maher
80
app/Policies/ChannelPolicy.php
Executable file
80
app/Policies/ChannelPolicy.php
Executable file
@@ -0,0 +1,80 @@
|
||||
<?php
|
||||
|
||||
namespace App\Policies;
|
||||
|
||||
use App\Models\Channel;
|
||||
use App\Models\User;
|
||||
use Common\Core\Policies\BasePolicy;
|
||||
use Illuminate\Support\Collection;
|
||||
|
||||
class ChannelPolicy extends BasePolicy
|
||||
{
|
||||
public function index(?User $user, string $channelType = 'channel')
|
||||
{
|
||||
if ($channelType === 'list') {
|
||||
return $this->authorizePermission($user, 'lists.view');
|
||||
}
|
||||
|
||||
return $this->authorizePermission($user, 'channels.update');
|
||||
}
|
||||
|
||||
public function show(?User $user, Channel $channel)
|
||||
{
|
||||
if ($channel->user_id && $channel->user_id === $user->id) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if ($channel->type === 'channel') {
|
||||
return $this->authorizePermission($user, 'titles.view');
|
||||
} else {
|
||||
// if list not public and user is not owner, deny access
|
||||
if (!$channel->public && !$channel->user_id === $user?->id) {
|
||||
return false;
|
||||
}
|
||||
// require "lists.view" permission always, so users can be
|
||||
// blocked completely from lists functionality if not subscribed
|
||||
return $this->authorizePermission($user, 'lists.view');
|
||||
}
|
||||
}
|
||||
|
||||
public function store(User $user, string $channelType = null)
|
||||
{
|
||||
if ($channelType === 'list') {
|
||||
return $this->hasPermission($user, 'lists.create');
|
||||
}
|
||||
return $this->hasPermission($user, 'channels.create');
|
||||
}
|
||||
|
||||
public function update(User $user, Channel $channel)
|
||||
{
|
||||
if ($channel->user_id && $channel->user_id === $user->id) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if ($channel->type === 'list') {
|
||||
return $this->hasPermission($user, 'lists.update');
|
||||
}
|
||||
|
||||
return $this->hasPermission($user, 'channels.update');
|
||||
}
|
||||
|
||||
public function destroy(User $user, Collection $channels = null)
|
||||
{
|
||||
$type = $channels?->first()['type'] ?? 'channel';
|
||||
|
||||
if ($type === 'list' && $this->hasPermission($user, 'lists.delete')) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (
|
||||
$type === 'channel' &&
|
||||
$this->hasPermission($user, 'channels.delete')
|
||||
) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return collect($channels)->every(
|
||||
fn(Channel $list) => $list->user_id === $user->id,
|
||||
);
|
||||
}
|
||||
}
|
||||
36
app/Policies/NewsArticlePolicy.php
Executable file
36
app/Policies/NewsArticlePolicy.php
Executable file
@@ -0,0 +1,36 @@
|
||||
<?php
|
||||
|
||||
namespace App\Policies;
|
||||
|
||||
use App\Models\User;
|
||||
use Illuminate\Auth\Access\HandlesAuthorization;
|
||||
|
||||
class NewsArticlePolicy
|
||||
{
|
||||
use HandlesAuthorization;
|
||||
|
||||
public function index(User $user)
|
||||
{
|
||||
return $user->hasPermission('news.view');
|
||||
}
|
||||
|
||||
public function show(User $user)
|
||||
{
|
||||
return $user->hasPermission('news.view');
|
||||
}
|
||||
|
||||
public function store(User $user)
|
||||
{
|
||||
return $user->hasPermission('news.create');
|
||||
}
|
||||
|
||||
public function update(User $user)
|
||||
{
|
||||
return $user->hasPermission('news.update');
|
||||
}
|
||||
|
||||
public function destroy(User $user)
|
||||
{
|
||||
return $user->hasPermission('news.delete');
|
||||
}
|
||||
}
|
||||
36
app/Policies/PersonPolicy.php
Executable file
36
app/Policies/PersonPolicy.php
Executable file
@@ -0,0 +1,36 @@
|
||||
<?php
|
||||
|
||||
namespace App\Policies;
|
||||
|
||||
use App\Models\User;
|
||||
use Illuminate\Auth\Access\HandlesAuthorization;
|
||||
|
||||
class PersonPolicy
|
||||
{
|
||||
use HandlesAuthorization;
|
||||
|
||||
public function index(User $user)
|
||||
{
|
||||
return $user->hasPermission('people.view');
|
||||
}
|
||||
|
||||
public function show(User $user)
|
||||
{
|
