|
|
// Only the manager that created it can view an unpublished job |
|
24
|
|
|
// Hr Advisors can view all jobs. |
|
25
|
|
|
return $jobPoster->status() == 'published' || $jobPoster->status() == 'closed' || |
|
26
|
|
|
($user && |
|
27
|
|
|
$user->isManager() && |
|
28
|
|
|
$jobPoster->manager->user_id == $user->id) || |
|
29
|
|
|
($user && |
|
30
|
|
|
$user->isHrAdvisor() && |
|
31
|
|
|
$user->hr_advisor->department_id === $jobPoster->department_id && |
|
32
|
|
|
$jobPoster->isVisibleToHr()); |
|
33
|
|
|
} |
|
34
|
|
|
|
|
35
|
|
|
/** |
|
36
|
|
|
* Any user is permitted to request a list of jobs, |
|
37
|
|
|
* but only the jobs they are permitted to *view* should be returned. |
|
38
|
|
|
* |
|
39
|
|
|
* @return void |
|
40
|
|
|
*/ |
|
41
|
|
|
public function viewAny(?User $user) |
|
42
|
|
|
{ |
|
43
|
|
|
return true; |
|
44
|
|
|
} |
|
45
|
|
|
|
|
46
|
|
|
/** |
|
47
|
|
|
* Determine whether the user can create job posters. |
|
48
|
|
|
* |
|
49
|
|
|
* @param \App\Models\User $user User to test against. |
|
50
|
|
|
* @return mixed |
|
51
|
|
|
*/ |
|
52
|
|
|
public function create(User $user) |
|
53
|
|
|
{ |
|
54
|
|
|
// Any manager can create a new job poster. |
|
55
|
|
|
return $user->isManager(); |
|
56
|
|
|
} |
|
57
|
|
|
|
|
58
|
|
|
/** |
|
59
|
|
|
* Determine whether the user can update the job poster. |
|
60
|
|
|
* |
|
61
|
|
|
* @param \App\Models\User $user |
|
62
|
|
|
* @param \App\Models\JobPoster $jobPoster |
|
63
|
|
|
* @return mixed |
|
64
|
|
|
*/ |
|
65
|
|
|
public function update(User $user, JobPoster $jobPoster) |
|
66
|
|
|
{ |
|
67
|
|
|
// Only managers can edit jobs, and only their own, managers can't publish jobs or edit published jobs |
|
68
|
|
|
return $user->isManager() && |
|
69
|
|
|
$jobPoster->manager->user->id == $user->id && |
|
70
|
|
|
!$jobPoster->published; |
|
71
|
|
|
} |
|
72
|
|
|
|
|
73
|
|
|
/** |
|
74
|
|
|
* Determine whether the user can delete the job poster. |
|
75
|
|
|
* |
|
76
|
|
|
* @param \App\Models\User $user User object making the request. |
|
77
|
|
|
* @param \App\Models\JobPoster $jobPoster Job Poster object being acted upon. |
|
78
|
|
|
* |
|
79
|
|
|
* @return boolean |
|
80
|
|
|
*/ |
|
81
|
|
|
public function delete(User $user, JobPoster $jobPoster): bool |
|
82
|
|
|
{ |
|
83
|
|
|
// Jobs can only be deleted when they're in the 'draft' |
|
84
|
|
|
// state, and only by managers that created them. |
|
85
|
|
|
return $user->isManager() && |
|
86
|
|
|
$jobPoster->manager->user->id == $user->id && |
|
87
|
|
|
!$jobPoster->published; |
|
88
|
|
|
} |
|
89
|
|
|
|
|
90
|
|
|
/** |
|
91
|
|
|
* Determine whether the user can submit a job poster for review. |
|
92
|
|
|
* |
|
93
|
|
|
* @param \App\Models\User $user |
|
94
|
|
|
* @param \App\Models\JobPoster $jobPoster |
|
95
|
|
|
* @return mixed |
|
96
|
|
|
*/ |
|
97
|
|
|
public function submitForReview(User $user, JobPoster $jobPoster) |
|
98
|
|
|
{ |
|
99
|
|
|
// Only upgradedManagers can submit jobs for review, only their own jobs, and only if they're still drafts. |
|
100
|
|
|
// NOTE: this is one of the only permissions to require an upgradedManager, as opposed to a demoManager. |
|
101
|
|
|
return $user->isUpgradedManager() && |
|
102
|
|
|
$jobPoster->manager->user->id == $user->id && |
|
103
|
|
|
$jobPoster->status() === 'draft'; |
|
104
|
|
|
} |
|
105
|
|
|
/** |
|
106
|
|
|
* Determine whether the user can review applications to the job poster. |
|
107
|
|
|
* |
|
108
|
|
|
* @param \App\Models\User $user |
|
109
|
|
|
* @param \App\Models\JobPoster $jobPoster |
|
110
|
|
|
* @return mixed |
|
111
|
|
|
*/ |
|
112
|
|
|
