| Server IP : 78.140.185.180 / Your IP : 216.73.216.170 Web Server : LiteSpeed System : Linux cpanel13.v.fozzy.com 4.18.0-513.11.1.lve.el8.x86_64 #1 SMP Thu Jan 18 16:21:02 UTC 2024 x86_64 User : builderbox ( 1072) PHP Version : 7.3.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /home/builderbox/./././www/common/Core/Policies/ |
Upload File : |
<?php namespace Common\Core\Policies;
use Common\Auth\BaseUser;
use Illuminate\Auth\Access\HandlesAuthorization;
use Illuminate\Http\Request;
class UserPolicy
{
use HandlesAuthorization;
/**
* @var Request
*/
private $request;
public function __construct(Request $request)
{
$this->request = $request;
}
public function index(BaseUser $user)
{
return $user->hasPermission('users.view');
}
public function show(BaseUser $current, BaseUser $requested)
{
return $current->hasPermission('users.view') ||
$current->id === $requested->id;
}
public function store(BaseUser $user)
{
return $user->hasPermission('users.create');
}
public function update(BaseUser $current, BaseUser $toUpdate = null)
{
// user has proper permissions
if ($current->hasPermission('users.update')) {
return true;
}
// no permissions and not trying to update his own model
if (!$toUpdate || $current->id !== $toUpdate->id) {
return false;
}
// user should not be able to change his own permissions or roles
if (
$this->request->get('permissions') ||
$this->request->get('roles')
) {
return false;
}
return true;
}
public function destroy(BaseUser $user, array $userIds)
{
$deletingOwnAccount = collect($userIds)->every(function (
int $userId
) use ($user) {
return $userId === $user->id;
});
return $deletingOwnAccount || $user->hasPermission('users.delete');
}
}