clrghouz/app/Policies/SystemPolicy.php

<?php

namespace App\Policies;

use Illuminate\Auth\Access\HandlesAuthorization;

use App\Models\{System,User};

/**
 * This handles updating system records
 *
 * Authorisation is defined by function_role_only, where
 * - function = create,delete,update
 * - role = admin,zc,rc,nc,hc,nn,pt
 * - only = only that role can do (no hierarchy permission)
 *   ie:
 *   - admin - only site admin can do (user = admin)
 *   - zc - only ZC can perform (user has an address that is a ZC)
 *   - rc - only RC (or ZC) ...
 *   - hc - only HC (or ZC/RC) ...
 *   - nn - only NN (or ZC/RC/HC) ...
 *   - pt - only PT (or ZC/RC/HC/NN) ...
 */
class SystemPolicy
{
	use HandlesAuthorization;

	/**
	 * Determine whether the user can create the model.
	 *
	 * A user can create a system if it doesnt exist.
	 *
	 * @param User $user
	 * @param System $system
	 * @return bool
	 */
	public function create(User $user, System $system): bool
	{
		// Site Admins can always create
		// If it doesnt exist, then a user can create it.
		return ($user->isAdmin() || (! $system->exists));
	}

	/**
	 * Can the user register this system
	 *
	 * @param User $user
	 * @param System $system
	 * @return bool
	 */
	public function register(User $user,System $system): bool
	{
		return ! $system->users->count() || $system->users->has($user);
	}

	/**
	 * Determine whether the user can update the model.
	 *
	 * A user can update a system if they are the user of it and it has no addresses.
	 * If it has addresses, at least one of the addresses must have been validated.
	 * (The assumption is, if a system has multiple addresses, they would be valid, or an admin can remove them.)
	 *
	 * @param User $user
	 * @param System $system
	 * @return bool
	 */
	public function update_nn(User $user,System $system): bool
	{
		// Site Admins can always edit
		if ($user->isAdmin())
			return TRUE;

		// If it doesnt exist, then its a false.
		if (! $system->exists)
			return FALSE;

		// @todo Permit ZC, RC, NC, HUB user

		return $system->users->contains($user) && $system->akas->count();
	}
}
User register system, minor cosmetic changes, start of user authorisation 2021-11-11 11:57:13 +00:00			`<?php`

			`namespace App\Policies;`

			`use Illuminate\Auth\Access\HandlesAuthorization;`

			`use App\Models\{System,User};`

Update on security, user to edit their own system 2024-05-17 22:27:17 +00:00			`/**`
			`* This handles updating system records`
			`*`
			`* Authorisation is defined by function_role_only, where`
			`* - function = create,delete,update`
			`* - role = admin,zc,rc,nc,hc,nn,pt`
			`* - only = only that role can do (no hierarchy permission)`
			`* ie:`
			`* - admin - only site admin can do (user = admin)`
			`* - zc - only ZC can perform (user has an address that is a ZC)`
			`* - rc - only RC (or ZC) ...`
			`* - hc - only HC (or ZC/RC) ...`
			`* - nn - only NN (or ZC/RC/HC) ...`
			`* - pt - only PT (or ZC/RC/HC/NN) ...`
			`*/`
User register system, minor cosmetic changes, start of user authorisation 2021-11-11 11:57:13 +00:00			`class SystemPolicy`
			`{`
			`use HandlesAuthorization;`

Internal enhancements to system registration and editing 2022-01-01 14:52:21 +00:00			`/**`
			`* Determine whether the user can create the model.`
			`*`
			`* A user can create a system if it doesnt exist.`
			`*`
			`* @param User $user`
			`* @param System $system`
			`* @return bool`
			`*/`
			`public function create(User $user, System $system): bool`
			`{`
			`// Site Admins can always create`
			`// If it doesnt exist, then a user can create it.`
			`return ($user->isAdmin() \|\| (! $system->exists));`
			`}`

Work on registration of existing systems to users 2022-03-14 11:28:54 +00:00			`/**`
			`* Can the user register this system`
			`*`
			`* @param User $user`
			`* @param System $system`
			`* @return bool`
			`*/`
			`public function register(User $user,System $system): bool`
			`{`
			`return ! $system->users->count() \|\| $system->users->has($user);`
			`}`

User register system, minor cosmetic changes, start of user authorisation 2021-11-11 11:57:13 +00:00			`/**`
			`* Determine whether the user can update the model.`
			`*`
Changes to Authorisation for users to edit systems, minor cosmetic fixes and more logging 2021-12-29 02:44:27 +00:00			`* A user can update a system if they are the user of it and it has no addresses.`
			`* If it has addresses, at least one of the addresses must have been validated.`
			`* (The assumption is, if a system has multiple addresses, they would be valid, or an admin can remove them.)`
			`*`
Internal enhancements to system registration and editing 2022-01-01 14:52:21 +00:00			`* @param User $user`
			`* @param System $system`
			`* @return bool`
User register system, minor cosmetic changes, start of user authorisation 2021-11-11 11:57:13 +00:00			`*/`
Update on security, user to edit their own system 2024-05-17 22:27:17 +00:00			`public function update_nn(User $user,System $system): bool`
User register system, minor cosmetic changes, start of user authorisation 2021-11-11 11:57:13 +00:00			`{`
Changes to Authorisation for users to edit systems, minor cosmetic fixes and more logging 2021-12-29 02:44:27 +00:00			`// Site Admins can always edit`
			`if ($user->isAdmin())`
			`return TRUE;`

			`// If it doesnt exist, then its a false.`
			`if (! $system->exists)`
			`return FALSE;`

Update on security, user to edit their own system 2024-05-17 22:27:17 +00:00			`// @todo Permit ZC, RC, NC, HUB user`

			`return $system->users->contains($user) && $system->akas->count();`
User register system, minor cosmetic changes, start of user authorisation 2021-11-11 11:57:13 +00:00			`}`
			`}`