1 | <?php |
||
2 | |||
3 | namespace A17\Twill; |
||
4 | |||
5 | use A17\Twill\Models\Enums\UserRole; |
||
6 | use A17\Twill\Models\User; |
||
7 | use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider; |
||
8 | use Illuminate\Support\Facades\Gate; |
||
9 | |||
10 | class AuthServiceProvider extends ServiceProvider |
||
11 | { |
||
12 | const SUPERADMIN = 'SUPERADMIN'; |
||
13 | |||
14 | 49 | protected function authorize($user, $callback) |
|
15 | { |
||
16 | 49 | if (!$user->isPublished()) { |
|
17 | 2 | return false; |
|
18 | } |
||
19 | |||
20 | 49 | if ($user->isSuperAdmin()) { |
|
21 | 49 | return true; |
|
22 | } |
||
23 | |||
24 | return $callback($user); |
||
25 | } |
||
26 | |||
27 | protected function userHasRole($user, $roles) |
||
28 | { |
||
29 | return in_array($user->role_value, $roles); |
||
30 | } |
||
31 | |||
32 | 73 | public function boot() |
|
33 | { |
||
34 | 73 | Gate::define('list', function ($user) { |
|
35 | 49 | return $this->authorize($user, function ($user) { |
|
36 | return $this->userHasRole($user, [UserRole::VIEWONLY, UserRole::PUBLISHER, UserRole::ADMIN]); |
||
37 | 49 | }); |
|
38 | 73 | }); |
|
39 | |||
40 | 73 | Gate::define('edit', function ($user) { |
|
41 | 35 | return $this->authorize($user, function ($user) { |
|
42 | return $this->userHasRole($user, [UserRole::PUBLISHER, UserRole::ADMIN]); |
||
43 | 35 | }); |
|
44 | 73 | }); |
|
45 | |||
46 | 73 | Gate::define('reorder', function ($user) { |
|
47 | 16 | return $this->authorize($user, function ($user) { |
|
48 | return $this->userHasRole($user, [UserRole::PUBLISHER, UserRole::ADMIN]); |
||
49 | 16 | }); |
|
50 | 73 | }); |
|
51 | |||
52 | 73 | Gate::define('publish', function ($user) { |
|
53 | 10 | return $this->authorize($user, function ($user) { |
|
54 | return $this->userHasRole($user, [UserRole::PUBLISHER, UserRole::ADMIN]); |
||
55 | 10 | }); |
|
56 | 73 | }); |
|
57 | |||
58 | 73 | Gate::define('feature', function ($user) { |
|
59 | 6 | return $this->authorize($user, function ($user) { |
|
60 | return $this->userHasRole($user, [UserRole::PUBLISHER, UserRole::ADMIN]); |
||
61 | 6 | }); |
|
62 | 73 | }); |
|
63 | |||
64 | 73 | Gate::define('delete', function ($user) { |
|
65 | 11 | return $this->authorize($user, function ($user) { |
|
66 | return $this->userHasRole($user, [UserRole::PUBLISHER, UserRole::ADMIN]); |
||
67 | 11 | }); |
|
68 | 73 | }); |
|
69 | |||
70 | 73 | Gate::define('duplicate', function ($user) { |
|
71 | 6 | return $this->authorize($user, function ($user) { |
|
72 | return $this->userHasRole($user, [UserRole::PUBLISHER, UserRole::ADMIN]); |
||
73 | 6 | }); |
|
74 | 73 | }); |
|
75 | |||
76 | 73 | Gate::define('upload', function ($user) { |
|
77 | 49 | return $this->authorize($user, function ($user) { |
|
78 | return $this->userHasRole($user, [UserRole::PUBLISHER, UserRole::ADMIN]); |
||
79 | 49 | }); |
|
80 | 73 | }); |
|
81 | |||
82 | 73 | Gate::define('manage-users', function ($user) { |
|
83 | 49 | return $this->authorize($user, function ($user) { |
|
84 | return $this->userHasRole($user, [UserRole::ADMIN]); |
||
85 | 49 | }); |
|
86 | 73 | }); |
|
87 | |||
88 | // As an admin, I can edit users, except superadmins |
||
89 | // As a non-admin, I can edit myself only |
||
90 | 73 | Gate::define('edit-user', function ($user, $editedUser = null) { |
|
91 | 5 | return $this->authorize($user, function ($user) use ($editedUser) { |
|
92 | $editedUserObject = User::find($editedUser); |
||
93 | return ($this->userHasRole($user, [UserRole::ADMIN]) || $user->id == $editedUser) |
||
94 | && ($editedUserObject ? $editedUserObject->role !== self::SUPERADMIN : true); |
||
0 ignored issues
–
show
Bug
Best Practice
introduced
by
Loading history...
|
|||
95 | 5 | }); |
|
96 | 73 | }); |
|
97 | |||
98 | 73 | Gate::define('publish-user', function ($user) { |
|
99 | return $this->authorize($user, function ($user) { |
||
100 | $editedUserObject = User::find(request('id')); |
||
101 | return $this->userHasRole($user, [UserRole::ADMIN]) && ($editedUserObject ? $user->id !== $editedUserObject->id && $editedUserObject->role !== self::SUPERADMIN : false); |
||
0 ignored issues
–
show
The property
role does not exist on A17\Twill\Models\User . Since you implemented __get , consider adding a @property annotation.
Loading history...
|
|||
102 | }); |
||
103 | 73 | }); |
|
104 | |||
105 | 73 | Gate::define('impersonate', function ($user) { |
|
106 | 2 | return $user->role === self::SUPERADMIN; |
|
107 | 73 | }); |
|
108 | |||
109 | 73 | } |
|
110 | } |
||
111 |