mirror of
https://github.com/invoiceninja/invoiceninja.git
synced 2024-11-08 20:22:42 +01:00
a9f2d0d855
* migration for new permissions schema * update permissions across data tables * refactor migrations to prevent duplicate attribute * update permissions in views * Product Permissions * permissions via controllers * Refactor to use Laravel authorization gate * Doc Blocks for EntityPolicy * check permissions conditional on create new client * Bug Fixes * Data table permissions * working on UI * settings UI/UX finalised * Datatable permissions * remove legacy permissions * permission fix for viewing client * remove all instances of viewByOwner * refactor after PR * Bug fix for Functional test and implementation of Functional tests for Permissions * fix for tests
48 lines
988 B
PHP
48 lines
988 B
PHP
<?php
|
|
|
|
namespace App\Policies;
|
|
|
|
use App\Models\User;
|
|
|
|
/**
|
|
* Class DocumentPolicy.
|
|
*/
|
|
class DocumentPolicy extends EntityPolicy
|
|
{
|
|
/**
|
|
* @param User $user
|
|
* @param mixed $item
|
|
*
|
|
* @return bool
|
|
*/
|
|
public static function create(User $user, $item)
|
|
{
|
|
return ! empty($user);
|
|
}
|
|
|
|
/**
|
|
* @param User $user
|
|
* @param Document $document
|
|
*
|
|
* @return bool
|
|
*/
|
|
public static function view(User $user, $document)
|
|
{
|
|
if ($user->hasPermission(['view_expense', 'view_invoice'], true)) {
|
|
return true;
|
|
}
|
|
if ($document->expense) {
|
|
if ($document->expense->invoice) {
|
|
return $user->can('view', $document->expense->invoice);
|
|
}
|
|
|
|
return $user->can('view', $document->expense);
|
|
}
|
|
if ($document->invoice) {
|
|
return $user->can('view', $document->invoice);
|
|
}
|
|
|
|
return $user->owns($document);
|
|
}
|
|
}
|