invoiceninja/app/Policies/DocumentPolicy.php

<?php

namespace App\Policies;

use App\Models\User;

/**
 * Class DocumentPolicy.
 */
class DocumentPolicy extends EntityPolicy
{
    /**
     * @param User  $user
     * @param mixed $item
     *
     * @return bool
     */
    public static function create(User $user, $item)
    {
        return ! empty($user);
    }

    /**
     * @param User     $user
     * @param Document $document
     *
     * @return bool
     */
    public static function view(User $user, $document)
    {
        if ($user->hasPermission(['view_expense', 'view_invoice'], true)) {
            return true;
        }
        if ($document->expense) {
            if ($document->expense->invoice) {
                return $user->can('view', $document->expense->invoice);
            }

            return $user->can('view', $document->expense);
        }
        if ($document->invoice) {
            return $user->can('view', $document->invoice);
        }

        return $user->owns($document);
    }
}
Finish migrating to Laravel ACL 2016-04-26 03:53:39 +02:00			`<?php`

			`namespace App\Policies;`

Code Refactoring - Removed unused uses - Type hinting for method parameters - Removed commented code - Introduced comments for classes and methods - Short array syntax 2016-07-03 18:11:58 +02:00			`use App\Models\User;`

			`/**`
php-cs-fixer cleanup 2017-01-30 20:40:43 +01:00			`* Class DocumentPolicy.`
Code Refactoring - Removed unused uses - Type hinting for method parameters - Removed commented code - Introduced comments for classes and methods - Short array syntax 2016-07-03 18:11:58 +02:00			`*/`
			`class DocumentPolicy extends EntityPolicy`
			`{`
			`/**`
php-cs-fixer 2017-01-30 20:49:42 +01:00			`* @param User $user`
			`* @param mixed $item`
php-cs-fixer cleanup 2017-01-30 20:40:43 +01:00			`*`
Code Refactoring - Removed unused uses - Type hinting for method parameters - Removed commented code - Introduced comments for classes and methods - Short array syntax 2016-07-03 18:11:58 +02:00			`* @return bool`
			`*/`
Fix for permissions change 2016-10-28 08:42:49 +02:00			`public static function create(User $user, $item)`
Code Refactoring - Removed unused uses - Type hinting for method parameters - Removed commented code - Introduced comments for classes and methods - Short array syntax 2016-07-03 18:11:58 +02:00			`{`
php-cs-fixer cleanup 2017-01-30 20:40:43 +01:00			`return ! empty($user);`
Finish migrating to Laravel ACL 2016-04-26 03:53:39 +02:00			`}`
Code Refactoring - Removed unused uses - Type hinting for method parameters - Removed commented code - Introduced comments for classes and methods - Short array syntax 2016-07-03 18:11:58 +02:00
			`/**`
php-cs-fixer cleanup 2017-01-30 20:40:43 +01:00			`* @param User $user`
Rollback to 2.6.5 2016-07-21 14:35:23 +02:00			`* @param Document $document`
php-cs-fixer cleanup 2017-01-30 20:40:43 +01:00			`*`
Code Refactoring - Removed unused uses - Type hinting for method parameters - Removed commented code - Introduced comments for classes and methods - Short array syntax 2016-07-03 18:11:58 +02:00			`* @return bool`
			`*/`
Rollback to 2.6.5 2016-07-21 14:35:23 +02:00			`public static function view(User $user, $document)`
Code Refactoring - Removed unused uses - Type hinting for method parameters - Removed commented code - Introduced comments for classes and methods - Short array syntax 2016-07-03 18:11:58 +02:00			`{`
This PR implements Create/View/Edit permissions based on ENTITY TYPE (ie invoice/expense/client). (#2150) * migration for new permissions schema * update permissions across data tables * refactor migrations to prevent duplicate attribute * update permissions in views * Product Permissions * permissions via controllers * Refactor to use Laravel authorization gate * Doc Blocks for EntityPolicy * check permissions conditional on create new client * Bug Fixes * Data table permissions * working on UI * settings UI/UX finalised * Datatable permissions * remove legacy permissions * permission fix for viewing client * remove all instances of viewByOwner * refactor after PR * Bug fix for Functional test and implementation of Functional tests for Permissions * fix for tests 2018-06-07 12:08:34 +02:00			`if ($user->hasPermission(['view_expense', 'view_invoice'], true)) {`
Code Refactoring - Removed unused uses - Type hinting for method parameters - Removed commented code - Introduced comments for classes and methods - Short array syntax 2016-07-03 18:11:58 +02:00			`return true;`
			`}`
			`if ($document->expense) {`
			`if ($document->expense->invoice) {`
			`return $user->can('view', $document->expense->invoice);`
			`}`
php-cs-fixer cleanup 2017-01-30 20:40:43 +01:00
Code Refactoring - Removed unused uses - Type hinting for method parameters - Removed commented code - Introduced comments for classes and methods - Short array syntax 2016-07-03 18:11:58 +02:00			`return $user->can('view', $document->expense);`
			`}`
			`if ($document->invoice) {`
			`return $user->can('view', $document->invoice);`
			`}`

Fixes... 2017-05-29 17:02:08 +02:00			`return $user->owns($document);`
Finish migrating to Laravel ACL 2016-04-26 03:53:39 +02:00			`}`
Fix for code refactor 2016-07-14 11:01:05 +02:00			`}`