invoiceninja/app/Policies/EntityPolicy.php

<?php
/**
 * Invoice Ninja (https://invoiceninja.com).
 *
 * @link https://github.com/invoiceninja/invoiceninja source repository
 *
 * @copyright Copyright (c) 2021. Invoice Ninja LLC (https://invoiceninja.com)
 *
 * @license https://opensource.org/licenses/AAL
 */

namespace App\Policies;

use App\Models\User;

/**
 * Class EntityPolicy.
 */
class EntityPolicy
{
    /**
     * Fires before any of the custom policy methods.
     *
     * Only fires if true, if false we continue.....
     *
     * Do not use this function!!!! We MUST also check company_id,
     *
     * @param User $user
     * @param  $ability
     * @return void /void
     */
    public function before($user, $ability)
    {
        //if($user->isAdmin())
         //	return true;
    }

    /**
     * Checks if the user has edit permissions.
     *
     * We MUST also check that the user can both edit a entity and also check the entity belongs to the users company!!!!!!
     *
     * @param  User $user
     * @param  $entity
     * @return bool
     */
    public function edit(User $user, $entity) : bool
    {
        return ($user->isAdmin() && $entity->company_id == $user->companyId())
            || ($user->hasPermission('edit_'.strtolower(class_basename($entity))) && $entity->company_id == $user->companyId())
            || ($user->hasPermission('edit_all') && $entity->company_id == $user->companyId())
            || $user->owns($entity)
            || $user->assigned($entity);
    }

    /**
     *  Checks if the user has view permissions.
     *
     * We MUST also check that the user can both view a entity and also check the entity belongs to the users company!!!!!!
     * @param  User $user
     * @param  $entity
     * @return bool
     */
    public function view(User $user, $entity) : bool
    {
        return ($user->isAdmin() && $entity->company_id == $user->companyId())
            || ($user->hasPermission('view_'.strtolower(class_basename($entity))) && $entity->company_id == $user->companyId())
            || ($user->hasPermission('view_all') && $entity->company_id == $user->companyId())
            || $user->owns($entity)
            || $user->assigned($entity);
    }
}
Scaffold Laravel permissions (Client - Entity) (#2602) * Wired up Bulk Archive / Delete / Restore button with reactivity on checkbox actions * Scaffold Laravel permissions (Client - Entity) 2019-01-16 10:28:06 +01:00			`<?php`
Update copyright 2019-05-11 05:32:07 +02:00			`/**`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`* Invoice Ninja (https://invoiceninja.com).`
Update copyright 2019-05-11 05:32:07 +02:00			`*`
			`* @link https://github.com/invoiceninja/invoiceninja source repository`
			`*`
Update copyright + version bump + set canadian dollar symbol to $ 2021-01-03 22:54:54 +01:00			`* @copyright Copyright (c) 2021. Invoice Ninja LLC (https://invoiceninja.com)`
Update copyright 2019-05-11 05:32:07 +02:00			`*`
			`* @license https://opensource.org/licenses/AAL`
			`*/`
Scaffold Laravel permissions (Client - Entity) (#2602) * Wired up Bulk Archive / Delete / Restore button with reactivity on checkbox actions * Scaffold Laravel permissions (Client - Entity) 2019-01-16 10:28:06 +01:00
			`namespace App\Policies;`

			`use App\Models\User;`

			`/**`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`* Class EntityPolicy.`
Scaffold Laravel permissions (Client - Entity) (#2602) * Wired up Bulk Archive / Delete / Restore button with reactivity on checkbox actions * Scaffold Laravel permissions (Client - Entity) 2019-01-16 10:28:06 +01:00			`*/`
			`class EntityPolicy`
			`{`
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`/**`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`* Fires before any of the custom policy methods.`
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`*`
			`* Only fires if true, if false we continue.....`
			`*`
			`* Do not use this function!!!! We MUST also check company_id,`
			`*`
Psalm cleanup 2020-10-28 11:10:49 +01:00			`* @param User $user`
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`* @param $ability`
Psalm cleanup 2020-10-28 11:10:49 +01:00			`* @return void /void`
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`*/`
			`public function before($user, $ability)`
			`{`
			`//if($user->isAdmin())`
			`// return true;`
			`}`
Scaffold Laravel permissions (Client - Entity) (#2602) * Wired up Bulk Archive / Delete / Restore button with reactivity on checkbox actions * Scaffold Laravel permissions (Client - Entity) 2019-01-16 10:28:06 +01:00
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`/**`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`* Checks if the user has edit permissions.`
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`*`
			`* We MUST also check that the user can both edit a entity and also check the entity belongs to the users company!!!!!!`
			`*`
			`* @param User $user`
			`* @param $entity`
			`* @return bool`
			`*/`
			`public function edit(User $user, $entity) : bool`
			`{`
			`return ($user->isAdmin() && $entity->company_id == $user->companyId())`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`\|\| ($user->hasPermission('edit_'.strtolower(class_basename($entity))) && $entity->company_id == $user->companyId())`
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`\|\| ($user->hasPermission('edit_all') && $entity->company_id == $user->companyId())`
			`\|\| $user->owns($entity)`
			`\|\| $user->assigned($entity);`
			`}`
List views (#2609) * Wire up Create Entity Button to create route * Refactor permissions, we must also ensure the user company id and entity id matches at the Gate:: * Add translations for Status filters * Bug fix for initial list view not displaying * Apply actions to menu for list items * Wire up list view actions, individual * Place permission filters on datatable lists 2019-01-20 06:00:50 +01:00
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`/**`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`* Checks if the user has view permissions.`
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`*`
			`* We MUST also check that the user can both view a entity and also check the entity belongs to the users company!!!!!!`
			`* @param User $user`
			`* @param $entity`
			`* @return bool`
			`*/`
			`public function view(User $user, $entity) : bool`
			`{`
			`return ($user->isAdmin() && $entity->company_id == $user->companyId())`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`\|\| ($user->hasPermission('view_'.strtolower(class_basename($entity))) && $entity->company_id == $user->companyId())`
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`\|\| ($user->hasPermission('view_all') && $entity->company_id == $user->companyId())`
			`\|\| $user->owns($entity)`
			`\|\| $user->assigned($entity);`
			`}`
Scaffold Laravel permissions (Client - Entity) (#2602) * Wired up Bulk Archive / Delete / Restore button with reactivity on checkbox actions * Scaffold Laravel permissions (Client - Entity) 2019-01-16 10:28:06 +01:00			`}`