Enabled NetmailPolicy, users can see netmail if they are in the seen-by, a ZC or admin
This commit is contained in:
parent
90206f2bb5
commit
c9d04b64ac
@ -74,6 +74,17 @@ class User extends Authenticatable implements MustVerifyEmail
|
|||||||
|
|
||||||
/* GENERAL METHODS */
|
/* GENERAL METHODS */
|
||||||
|
|
||||||
|
public function addresses(): Collection
|
||||||
|
{
|
||||||
|
return Address::select('addresses.*')
|
||||||
|
->join('systems',['systems.id'=>'addresses.system_id'])
|
||||||
|
->join('system_user',['system_user.system_id'=>'systems.id'])
|
||||||
|
->where('system_user.user_id',$this->id)
|
||||||
|
->with(['zone.domain'])
|
||||||
|
->get();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* See if the user is already a member of the chosen network
|
* See if the user is already a member of the chosen network
|
||||||
*
|
*
|
||||||
|
|||||||
28
app/Policies/EchomailPolicy.php
Normal file
28
app/Policies/EchomailPolicy.php
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
namespace App\Policies;
|
||||||
|
|
||||||
|
use Illuminate\Auth\Access\HandlesAuthorization;
|
||||||
|
|
||||||
|
use App\Models\{Echomail,User};
|
||||||
|
|
||||||
|
class EchomailPolicy
|
||||||
|
{
|
||||||
|
use HandlesAuthorization;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This determines whether a logged-in user can view an echomail
|
||||||
|
*
|
||||||
|
* @param User $user
|
||||||
|
* @param Echomail $o
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public function view(User $user, Echomail $o): bool
|
||||||
|
{
|
||||||
|
return (
|
||||||
|
$user->isAdmin()
|
||||||
|
|| $user->isZC()
|
||||||
|
|| $o->seenby->pluck('id')->intersect($user->addresses()->pluck('id'))->count()
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -14,10 +14,10 @@ class NetmailPolicy
|
|||||||
* This determines whether a logged-in user can view a netmail
|
* This determines whether a logged-in user can view a netmail
|
||||||
*
|
*
|
||||||
* @param User $user
|
* @param User $user
|
||||||
* @param Netmail $netmail
|
* @param Netmail $o
|
||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
public function view(User $user, Netmail $netmail): bool
|
public function view(User $user, Netmail $o): bool
|
||||||
{
|
{
|
||||||
$zones = $user->zc()->pluck('zone')
|
$zones = $user->zc()->pluck('zone')
|
||||||
//->merge($user->rc()->pluck('zone'))
|
//->merge($user->rc()->pluck('zone'))
|
||||||
@ -28,8 +28,8 @@ class NetmailPolicy
|
|||||||
// Site Admins can always view
|
// Site Admins can always view
|
||||||
return (
|
return (
|
||||||
$user->isAdmin()
|
$user->isAdmin()
|
||||||
|| ($zones->contains($netmail->fftn->zone))
|
|| ($zones->contains($o->fftn->zone))
|
||||||
|| ($zones->contains($netmail->tftn->zone))
|
|| ($zones->contains($o->tftn->zone))
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -135,12 +135,12 @@ Route::middleware(['auth','verified','activeuser'])->group(function () {
|
|||||||
});
|
});
|
||||||
|
|
||||||
Route::middleware(['auth','can:view,o'])->group(function () {
|
Route::middleware(['auth','can:view,o'])->group(function () {
|
||||||
|
Route::get('echomail/view/{o}',[EchomailController::class,'view']);
|
||||||
Route::get('netmail/view/{o}',[NetmailController::class,'view']);
|
Route::get('netmail/view/{o}',[NetmailController::class,'view']);
|
||||||
});
|
});
|
||||||
|
|
||||||
Route::middleware(['auth','can:admin'])->group(function () {
|
Route::middleware(['auth','can:admin'])->group(function () {
|
||||||
Route::match(['get','post'],'address/merge/{id}',[SystemController::class,'address_merge']);
|
Route::match(['get','post'],'address/merge/{id}',[SystemController::class,'address_merge']);
|
||||||
Route::get('echomail/view/{o}',[EchomailController::class,'view']);
|
|
||||||
Route::match(['get','post'],'setup',[HomeController::class,'setup']);
|
Route::match(['get','post'],'setup',[HomeController::class,'setup']);
|
||||||
|
|
||||||
Route::view('user','user.home');
|
Route::view('user','user.home');
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user