49 lines
936 B
PHP
49 lines
936 B
PHP
<?php
|
|
|
|
namespace App\Models\Policies;
|
|
|
|
use Illuminate\Auth\Access\HandlesAuthorization;
|
|
|
|
use App\Models\User;
|
|
|
|
class UserPolicy
|
|
{
|
|
use HandlesAuthorization;
|
|
|
|
/**
|
|
* Wholesalers can do anything.
|
|
*
|
|
* @param User $uo
|
|
* @param string $ability
|
|
* @return null|bool
|
|
*/
|
|
public function before(User $uo,string $ability): bool|NULL
|
|
{
|
|
return $uo->isWholesaler() ?: NULL;
|
|
}
|
|
|
|
/**
|
|
* Can this user assume the role of the other user
|
|
*
|
|
* @param User $uo
|
|
* @param User $o
|
|
* @return bool
|
|
*/
|
|
public function assume(User $uo, User $o): bool
|
|
{
|
|
return $uo->isAdmin($o);
|
|
}
|
|
|
|
/**
|
|
* Determine whether the user can view the user details.
|
|
*
|
|
* @param User $uo
|
|
* @param User $o
|
|
* @return bool
|
|
*/
|
|
public function view(User $uo,User $o): bool
|
|
{
|
|
// If this is a service for an account managed by a user.
|
|
return ($uo->id == $o->id) || $uo->accounts_all->pluck('user_id')->contains($o->id) || $uo->isWholesaler();
|
|
}
|
|
} |