JobPolicy::submitForReview() - Code Metrics - Inspection of "Merge pull request #4003 from GCTC-NTGC/release/1...." - GCTC-NTGC/TalentCloud - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 795d23...149f73 )

by Grant

created 2020-07-24 18:01 UTC

JobPolicy::submitForReview() A

↳ Parent: JobPolicy::reviewApplicationsFor()

Complexity

Conditions	3
Paths	3

Size

Total Lines	7
Code Lines	3

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	12

Importance

Changes

Metric	Value
eloc	3
c	0
b	0
f	0
dl	0
loc	7
ccs	0
cts	1
cp	0
rs	10
cc	3
nc	3
nop	2
crap	12

<?php

namespace App\Policies;

use App\Models\User;
use App\Models\JobPoster;
use App\Policies\BasePolicy;
use Illuminate\Support\Facades\Log;

class JobPolicy extends BasePolicy
{

    /**
     * Determine whether the user can view the job poster.
     *
     * @param \App\Models\?User     $user      User object making the request.
     * @param \App\Models\JobPoster $jobPoster Job Poster object being acted upon.
     * @return mixed
     */
    public function view(?User $user, JobPoster $jobPoster)
    {
        // Anyone can view a published job past the open date
        // Managers can always view jobs they created.
        // Hr Advisors can view all jobs in their department.
        return $jobPoster->isPublic() ||
            ($user &&
                $user->isManager() &&
                $jobPoster->manager->user_id == $user->id) ||
            ($user &&
                $user->isHrAdvisor() &&
                $user->department_id === $jobPoster->department_id &&
                $jobPoster->isVisibleToHr());
    }

    /**
     * Any user is permitted to request a list of jobs,
     * but only the jobs they are permitted to *view* should be returned.
     *
     * @param \App\Models\?User $user User object making the request.
     * @return boolean
     */
    public function viewAny(?User $user)
    {
        return true;
    }

    /**
     * Determine whether the user can create job posters.
     *
     * @param  \App\Models\User $user User to test against.
     * @return mixed
     */
    public function create(User $user)
    {
        // Any manager can create a new job poster.
        return $user->isManager();
    }

    /**
     * Determine whether the user can update the job poster.
     *
     * @param \App\Models\User      $user      User object making the request.
     * @param \App\Models\JobPoster $jobPoster Job Poster object being acted upon.
     * @return mixed
     */
    public function update(User $user, JobPoster $jobPoster)
    {
        // Only managers can edit jobs, and only their own, managers can't publish jobs or edit published jobs.
        return $user->isManager() &&
            $jobPoster->manager->user->id == $user->id &&
            $jobPoster->isEditable();
    }

    /**
     * Determine whether the user can delete the job poster.
     *
     * @param \App\Models\User      $user      User object making the request.
     * @param \App\Models\JobPoster $jobPoster Job Poster object being acted upon.
     *
     * @return boolean
     */
    public function delete(User $user, JobPoster $jobPoster): bool
    {
        // Jobs can only be deleted when they're in the 'draft'
        // state, and only by managers that created them.
        return $user->isManager() &&
            $jobPoster->manager->user->id == $user->id &&
            $jobPoster->isEditable();
    }

    /**
     * Determine whether the user can review applications to the job poster.
     *
     * @param \App\Models\User      $user      User object making the request.
     * @param \App\Models\JobPoster $jobPoster Job Poster object being acted upon.
     * @return mixed
     */
    public function reviewApplicationsFor(User $user, JobPoster $jobPoster)
    {
        // Managers can only review applications their own jobs.
        // HR Advisors can review applications for jobs they manage.
        // The job must always be closed.
        $authManager = $user->isManager() && $jobPoster->manager->user->id == $user->id;
        $authHr = $user->isHrAdvisor() && $this->manage($user, $jobPoster);

        // If the job is in Emergency Response department then it does not need to be closed to be viewed.
        if ($jobPoster->isInStrategicResponseDepartment()) {
            return $jobPoster->isPublic() && ($authManager || $authHr);
        }

        return $jobPoster->isClosed() && ($authManager || $authHr);
    }

    /**
     * Determine whether the user is a Manager or an HR Advisor with permission to manage this job.
     *
     * @param \App\Models\User      $user      User object making the request.
     * @param \App\Models\JobPoster $jobPoster Job Poster object being acted upon.
     * @return boolean
     */
    public function manage(User $user, JobPoster $jobPoster)
    {
        return ($user->isManager() &&
            $jobPoster->manager->user->id == $user->id) ||
            ($user->isHrAdvisor()
                && $this->view($user, $jobPoster)
                && $user->hr_advisor->claimed_job_ids->contains($jobPoster->id));
    }

    /**
     * Determine whether the user can view the comments.
     *
     * @param \App\Models\User      $user      User object making the request.
     * @param \App\Models\JobPoster $jobPoster Job Poster object being acted upon.
     * @return boolean
     */
    public function viewComments(User $user, JobPoster $jobPoster): bool
    {
        // Only the manager that created the job can view the comment.
        // Only Hr advisors who have claimed a job can view the comments.
        return $this->manage($user, $jobPoster);
    }

    /**
     * Determine whether the user can create a comment
     *
     * @param \App\Models\User      $user      User object making the request.
     * @param \App\Models\JobPoster $jobPoster Job Poster object being acted upon.
     * @return boolean
     */
    public function storeComment(User $user, JobPoster $jobPoster): bool
    {
        // Only the manager that created the job can view the comment.
        // Only Hr advisors who have claimed a job can view the comments.
        return $this->viewComments($user, $jobPoster);
    }

    /**
     * Determine whether the user can 'claim' this job.
     *
     * @param \App\Models\User      $user      User object making the request.
     * @param \App\Models\JobPoster $jobPoster Job Poster object being acted upon.
     * @return boolean
     */
    public function claim(User $user, JobPoster $jobPoster): bool
    {
        return $user->isHrAdvisor() && $this->view($user, $jobPoster);
    }

    /**
     * Determine whether the user can 'unclaim' this job.
     *
     * @param \App\Models\User      $user      User object making the request.
     * @param \App\Models\JobPoster $jobPoster Job Poster object being acted upon.
     * @return boolean
     */
    public function unClaim(User $user, JobPoster $jobPoster): bool
    {
        return $this->claim($user, $jobPoster);
    }

    /**
     * Determine whether the user can view assessment plan.
     *
     * @param \App\Models\User      $user      User object making the request.
     * @param \App\Models\JobPoster $jobPoster Job Poster object being acted upon.
     * @return boolean
     */
    public function viewAssessmentPlan(User $user, JobPoster $jobPoster): bool
    {
        return $user->isAdmin() ||
            $user->isManager() && $jobPoster->manager->user_id === $user->id ||
            $user->isHrAdvisor() && $jobPoster->hr_advisors->contains('user_id', $user->id);
    }

    /**
     * Determine whether the user can download CSV file of applicants who have applied to job.
     *
     * @param \App\Models\User      $user      User object making the request.
     * @param \App\Models\JobPoster $jobPoster Job Poster object being acted upon.
     * @return boolean
     */
    public function downloadApplicants(User $user, JobPoster $jobPoster): bool
    {
        return $user->isAdmin() && $jobPoster->isPublic();
    }
}


1		<?php
2
3		namespace App\Policies;
4
5		use App\Models\User;
6		use App\Models\JobPoster;
7		use App\Policies\BasePolicy;
8		use Illuminate\Support\Facades\Log;
9
10		class JobPolicy extends BasePolicy
11		{
12
13		/**
14		* Determine whether the user can view the job poster.
15		*
16		* @param \App\Models\?User $user User object making the request.
17		* @param \App\Models\JobPoster $jobPoster Job Poster object being acted upon.
18		* @return mixed
19	11	*/
20		public function view(?User $user, JobPoster $jobPoster)
21		{
22		// Anyone can view a published job past the open date
23	11	// Managers can always view jobs they created.
24		// Hr Advisors can view all jobs in their department.
25	6	return $jobPoster->isPublic() \|\|
26	6	($user &&
27	11	$user->isManager() &&
28		$jobPoster->manager->user_id == $user->id) \|\|
29		($user &&
30		$user->isHrAdvisor() &&
31		$user->department_id === $jobPoster->department_id &&
32		$jobPoster->isVisibleToHr());
33		}
34
35		/**
36		* Any user is permitted to request a list of jobs,
37	1	* but only the jobs they are permitted to view should be returned.
38		*
39		* @param \App\Models\?User $user User object making the request.
40	1	* @return boolean
41		*/
42		public function viewAny(?User $user)
43		{
44		return true;
45		}
46
47		/**
48		* Determine whether the user can create job posters.
49		*
50	15	* @param \App\Models\User $user User to test against.
51		* @return mixed
52		*/
53	15	public function create(User $user)
54	15	{
55	15	// Any manager can create a new job poster.
56		return $user->isManager();
57		}
58
59		/**
60		* Determine whether the user can update the job poster.
61		*
62		* @param \App\Models\User $user User object making the request.
63		* @param \App\Models\JobPoster $jobPoster Job Poster object being acted upon.
64		* @return mixed
65		*/
66		public function update(User $user, JobPoster $jobPoster)
67		{
68		// Only managers can edit jobs, and only their own, managers can't publish jobs or edit published jobs.
69		return $user->isManager() &&
70		$jobPoster->manager->user->id == $user->id &&
71		$jobPoster->isEditable();
72		}
73
74		/**
75		* Determine whether the user can delete the job poster.
76		*
77		* @param \App\Models\User $user User object making the request.
78		* @param \App\Models\JobPoster $jobPoster Job Poster object being acted upon.
79		*
80		* @return boolean
81		*/
82		public function delete(User $user, JobPoster $jobPoster): bool
83		{
84		// Jobs can only be deleted when they're in the 'draft'
85		// state, and only by managers that created them.
86		return $user->isManager() &&
87		$jobPoster->manager->user->id == $user->id &&
88		$jobPoster->isEditable();
89		}
90
91		/**
92		* Determine whether the user can review applications to the job poster.
93		*
94		* @param \App\Models\User $user User object making the request.
95		* @param \App\Models\JobPoster $jobPoster Job Poster object being acted upon.
96		* @return mixed
97		*/
98		public function reviewApplicationsFor(User $user, JobPoster $jobPoster)
99		{
100		// Managers can only review applications their own jobs.
101		// HR Advisors can review applications for jobs they manage.
102		// The job must always be closed.
103		$authManager = $user->isManager() && $jobPoster->manager->user->id == $user->id;
104		$authHr = $user->isHrAdvisor() && $this->manage($user, $jobPoster);
105
106		// If the job is in Emergency Response department then it does not need to be closed to be viewed.
107		if ($jobPoster->isInStrategicResponseDepartment()) {
108		return $jobPoster->isPublic() && ($authManager \|\| $authHr);
109		}
110
111		return $jobPoster->isClosed() && ($authManager \|\| $authHr);
112		}
113
114		/**
115		* Determine whether the user is a Manager or an HR Advisor with permission to manage this job.
116		*
117		* @param \App\Models\User $user User object making the request.
118		* @param \App\Models\JobPoster $jobPoster Job Poster object being acted upon.
119		* @return boolean
120		*/
121		public function manage(User $user, JobPoster $jobPoster)
122		{
123		return ($user->isManager() &&
124		$jobPoster->manager->user->id == $user->id) \|\|
125		($user->isHrAdvisor()
126		&& $this->view($user, $jobPoster)
127		&& $user->hr_advisor->claimed_job_ids->contains($jobPoster->id));
128		}
129
130		/**
131		* Determine whether the user can view the comments.
132		*
133		* @param \App\Models\User $user User object making the request.
134		* @param \App\Models\JobPoster $jobPoster Job Poster object being acted upon.
135		* @return boolean
136		*/
137		public function viewComments(User $user, JobPoster $jobPoster): bool
138		{
139		// Only the manager that created the job can view the comment.
140		// Only Hr advisors who have claimed a job can view the comments.
141		return $this->manage($user, $jobPoster);
142		}
143
144		/**
145		* Determine whether the user can create a comment
146		*
147		* @param \App\Models\User $user User object making the request.
148		* @param \App\Models\JobPoster $jobPoster Job Poster object being acted upon.
149		* @return boolean
150		*/
151		public function storeComment(User $user, JobPoster $jobPoster): bool
152		{
153		// Only the manager that created the job can view the comment.
154		// Only Hr advisors who have claimed a job can view the comments.
155		return $this->viewComments($user, $jobPoster);
156		}
157
158		/**
159		* Determine whether the user can 'claim' this job.
160		*
161		* @param \App\Models\User $user User object making the request.
162		* @param \App\Models\JobPoster $jobPoster Job Poster object being acted upon.
163		* @return boolean
164		*/
165		public function claim(User $user, JobPoster $jobPoster): bool
166		{
167		return $user->isHrAdvisor() && $this->view($user, $jobPoster);
168		}
169
170		/**
171		* Determine whether the user can 'unclaim' this job.
172		*
173		* @param \App\Models\User $user User object making the request.
174		* @param \App\Models\JobPoster $jobPoster Job Poster object being acted upon.
175		* @return boolean
176		*/
177		public function unClaim(User $user, JobPoster $jobPoster): bool
178		{
179		return $this->claim($user, $jobPoster);
180		}
181
182		/**
183		* Determine whether the user can view assessment plan.
184		*
185		* @param \App\Models\User $user User object making the request.
186		* @param \App\Models\JobPoster $jobPoster Job Poster object being acted upon.
187		* @return boolean
188		*/
189		public function viewAssessmentPlan(User $user, JobPoster $jobPoster): bool
190		{
191		return $user->isAdmin() \|\|
192		$user->isManager() && $jobPoster->manager->user_id === $user->id \|\|
193		$user->isHrAdvisor() && $jobPoster->hr_advisors->contains('user_id', $user->id);
194		}
195
196		/**
197		* Determine whether the user can download CSV file of applicants who have applied to job.
198		*
199		* @param \App\Models\User $user User object making the request.
200		* @param \App\Models\JobPoster $jobPoster Job Poster object being acted upon.
201		* @return boolean
202		*/
203		public function downloadApplicants(User $user, JobPoster $jobPoster): bool
204		{
205		return $user->isAdmin() && $jobPoster->isPublic();
206		}
207		}
208

GCTC-NTGC / TalentCloud

Push — master ( 795d23...149f73 )

JobPolicy::submitForReview() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like