clrghouz/app/Policies/SystemPolicy.php

81 lines
2.0 KiB
PHP
Raw Normal View History

<?php
namespace App\Policies;
use Illuminate\Auth\Access\HandlesAuthorization;
use App\Models\{System,User};
/**
* This handles updating system records
*
* Authorisation is defined by function_role_only, where
* - function = create,delete,update
* - role = admin,zc,rc,nc,hc,nn,pt
* - only = only that role can do (no hierarchy permission)
* ie:
* - admin - only site admin can do (user = admin)
* - zc - only ZC can perform (user has an address that is a ZC)
* - rc - only RC (or ZC) ...
* - hc - only HC (or ZC/RC) ...
* - nn - only NN (or ZC/RC/HC) ...
* - pt - only PT (or ZC/RC/HC/NN) ...
*/
class SystemPolicy
{
use HandlesAuthorization;
/**
* Determine whether the user can create the model.
*
* A user can create a system if it doesnt exist.
*
* @param User $user
* @param System $system
* @return bool
*/
public function create(User $user, System $system): bool
{
// Site Admins can always create
// If it doesnt exist, then a user can create it.
return ($user->isAdmin() || (! $system->exists));
}
/**
* Can the user register this system
*
* @param User $user
* @param System $system
* @return bool
*/
public function register(User $user,System $system): bool
{
return ! $system->users->count() || $system->users->has($user);
}
/**
* Determine whether the user can update the model.
*
* A user can update a system if they are the user of it and it has no addresses.
* If it has addresses, at least one of the addresses must have been validated.
* (The assumption is, if a system has multiple addresses, they would be valid, or an admin can remove them.)
*
* @param User $user
* @param System $system
* @return bool
*/
public function update_nn(User $user,System $system): bool
{
// Site Admins can always edit
if ($user->isAdmin())
return TRUE;
// If it doesnt exist, then its a false.
if (! $system->exists)
return FALSE;
// @todo Permit ZC, RC, NC, HUB user
return $system->users->contains($user) && $system->akas->count();
}
}