52 lines
978 B
PHP
52 lines
978 B
PHP
<?php
|
|
|
|
namespace App\Models\Policies;
|
|
|
|
use Illuminate\Auth\Access\HandlesAuthorization;
|
|
|
|
use App\Models\User;
|
|
|
|
class UserPolicy
|
|
{
|
|
use HandlesAuthorization;
|
|
|
|
/**
|
|
* Wholesalers can do anything.
|
|
*
|
|
* @param User $uo
|
|
* @param string $ability
|
|
* @return bool|null
|
|
*/
|
|
public function before(User $uo,string $ability): ?bool
|
|
{
|
|
return $uo->isWholesaler() ?: NULL;
|
|
}
|
|
|
|
/**
|
|
* Can this user assume the role of the other user
|
|
*
|
|
* @param User $uo
|
|
* @param User $o
|
|
* @return bool
|
|
*/
|
|
public function assume(User $uo, User $o): bool
|
|
{
|
|
return $uo->isAdmin($o);
|
|
}
|
|
|
|
/**
|
|
* Determine whether the user can view the user details.
|
|
*
|
|
* @param User $uo
|
|
* @param User $o
|
|
* @return bool
|
|
*/
|
|
public function view(User $uo,User $o): bool
|
|
{
|
|
// If this is a service for an account managed by a user.
|
|
return ($uo->id == $o->id)
|
|
|
|
// The user has this as one of their accounts
|
|
OR $uo->accounts->pluck('user')->pluck('id')->unique()->contains($o->id);
|
|
}
|
|
} |