|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace App\Policies; |
|
4
|
|
|
|
|
5
|
|
|
use App\User; |
|
6
|
|
|
use App\UserRolePermissions; |
|
7
|
|
|
use Illuminate\Auth\Access\HandlesAuthorization; |
|
8
|
|
|
|
|
9
|
|
|
class GatePolicy |
|
10
|
|
|
{ |
|
11
|
|
|
use HandlesAuthorization; |
|
12
|
|
|
|
|
13
|
|
|
/** |
|
14
|
|
|
* Create a new policy instance. |
|
15
|
|
|
* |
|
16
|
|
|
* @return void |
|
17
|
|
|
*/ |
|
18
|
154 |
|
public function __construct() |
|
19
|
|
|
{ |
|
20
|
|
|
// |
|
21
|
154 |
|
} |
|
22
|
|
|
|
|
23
|
|
|
// Determine if the user is a Installer/Super Admin |
|
24
|
154 |
|
public function isInstaller(User $user) |
|
25
|
|
|
{ |
|
26
|
154 |
|
$role = User::find($user->user_id); |
|
27
|
|
|
|
|
28
|
154 |
|
if($role->role_id == 1) |
|
29
|
|
|
{ |
|
30
|
24 |
|
return true; |
|
31
|
|
|
} |
|
32
|
|
|
|
|
33
|
130 |
|
return false; |
|
34
|
|
|
} |
|
35
|
|
|
|
|
36
|
|
|
// Determine if a user can see the Administration Nav Link |
|
37
|
32 |
|
public function seeAdminLink(User $user) |
|
38
|
|
|
{ |
|
39
|
32 |
|
if ($this->isInstaller($user)) |
|
40
|
|
|
{ |
|
41
|
4 |
|
return true; |
|
42
|
|
|
} |
|
43
|
|
|
|
|
44
|
28 |
|
$data = UserRolePermissions::with('UserRolePermissionTypes') |
|
45
|
|
|
->whereHas('UserRolePermissionTypes', function ($query) { |
|
46
|
28 |
|
$query->where('description', 'Manage Users') |
|
47
|
28 |
|
->orWhere('description', 'Modify Category') |
|
48
|
28 |
|
->orWhere('description', 'Create Category'); |
|
49
|
28 |
|
}) |
|
50
|
28 |
|
->where('role_id', $user->user_id) |
|
51
|
28 |
|
->where('allow', 1) |
|
52
|
28 |
|
->get(); |
|
53
|
|
|
|
|
54
|
28 |
|
return $data->isEmpty() ? false : true; |
|
55
|
|
|
} |
|
56
|
|
|
|
|
57
|
|
|
// Determine if a user has permissions for a task |
|
58
|
154 |
|
public function hasAccess(User $user, $task) |
|
59
|
|
|
{ |
|
60
|
|
|
// Check if user is super user first |
|
61
|
154 |
|
if($this->isInstaller($user)) |
|
62
|
|
|
{ |
|
63
|
24 |
|
return true; |
|
64
|
|
|
} |
|
65
|
|
|
|
|
66
|
130 |
|
$data = UserRolePermissions::with('UserRolePermissionTypes') |
|
67
|
|
|
->whereHas('UserRolePermissionTypes', function ($query) use ($task) { |
|
68
|
130 |
|
$query->where('description', $task); |
|
69
|
130 |
|
}) |
|
70
|
130 |
|
->where('role_id', $user->role_id) |
|
71
|
130 |
|
->where('allow', 1) |
|
72
|
130 |
|
->get(); |
|
73
|
|
|
|
|
74
|
130 |
|
$allow = $data->isEmpty() ? 'false' : 'true'; |
|
75
|
130 |
|
\Log::debug('User '.$user->full_name.' is trying to access '.$task.'. Result - ' . $allow); |
|
76
|
|
|
|
|
77
|
130 |
|
return $data->isEmpty() ? false : true; |
|
78
|
|
|
} |
|
79
|
|
|
} |
|
80
|
|
|
|
butcherman /
Tech_Bench
