HEX
Server: Microsoft-IIS/8.5
System: Windows NT YDAWBH120 6.3 build 9600 (Windows Server 2012 R2 Standard Edition) AMD64
User: tentjecom_web (0)
PHP: 7.4.14
Disabled: NONE
$ pwd: D:/HostingSpaces/SBogers10/conmeq.komma.pro/app/Komma/Base/
Upload Files
File: D:/HostingSpaces/SBogers10/conmeq.komma.pro/app/Komma/Base/Policy.php
<?php

namespace App\Komma\Base;

use App\Helpers\KommaHelpers;
use App\Komma\Users\Models\KmsUserRole;
use App\Komma\Users\Models\KmsUser;
use Illuminate\Auth\Access\HandlesAuthorization;
use Illuminate\Database\Eloquent\Model;

abstract class Policy
{
    protected $forModelName = null;
    static $DEBUG = false; //Set to true to show debug info in the log. Or a specific policy class to show only debug info for that class.

    use HandlesAuthorization;

    /** @var array An array of abilities (method names) that MUST used. Event for SuperAdmins */
    protected $ignoreAdminStatusForMethods = [];

    /**
     * The before method will be executed before any other methods on the policy,
     * giving you an opportunity to authorize the action before the
     * intended policy method is actually called
     *
     * @param $user
     * @param $ability
     * @return bool
     */
    public function before(KmsUser $user, $ability)
    {
        $this->validateThatCorrectlyConstructed();

        $result = $user->isAtLeast(KmsUserRole::Admin);

        $this->debug($ability, $result);
        if($result) return true;

        return null; //Fallback to the intended ability
    }

    /*
    |--------------------------------------------------------------------------
    | General C.R.U.D. actions authorization
    |--------------------------------------------------------------------------
    |
    | Here you handle basic authorization create, read, update, delete actions
    */

    /**
     * Determine if it is allowed to view all resources
     *
     * @param KmsUser|null $user
     * @return bool
     */
    public function index(KmsUser $user): bool
    {
        $result = $user->isAtLeast(KmsUserRole::Editor);
        $this->debug('index', $result);
        return $result;
    }


    /**
     * Determine if it is allowed to view a specific resource
     *
     * @param KmsUser|null $user
     * @return bool
     */
    public function show(KmsUser $user, $modelToShow): bool
    {

        $result = $user->isAtLeast(KmsUserRole::Editor);
        $this->debug('show', $result);
        return $result;
    }

    /**
     * Determine if it is allowed show a form to edit a resource.
     * This usually means that the user did view the model to be edited and got past
     * the show authorisation. Then he edited a form to change the model and pressed
     * save. After he pressed save he will trigger this edit authorisation
     *
     * @param KmsUser|null $user
     * @return bool
     */
    public function edit(KmsUser $user, $modelToEdit): bool
    {
        $result = $user->isAtLeast(KmsUserRole::Editor);
        $this->debug('edit', $result);
        return $result;
    }

    /**
     * Determine if it is allowed to show a form for creating a new resource
     *
     * @param KmsUser|null $user
     * @return bool
     */
    public function create(KmsUser $user): bool
    {
        $result = $user->isAtLeast(KmsUserRole::Admin);
        $this->debug('create', $result);
        return $result;
    }

    /**
     * Determine if it is allowed to store a new resource
     * Usually made using a create form.
     *
     * @param KmsUser|null $user
     * @return bool
     */
    public function store(KmsUser $user): bool
    {
        $result = $user->isAtLeast(KmsUserRole::Editor);
        $this->debug('store', $result);
        return $result;
    }

    /**
     * Determine if it is allowed to update an existing resource after editing it
     *
     * @param KmsUser|null $user
     * @return bool
     */
    public function update(KmsUser $user): bool
    {
        $result = $user->isAtLeast(KmsUserRole::Editor);
        $this->debug('update', $result);
        return $result;
    }

    /**
     * Determine if it is allowed to destroy an existing resource
     *
     * @param KmsUser|null $user
     * @return bool
     */
    public function destroy(KmsUser $user, $modelToDestroy): bool
    {
        $result = $user->isAtLeast(KmsUserRole::Admin);
        $this->debug('destroy', $result);
        return $result;
    }

    /**
     * Validate that the child class uses this parent class properly
     */
    private function validateThatCorrectlyConstructed()
    {
        if(!$this->forModelName) throw new \RuntimeException('Please set the forModelName variable in class "'.get_class($this).'" to an appropiate child class of "'.Model::class.'"');
    }

    /**
     * Logs debug information for a certain ability and if it is authorized
     *
     * @param string $ability
     * @param bool $authorizationResult
     */
    protected function debug(string $ability, bool $authorizationResult, $before = false)
    {
        if(debug_backtrace()[1]['function'] == "before") {
            //Show debug info about what the "before" method of this class is returning
            if(self::$DEBUG === true || self::$DEBUG == get_class($this)) {
                \Log::debug('Authorizing "'.$ability.'" using '.KommaHelpers::getShortNameFromClass(get_class($this)).' "before" method. '.
                    'Authorisation result: '.(($authorizationResult) ? 'Authorized.' : 'Unauthorized. ').
                    (($authorizationResult == false) ? 'Falling back to the result of the "'.$ability.'" method': ''));
            }
        } else {
            //Show debug info for all policies if self::$DEBUG == true. Or a specific policy if self::$DEBUG is a FQCN of a policy
            if(self::$DEBUG === true || self::$DEBUG == get_class($this)) {
                \Log::debug('Authorizing "' . $ability . '" using ' . KommaHelpers::getShortNameFromClass(get_class($this)) . '. Authorisation result: ' . (($authorizationResult) ? 'Authorized' : 'Unauthorized'));
            }
        }
    }
}
@ Telegram