company policy

app/Policies/CompanyPolicy.php

@@ -0,0 +1,71 @@
+<?php
+/**
+ * Invoice Ninja (https://invoiceninja.com)
+ *
+ * @link https://github.com/invoiceninja/invoiceninja source repository
+ *
+ * @copyright Copyright (c) 2019. Invoice Ninja LLC (https://invoiceninja.com)
+ *
+ * @license https://opensource.org/licenses/AAL
+ */
+
+namespace App\Policies;
+
+use App\Models\Company;
+use App\Models\User;
+use Illuminate\Support\Facades\Log;
+
+/**
+ * Class CompanyPolicy
+ * @package App\Policies
+ */
+class CompanyPolicy extends EntityPolicy
+{
+	/**
+	 *  Checks if the user has create permissions
+	 *  
+	 * @param  User $user
+	 * @return bool
+	 */
+	public function create(User $user) : bool
+	{
+
+		return $user->isAdmin() || $user->hasPermission('create_company');
+
+	}
+
+	/**
+	 *  Checks if the user has view permissions
+	 *
+	 * We MUST also check that the user can both view a entity and also check the entity belongs to the users company!!!!!!
+	 * @param  User $user
+	 * @param  $entity
+	 * @return bool
+	 */
+	public function view(User $user, $entity) : bool
+	{
+
+			return ($user->isAdmin() && $entity->id == $user->companyId()) 
+			|| ($user->hasPermission('view_' . strtolower(class_basename($entity))) && $entity->id == $user->companyId()) 
+			|| $user->owns($entity);
+	}
+
+
+	/**
+	 * Checks if the user has edit permissions
+	 *
+	 * We MUST also check that the user can both edit a entity and also check the entity belongs to the users company!!!!!!
+	 * 
+	 * @param  User $user
+	 * @param  $entity
+	 * @return bool
+	 */
+	public function edit(User $user, $entity) : bool
+	{
+
+			return ($user->isAdmin() && $entity->id == $user->companyId()) 
+			|| ($user->hasPermission('edit_' . strtolower(class_basename($entity))) && $entity->id == $user->companyId())
+			|| $user->owns($entity);
+    
+	}
+}