88 lines
2.2 KiB
PHP
88 lines
2.2 KiB
PHP
<?php
|
|
|
|
namespace App\Models\Policies;
|
|
|
|
use Illuminate\Auth\Access\HandlesAuthorization;
|
|
|
|
use App\Models\{System,User};
|
|
|
|
/**
|
|
* This handles updating system records
|
|
*
|
|
* Authorisation is defined by function_role_only, where
|
|
* - function = create,delete,update
|
|
* - role = admin,zc,rc,nc,hc,nn,pt
|
|
* - only = only that role can do (no hierarchy permission)
|
|
* ie:
|
|
* - admin - only site admin can do (user = admin)
|
|
* - zc - only ZC can perform (user has an address that is a ZC)
|
|
* - rc - only RC (or ZC) ...
|
|
* - hc - only HC (or ZC/RC) ...
|
|
* - nn - only NN (or ZC/RC/HC) ...
|
|
* - pt - only PT (or ZC/RC/HC/NN) ...
|
|
*/
|
|
class SystemPolicy
|
|
{
|
|
use HandlesAuthorization;
|
|
|
|
public function admin(User $user, System $system): bool
|
|
{
|
|
// Site Admins can always create
|
|
// If it doesnt exist, then a user can create it.
|
|
return ($user->isAdmin() || (! $system->exists));
|
|
}
|
|
|
|
/**
|
|
* Determine whether the user can create the model.
|
|
*
|
|
* A user can create a system if it doesnt exist.
|
|
*
|
|
* @param User $user
|
|
* @param System $system
|
|
* @return bool
|
|
*/
|
|
public function create(User $user, System $system): bool
|
|
{
|
|
// Site Admins can always create
|
|
// If it doesnt exist, then a user can create it.
|
|
return ($user->isAdmin() || (! $system->exists));
|
|
}
|
|
|
|
/**
|
|
* Can the user register this system
|
|
*
|
|
* @param User $user
|
|
* @param System $system
|
|
* @return bool
|
|
*/
|
|
public function register(User $user,System $system): bool
|
|
{
|
|
return ! $system->users->count() || $system->users->has($user);
|
|
}
|
|
|
|
/**
|
|
* Determine whether the user can update the model.
|
|
*
|
|
* A user can update a system if they are the user of it and it has no addresses.
|
|
* If it has addresses, at least one of the addresses must have been validated.
|
|
* (The assumption is, if a system has multiple addresses, they would be valid, or an admin can remove them.)
|
|
*
|
|
* @param User $user
|
|
* @param System $system
|
|
* @return bool
|
|
*/
|
|
public function update_nn(User $user,System $system): bool
|
|
{
|
|
// Site Admins can always edit
|
|
if ($user->isAdmin())
|
|
return TRUE;
|
|
|
|
// If it doesnt exist, then its a true (they are creating it).
|
|
if (! $system->exists)
|
|
return TRUE;
|
|
|
|
// @todo Permit ZC, RC, NC, HUB user
|
|
|
|
return $system->users->contains($user) && $system->akas->count();
|
|
}
|
|
} |