public function reviewApplicationsFor(User $user, JobPoster $jobPoster) |
|
113
|
|
|
{ |
|
114
|
|
|
// Managers can only review applications their own jobs. |
|
115
|
|
|
// HR Advisors can review applications for jobs they manage. |
|
116
|
|
|
// The job must always be closed. |
|
117
|
|
|
$authManager = $user->isManager() && $jobPoster->manager->user->id == $user->id; |
|
118
|
|
|
$authHr = $user->isHrAdvisor() && $this->manage($user, $jobPoster); |
|
|
|
|
|
|
119
|
|
|
|
|
120
|
|
|
return $jobPoster->isClosed() && ($authManager || $authHr); |
|
121
|
|
|
} |
|
122
|
|
|
|
|
123
|
|
|
/** |
|
124
|
|
|
* Determin whether the user is an HR Advisor with permission to manage this job. |
|
125
|
|
|
* |
|
126
|
|
|
* @param User $user |
|
127
|
|
|
* @param JobPoster $jobPoster |
|
128
|
|
|
* @return void |
|
129
|
|
|
*/ |
|
130
|
|
|
public function manage(User $user, JobPoster $jobPoster) |
|
131
|
|
|
{ |
|
132
|
|
|
return ($user->isManager() && |
|
133
|
|
|
$jobPoster->manager->user->id == $user->id) || |
|
134
|
|
|
($user->isHrAdvisor() |
|
135
|
|
|
&& $this->view($user, $jobPoster) |
|
136
|
|
|
&& $user->hr_advisor->claimed_job_ids->includes($jobPoster->id)); |
|
137
|
|
|
} |
|
138
|
|
|
|
|
139
|
|
|
/** |
|
140
|
|
|
* Determine whether the user can view the comments. |
|
141
|
|
|
* |
|
142
|
|
|
* @param \App\Models\User $user |
|
143
|
|
|
* @param \App\Models\JobPoster $jobPoster |
|
144
|
|
|
* @return bool |
|
145
|
|
|
*/ |
|
146
|
|
|
public function viewComments(User $user, JobPoster $jobPoster): bool |
|
147
|
|
|
{ |
|
148
|
|
|
// Only the manager that created the job can view the comment. |
|
149
|
|
|
// Only Hr advisors who have claimed a job can view the comments. |
|
150
|
|
|
return ($user->isManager() && $jobPoster->manager->user->id == $user->id) || |
|
151
|
|
|
$this->manage($user, $jobPoster); |
|
|
|
|
|
|
152
|
|
|
} |
|
153
|
|
|
|
|
154
|
|
|
/** |
|
155
|
|
|
* Determine whether the user can create a comment |
|
156
|
|
|
* |
|
157
|
|
|
* @param \App\Models\User $user User to test against |
|
158
|
|
|
* @param \App\Models\JobPoster $jobPoster |
|
159
|
|
|
* @return bool |
|
160
|
|
|
*/ |
|
161
|
|
|
public function storeComment(User $user, JobPoster $jobPoster): bool |
|
162
|
|
|
{ |
|
163
|
|
|
// Only the manager that created the job can view the comment. |
|
164
|
|
|
// Only Hr advisors who have claimed a job can view the comments. |
|
165
|
|
|
return $this->viewComments($user, $jobPoster); |
|
166
|
|
|
} |
|
167
|
|
|
|
|
168
|
|
|
/** |
|
169
|
|
|
* Determine whether the user can 'claim' this job. |
|
170
|
|
|
* |
|
171
|
|
|
* @param User $user |
|
172
|
|
|
* @param JobPoster $jobPoster |
|
173
|
|
|
* @return boolean |
|
174
|
|
|
*/ |
|
175
|
|
|
public function claim(User $user, JobPoster $jobPoster): bool |
|
176
|
|
|
{ |
|
177
|
|
|
return $user->isHrAdvisor() && $this->view($user, $jobPoster); |
|
178
|
|
|
} |
|
179
|
|
|
|
|
180
|
|
|
/** |
|
181
|
|
|
* Determine whether the user can 'unclaim' this job. |
|
182
|
|
|
* |
|
183
|
|
|
* @param User $user |
|
184
|
|
|
* @param JobPoster $jobPoster |
|
185
|
|
|
* @return boolean |
|
186
|
|
|
*/ |
|
187
|
|
|
public function unClaim(User $user, JobPoster $jobPoster): bool |
|
188
|
|
|
{ |
|
189
|
|
|
return $this->claim($user, $jobPoster); |
|
190
|
|
|
} |
|
191
|
|
|
} |
|
192
|
|
|
|
GCTC-NTGC /
TalentCloud
Loading history...
This check looks for function or method calls that always return null and whose return value is used.
The method
getObject()can return nothing but null, so it makes no sense to use the return value.The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes.