|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace App\Providers; |
|
4
|
|
|
|
|
5
|
|
|
use App\Models\Course; |
|
6
|
|
|
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider; |
|
7
|
|
|
use Illuminate\Support\Facades\Gate; |
|
8
|
|
|
|
|
9
|
|
|
class AuthServiceProvider extends ServiceProvider |
|
10
|
|
|
{ |
|
11
|
|
|
/** |
|
12
|
|
|
* The policy mappings for the application. |
|
13
|
|
|
* |
|
14
|
|
|
* @var array |
|
15
|
|
|
*/ |
|
16
|
|
|
protected $policies = [ |
|
17
|
|
|
'App\\Model' => 'App\\Policies\\ModelPolicy', |
|
18
|
|
|
]; |
|
19
|
|
|
|
|
20
|
|
|
/** |
|
21
|
|
|
* Register any authentication / authorization services. |
|
22
|
|
|
* |
|
23
|
|
|
* @return void |
|
24
|
|
|
*/ |
|
25
|
|
|
public function boot() |
|
26
|
|
|
{ |
|
27
|
|
|
$this->registerPolicies(); |
|
28
|
|
|
|
|
29
|
|
|
/* |
|
30
|
|
|
* a user is allowed to edit the course grades if they are the teacher for this course, |
|
31
|
|
|
* or if they have explicit permission to do so |
|
32
|
|
|
*/ |
|
33
|
|
|
Gate::define('edit-course-grades', fn ($user, $course) => $user->isTeacher() && $user->id == $course->teacher_id || $user->can('evaluation.edit')); |
|
34
|
|
|
|
|
35
|
|
|
/* |
|
36
|
|
|
* a user is allowed to view the course attendance sheet if they are the teacher for this course, |
|
37
|
|
|
* or if they have explicit permission to view all course attendance sheets |
|
38
|
|
|
*/ |
|
39
|
|
|
Gate::define('view-course-attendance', fn ($user, $course) => $user->isTeacher() && $user->id == $course->teacher_id || $user->can('attendance.view')); |
|
40
|
|
|
|
|
41
|
|
|
/* |
|
42
|
|
|
* a user is allowed to view the event attendance sheet if they are the teacher for this event, |
|
43
|
|
|
* if they are the teacher for this course, |
|
44
|
|
|
* or if they have explicit permission to view all event attendance sheets |
|
45
|
|
|
*/ |
|
46
|
|
|
Gate::define('view-event-attendance', fn ($user, $event) => ($event->teacher_id == $user->id) || ($event->course->teacher_id == $user->id) || $user->can('attendance.view')); |
|
47
|
|
|
|
|
48
|
|
|
/* |
|
49
|
|
|
* a user is allowed to edit an attendance sheet if they are the teacher for the event, |
|
50
|
|
|
* if they are the teacher for the course, |
|
51
|
|
|
* or if they have explicit permission to edit any attendance sheets |
|
52
|
|
|
*/ |
|
53
|
|
|
Gate::define('edit-attendance', fn ($user, $event) => ($event->teacher_id == $user->id) || ($event->course->teacher_id == $user->id) || $user->can('attendance.edit')); |
|
54
|
|
|
|
|
55
|
|
|
/* |
|
56
|
|
|
* teachers are allowed to view their own calendar, |
|
57
|
|
|
* and users with explicit permission can view all calendars |
|
58
|
|
|
*/ |
|
59
|
|
|
Gate::define('view-teacher-calendar', fn ($user, $teacher) => ($user->isTeacher() && $user->id == $teacher->id) || $user->can('calendars.view')); |
|
60
|
|
|
|
|
61
|
|
|
/* |
|
62
|
|
|
* teachers are allowed to view their own courses, |
|
63
|
|
|
* and users with explicit permission can view all courses |
|
64
|
|
|
*/ |
|
65
|
|
|
Gate::define('view-course', fn ($user, Course $course) => ($user->isTeacher() && $user->id === $course->teacher_id) || $user->can('courses.view')); |
|
66
|
|
|
|
|
67
|
|
|
/* |
|
68
|
|
|
* the user is allowed to view the result if they are the student, |
|
69
|
|
|
* if they are a teacher |
|
70
|
|
|
* of if they have explicit permission to view any result |
|
71
|
|
|
*/ |
|
72
|
|
|
Gate::define('view-enrollment', fn ($user, $enrollment) => ($user->isStudent() && $user->id == $enrollment->student_id) || $user->isTeacher() || $user->can('evaluation.view')); |
|
73
|
|
|
|
|
74
|
|
|
/* |
|
75
|
|
|
* if the user is the teacher of the course |
|
76
|
|
|
* of if they have explicit permission to enroll students |
|
77
|
|
|
*/ |
|
78
|
|
|
Gate::define('enroll-in-course', fn ($user, $course) => $course->teacher_id == $user->id || $user->can('enrollments.edit')); |
|
79
|
|
|
|
|
80
|
|
|
/* |
|
81
|
|
|
* if the user is a teacher |
|
82
|
|
|
* of if they have explicit permission to enroll students |
|
83
|
|
|
*/ |
|
84
|
|
|
Gate::define('enroll-students', fn ($user) => $user->isTeacher() || $user->can('enrollments.edit')); |
|
85
|
|
|
|
|
86
|
|
|
/* |
|
87
|
|
|
* teachers are allowed to view their own hours, |
|
88
|
|
|
* and users with explicit permission can view all hours |
|
89
|
|
|
*/ |
|
90
|
|
|
Gate::define('view-teacher-hours', fn ($user, $teacher) => ($user->isTeacher() && $user->id == $teacher->id) || $user->can('hr.view')); |
|
91
|
|
|
|
|
92
|
|
|
/* |
|
93
|
|
|
* teachers are allowed to edit results for their own students |
|
94
|
|
|
* as well as users with explicit permission to edit any result |
|
95
|
|
|
*/ |
|
96
|
|
|
Gate::define('edit-result', function ($user, $enrollment) { |
|
97
|
|
|
if ($user->can('evaluation.edit')) { |
|
98
|
|
|
return true; |
|
99
|
|
|
} |
|
100
|
|
|
|
|
101
|
|
|
if (config('settings.teachers_can_edit_result')) { |
|
102
|
|
|
return ($user->isTeacher() && $user->id === $enrollment->course->teacher_id); |
|
103
|
|
|
} |
|
104
|
|
|
|
|
105
|
|
|
return false; |
|
106
|
|
|
}); |
|
107
|
|
|
} |
|
108
|
|
|
} |
|
109
|
|
|
|
academico-sis /
academico
