Enabled NetmailPolicy, users can see netmail if they are in the seen-by, a ZC or admin
This commit is contained in:
parent
90206f2bb5
commit
c9d04b64ac
@ -74,6 +74,17 @@ class User extends Authenticatable implements MustVerifyEmail
|
||||
|
||||
/* GENERAL METHODS */
|
||||
|
||||
public function addresses(): Collection
|
||||
{
|
||||
return Address::select('addresses.*')
|
||||
->join('systems',['systems.id'=>'addresses.system_id'])
|
||||
->join('system_user',['system_user.system_id'=>'systems.id'])
|
||||
->where('system_user.user_id',$this->id)
|
||||
->with(['zone.domain'])
|
||||
->get();
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* See if the user is already a member of the chosen network
|
||||
*
|
||||
|
||||
28
app/Policies/EchomailPolicy.php
Normal file
28
app/Policies/EchomailPolicy.php
Normal file
@ -0,0 +1,28 @@
|
||||
<?php
|
||||
|
||||
namespace App\Policies;
|
||||
|
||||
use Illuminate\Auth\Access\HandlesAuthorization;
|
||||
|
||||
use App\Models\{Echomail,User};
|
||||
|
||||
class EchomailPolicy
|
||||
{
|
||||
use HandlesAuthorization;
|
||||
|
||||
/**
|
||||
* This determines whether a logged-in user can view an echomail
|
||||
*
|
||||
* @param User $user
|
||||
* @param Echomail $o
|
||||
* @return bool
|
||||
*/
|
||||
public function view(User $user, Echomail $o): bool
|
||||
{
|
||||
return (
|
||||
$user->isAdmin()
|
||||
|| $user->isZC()
|
||||
|| $o->seenby->pluck('id')->intersect($user->addresses()->pluck('id'))->count()
|
||||
);
|
||||
}
|
||||
}
|
||||
@ -14,10 +14,10 @@ class NetmailPolicy
|
||||
* This determines whether a logged-in user can view a netmail
|
||||
*
|
||||
* @param User $user
|
||||
* @param Netmail $netmail
|
||||
* @param Netmail $o
|
||||
* @return bool
|
||||
*/
|
||||
public function view(User $user, Netmail $netmail): bool
|
||||
public function view(User $user, Netmail $o): bool
|
||||
{
|
||||
$zones = $user->zc()->pluck('zone')
|
||||
//->merge($user->rc()->pluck('zone'))
|
||||
@ -28,8 +28,8 @@ class NetmailPolicy
|
||||
// Site Admins can always view
|
||||
return (
|
||||
$user->isAdmin()
|
||||
|| ($zones->contains($netmail->fftn->zone))
|
||||
|| ($zones->contains($netmail->tftn->zone))
|
||||
|| ($zones->contains($o->fftn->zone))
|
||||
|| ($zones->contains($o->tftn->zone))
|
||||
);
|
||||
}
|
||||
}
|
||||
@ -135,12 +135,12 @@ Route::middleware(['auth','verified','activeuser'])->group(function () {
|
||||
});
|
||||
|
||||
Route::middleware(['auth','can:view,o'])->group(function () {
|
||||
Route::get('echomail/view/{o}',[EchomailController::class,'view']);
|
||||
Route::get('netmail/view/{o}',[NetmailController::class,'view']);
|
||||
});
|
||||
|
||||
Route::middleware(['auth','can:admin'])->group(function () {
|
||||
Route::match(['get','post'],'address/merge/{id}',[SystemController::class,'address_merge']);
|
||||
Route::get('echomail/view/{o}',[EchomailController::class,'view']);
|
||||
Route::match(['get','post'],'setup',[HomeController::class,'setup']);
|
||||
|
||||
Route::view('user','user.home');
|
||||
|
||||
Loading…
Reference in New Issue
Block a user