||||
return $user->hasPermission('people.view');
|
||||
}
|
||||
|
||||
public function store(User $user)
|
||||
{
|
||||
return $user->hasPermission('people.create');
|
||||
}
|
||||
|
||||
public function update(User $user)
|
||||
{
|
||||
return $user->hasPermission('people.update');
|
||||
}
|
||||
|
||||
public function destroy(User $user)
|
||||
{
|
||||
return $user->hasPermission('people.delete');
|
||||
}
|
||||
}
|
||||
40
app/Policies/ReviewPolicy.php
Executable file
40
app/Policies/ReviewPolicy.php
Executable file
@@ -0,0 +1,40 @@
|
||||
<?php
|
||||
|
||||
namespace App\Policies;
|
||||
|
||||
use App\Models\Review;
|
||||
use App\Models\User;
|
||||
use Illuminate\Auth\Access\HandlesAuthorization;
|
||||
use Illuminate\Support\Collection;
|
||||
|
||||
class ReviewPolicy
|
||||
{
|
||||
use HandlesAuthorization;
|
||||
|
||||
public function index(User $user)
|
||||
{
|
||||
return $user->hasPermission('reviews.view');
|
||||
}
|
||||
|
||||
public function show(User $user)
|
||||
{
|
||||
return $user->hasPermission('reviews.view');
|
||||
}
|
||||
|
||||
public function store(User $user)
|
||||
{
|
||||
return $user->hasPermission('reviews.create');
|
||||
}
|
||||
|
||||
public function update(User $user)
|
||||
{
|
||||
return $user->hasPermission('reviews.update');
|
||||
}
|
||||
|
||||
public function destroy(User $user, Collection $reviews)
|
||||
{
|
||||
if ($user->hasPermission('reviews.delete')) return true;
|
||||
|
||||
return $reviews->every(fn(Review $review) => $user->id && $user->id === $review->user_id);
|
||||
}
|
||||
}
|
||||
36
app/Policies/TitlePolicy.php
Executable file
36
app/Policies/TitlePolicy.php
Executable file
@@ -0,0 +1,36 @@
|
||||
<?php
|
||||
|
||||
namespace App\Policies;
|
||||
|
||||
use App\Models\User;
|
||||
use Illuminate\Auth\Access\HandlesAuthorization;
|
||||
|
||||
class TitlePolicy
|
||||
{
|
||||
use HandlesAuthorization;
|
||||
|
||||
public function index(User $user)
|
||||
{
|
||||
return $user->hasPermission('titles.view');
|
||||
}
|
||||
|
||||
public function show(User $user)
|
||||
{
|
||||
return $user->hasPermission('titles.view');
|
||||
}
|
||||
|
||||
public function store(User $user)
|
||||
{
|
||||
return $user->hasPermission('titles.create');
|
||||
}
|
||||
|
||||
public function update(User $user)
|
||||
{
|
||||
return $user->hasPermission('titles.update');
|
||||
}
|
||||
|
||||
public function destroy(User $user)
|
||||
{
|
||||
return $user->hasPermission('titles.delete');
|
||||
}
|
||||
}
|
||||
50
app/Policies/VideoPolicy.php
Executable file
50
app/Policies/VideoPolicy.php
Executable file
@@ -0,0 +1,50 @@
|
||||
<?php
|
||||
|
||||
namespace App\Policies;
|
||||
|
||||
use App\Models\User;
|
||||
use App\Models\Video;
|
||||
use Illuminate\Auth\Access\HandlesAuthorization;
|
||||
|
||||
class VideoPolicy
|
||||
{
|
||||
use HandlesAuthorization;
|
||||
|
||||
public function vote(User $user)
|
||||
{
|
||||
return $user->hasPermission('videos.rate');
|
||||
}
|
||||
|
||||
public function index(User $user, int $userId = null)
|
||||
{
|
||||
return $user->hasPermission('videos.view') || $user->id === $userId;
|
||||
}
|
||||
|
||||
public function show(User $user, Video $video = null)
|
||||
{
|
||||
return $user->hasPermission('videos.view') || ($video && $video->user_id === $user->id);
|
||||
}
|
||||
|
||||
public function store(User $user)
|
||||
{
|
||||
return $user->hasPermission('videos.create');
|
||||
}
|
||||
|
||||
public function update(User $user)
|
||||
{
|
||||
return $user->hasPermission('videos.update');
|
||||
}
|
||||
|
||||
public function destroy(User $user, $videoIds)
|
||||
{
|
||||
if ($user->hasPermission('videos.delete')) {
|
||||
return true;
|
||||
} else {
|
||||
$dbCount = app(Video::class)
|
||||
->whereIn('id', $videoIds)
|
||||
->where('user_id', $user->id)
|
||||
->count();
|
||||
return $dbCount === (is_countable($videoIds) ? count($videoIds) : 0);
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user