<?php namespace App\Models\Policies; use Illuminate\Auth\Access\HandlesAuthorization; use App\Models\{System,User}; /** * This handles updating system records * * Authorisation is defined by function_role_only, where * - function = create,delete,update * - role = admin,zc,rc,nc,hc,nn,pt * - only = only that role can do (no hierarchy permission) * ie: * - admin - only site admin can do (user = admin) * - zc - only ZC can perform (user has an address that is a ZC) * - rc - only RC (or ZC) ... * - hc - only HC (or ZC/RC) ... * - nn - only NN (or ZC/RC/HC) ... * - pt - only PT (or ZC/RC/HC/NN) ... */ class SystemPolicy { use HandlesAuthorization; public function admin(User $user, System $system): bool { // Site Admins can always create // If it doesnt exist, then a user can create it. return ($user->isAdmin() || (! $system->exists)); } /** * Determine whether the user can create the model. * * A user can create a system if it doesnt exist. * * @param User $user * @param System $system * @return bool */ public function create(User $user, System $system): bool { // Site Admins can always create // If it doesnt exist, then a user can create it. return ($user->isAdmin() || (! $system->exists)); } /** * Can the user register this system * * @param User $user * @param System $system * @return bool */ public function register(User $user,System $system): bool { return ! $system->users->count() || $system->users->has($user); } /** * Determine whether the user can update the model. * * A user can update a system if they are the user of it and it has no addresses. * If it has addresses, at least one of the addresses must have been validated. * (The assumption is, if a system has multiple addresses, they would be valid, or an admin can remove them.) * * @param User $user * @param System $system * @return bool */ public function update_nn(User $user,System $system): bool { // Site Admins can always edit if ($user->isAdmin()) return TRUE; // If it doesnt exist, then its a true (they are creating it). if (! $system->exists) return TRUE; // @todo Permit ZC, RC, NC, HUB user return $system->users->contains($user) && $system->akas->count(); } }