mirror of
https://github.com/invoiceninja/invoiceninja.git
synced 2024-09-20 08:21:34 +02:00
company policy
This commit is contained in:
parent
0cb1f9459d
commit
07b4b81117
71
app/Policies/CompanyPolicy.php
Normal file
71
app/Policies/CompanyPolicy.php
Normal file
@ -0,0 +1,71 @@
|
||||
<?php
|
||||
/**
|
||||
* Invoice Ninja (https://invoiceninja.com)
|
||||
*
|
||||
* @link https://github.com/invoiceninja/invoiceninja source repository
|
||||
*
|
||||
* @copyright Copyright (c) 2019. Invoice Ninja LLC (https://invoiceninja.com)
|
||||
*
|
||||
* @license https://opensource.org/licenses/AAL
|
||||
*/
|
||||
|
||||
namespace App\Policies;
|
||||
|
||||
use App\Models\Company;
|
||||
use App\Models\User;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
|
||||
/**
|
||||
* Class CompanyPolicy
|
||||
* @package App\Policies
|
||||
*/
|
||||
class CompanyPolicy extends EntityPolicy
|
||||
{
|
||||
/**
|
||||
* Checks if the user has create permissions
|
||||
*
|
||||
* @param User $user
|
||||
* @return bool
|
||||
*/
|
||||
public function create(User $user) : bool
|
||||
{
|
||||
|
||||
return $user->isAdmin() || $user->hasPermission('create_company');
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if the user has view permissions
|
||||
*
|
||||
* We MUST also check that the user can both view a entity and also check the entity belongs to the users company!!!!!!
|
||||
* @param User $user
|
||||
* @param $entity
|
||||
* @return bool
|
||||
*/
|
||||
public function view(User $user, $entity) : bool
|
||||
{
|
||||
|
||||
return ($user->isAdmin() && $entity->id == $user->companyId())
|
||||
|| ($user->hasPermission('view_' . strtolower(class_basename($entity))) && $entity->id == $user->companyId())
|
||||
|| $user->owns($entity);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Checks if the user has edit permissions
|
||||
*
|
||||
* We MUST also check that the user can both edit a entity and also check the entity belongs to the users company!!!!!!
|
||||
*
|
||||
* @param User $user
|
||||
* @param $entity
|
||||
* @return bool
|
||||
*/
|
||||
public function edit(User $user, $entity) : bool
|
||||
{
|
||||
|
||||
return ($user->isAdmin() && $entity->id == $user->companyId())
|
||||
|| ($user->hasPermission('edit_' . strtolower(class_basename($entity))) && $entity->id == $user->companyId())
|
||||
|| $user->owns($entity);
|
||||
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user