File: D:/HostingSpaces/SBogers10/hem-mechatronics.komma.pro/app/Komma/Base/Policy.php
<?php
namespace App\Komma\Base;
use App\Helpers\KommaHelpers;
use App\Komma\Users\Models\KmsUserRole;
use App\Komma\Users\Models\KmsUser;
use Illuminate\Auth\Access\HandlesAuthorization;
use Illuminate\Database\Eloquent\Model;
abstract class Policy
{
protected $forModelName = null;
static $DEBUG = false; //Set to true to show debug info in the log. Or a specific policy class to show only debug info for that class.
use HandlesAuthorization;
/** @var array An array of abilities (method names) that MUST used. Event for SuperAdmins */
protected $ignoreAdminStatusForMethods = [];
/**
* The before method will be executed before any other methods on the policy,
* giving you an opportunity to authorize the action before the
* intended policy method is actually called
*
* @param $user
* @param $ability
* @return bool
*/
public function before(KmsUser $user, $ability)
{
$this->validateThatCorrectlyConstructed();
$result = $user->isAtLeast(KmsUserRole::Admin);
$this->debug($ability, $result);
if($result) return true;
return null; //Fallback to the intended ability
}
/*
|--------------------------------------------------------------------------
| General C.R.U.D. actions authorization
|--------------------------------------------------------------------------
|
| Here you handle basic authorization create, read, update, delete actions
*/
/**
* Determine if it is allowed to view all resources
*
* @param KmsUser|null $user
* @return bool
*/
public function index(KmsUser $user): bool
{
$result = $user->isAtLeast(KmsUserRole::Editor);
$this->debug('index', $result);
return $result;
}
/**
* Determine if it is allowed to view a specific resource
*
* @param KmsUser|null $user
* @return bool
*/
public function show(KmsUser $user, $modelToShow): bool
{
$result = $user->isAtLeast(KmsUserRole::Editor);
$this->debug('show', $result);
return $result;
}
/**
* Determine if it is allowed show a form to edit a resource.
* This usually means that the user did view the model to be edited and got past
* the show authorisation. Then he edited a form to change the model and pressed
* save. After he pressed save he will trigger this edit authorisation
*
* @param KmsUser|null $user
* @return bool
*/
public function edit(KmsUser $user, $modelToEdit): bool
{
$result = $user->isAtLeast(KmsUserRole::Editor);
$this->debug('edit', $result);
return $result;
}
/**
* Determine if it is allowed to show a form for creating a new resource
*
* @param KmsUser|null $user
* @return bool
*/
public function create(KmsUser $user): bool
{
$result = $user->isAtLeast(KmsUserRole::Admin);
$this->debug('create', $result);
return $result;
}
/**
* Determine if it is allowed to store a new resource
* Usually made using a create form.
*
* @param KmsUser|null $user
* @return bool
*/
public function store(KmsUser $user): bool
{
$result = $user->isAtLeast(KmsUserRole::Editor);
$this->debug('store', $result);
return $result;
}
/**
* Determine if it is allowed to update an existing resource after editing it
*
* @param KmsUser|null $user
* @return bool
*/
public function update(KmsUser $user): bool
{
$result = $user->isAtLeast(KmsUserRole::Editor);
$this->debug('update', $result);
return $result;
}
/**
* Determine if it is allowed to destroy an existing resource
*
* @param KmsUser|null $user
* @return bool
*/
public function destroy(KmsUser $user, $modelToDestroy): bool
{
$result = $user->isAtLeast(KmsUserRole::Admin);
$this->debug('destroy', $result);
return $result;
}
/**
* Validate that the child class uses this parent class properly
*/
private function validateThatCorrectlyConstructed()
{
if(!$this->forModelName) throw new \RuntimeException('Please set the forModelName variable in class "'.get_class($this).'" to an appropiate child class of "'.Model::class.'"');
}
/**
* Logs debug information for a certain ability and if it is authorized
*
* @param string $ability
* @param bool $authorizationResult
*/
protected function debug(string $ability, bool $authorizationResult, $before = false)
{
if(debug_backtrace()[1]['function'] == "before") {
//Show debug info about what the "before" method of this class is returning
if(self::$DEBUG === true || self::$DEBUG == get_class($this)) {
\Log::debug('Authorizing "'.$ability.'" using '.KommaHelpers::getShortNameFromClass(get_class($this)).' "before" method. '.
'Authorisation result: '.(($authorizationResult) ? 'Authorized.' : 'Unauthorized. ').
(($authorizationResult == false) ? 'Falling back to the result of the "'.$ability.'" method': ''));
}
} else {
//Show debug info for all policies if self::$DEBUG == true. Or a specific policy if self::$DEBUG is a FQCN of a policy
if(self::$DEBUG === true || self::$DEBUG == get_class($this)) {
\Log::debug('Authorizing "' . $ability . '" using ' . KommaHelpers::getShortNameFromClass(get_class($this)) . '. Authorisation result: ' . (($authorizationResult) ? 'Authorized' : 'Unauthorized'));
}
}
}
}