File: D:/HostingSpaces/SBogers10/kommabasic.nl/vendor/komma/kms/src/Base/Policy.php
<?php
namespace Komma\KMS\Base;
use Komma\KMS\Helpers\KommaHelpers;
use Komma\KMS\Users\Models\KmsUserRole;
use Komma\KMS\Users\Models\KmsUser;
use Illuminate\Auth\Access\HandlesAuthorization;
use Illuminate\Database\Eloquent\Model;
class Policy
{
static $DEBUG = null;
use HandlesAuthorization;
/**
* The before method will be executed before any other methods on the policy,
* giving you an opportunity to authorize the action before the
* intended policy method is actually called
*
* @param $user
* @param $ability
* @return bool
*/
public function before(KmsUser $user, $ability)
{
$result = $user->isAtLeast(KmsUserRole::SuperAdmin);
$this->debug($ability, $result);
if($result) return true;
return null; //Fallback to the intended ability
}
/*
|--------------------------------------------------------------------------
| General C.R.U.D. actions authorization
|--------------------------------------------------------------------------
|
| Here you handle basic authorization create, read, update, delete actions
*/
/**
* Determine if it is allowed to view all resources
*
* @param KmsUser|null $user
* @return bool
*/
public function index(KmsUser $user): bool
{
$result = $user->isAtLeast(KmsUserRole::Admin);
$this->debug('index', $result);
return $result;
}
/**
* Determine if it is allowed to view a specific resource
*
* @param KmsUser|null $user
* @return bool
*/
public function show(KmsUser $user, $modelToShow): bool
{
$result = $user->isAtLeast(KmsUserRole::Admin);
$this->debug('show', $result);
return $result;
}
/**
* Determine if it is allowed show a form to edit a resource.
* This usually means that the user did view the model to be edited and got past
* the show authorisation. Then he edited a form to change the model and pressed
* save. After he pressed save he will trigger this edit authorisation
*
* @param KmsUser|null $user
* @return bool
*/
public function edit(KmsUser $user, $modelToEdit): bool
{
$result = $user->isAtLeast(KmsUserRole::Admin);
$this->debug('edit', $result);
return $result;
}
/**
* Determine if it is allowed to show a form for creating a new resource
*
* @param KmsUser|null $user
* @return bool
*/
public function create(KmsUser $user): bool
{
$result = $user->isAtLeast(KmsUserRole::Admin);
$this->debug('create', $result);
return $result;
}
/**
* Determine if it is allowed to store a new resource
* Usually made using a create form.
*
* @param KmsUser|null $user
* @return bool
*/
public function store(KmsUser $user): bool
{
$result = $user->isAtLeast(KmsUserRole::Admin);
$this->debug('store', $result);
return $result;
}
/**
* Determine if it is allowed to update an existing resource after editing it
*
* @param KmsUser|null $user
* @return bool
*/
public function update(KmsUser $user): bool
{
$result = $user->isAtLeast(KmsUserRole::Admin);
$this->debug('update', $result);
return $result;
}
/**
* Determine if it is allowed to destroy an existing resource
*
* @param KmsUser|null $user
* @return bool
*/
public function destroy(KmsUser $user, $modelToDestroy): bool
{
$result = $user->isAtLeast(KmsUserRole::Admin);
$this->debug('destroy', $result);
return $result;
}
/**
* Logs debug information for a certain ability and if it is authorized
*
* @param string $ability
* @param bool $authorizationResult
*/
protected function debug(string $ability, bool $authorizationResult, $before = false)
{
if(debug_backtrace()[1]['function'] == "before") {
//Show debug info about what the "before" method of this class is returning
if(self::$DEBUG === true || self::$DEBUG == get_class($this)) {
\Log::debug('Authorizing "'.$ability.'" using '.KommaHelpers::getShortNameFromClass(get_class($this)).' "before" method. '.
'Authorisation result: '.(($authorizationResult) ? 'Authorized.' : 'Unauthorized. ').
(($authorizationResult == false) ? 'Falling back to the result of the "'.$ability.'" method': ''));
}
} else {
//Show debug info for all policies if self::$DEBUG == true. Or a specific policy if self::$DEBUG is a FQCN of a policy
if(self::$DEBUG === true || self::$DEBUG == get_class($this)) {
\Log::debug('Authorizing "' . $ability . '" using ' . KommaHelpers::getShortNameFromClass(get_class($this)) . '. Authorisation result: ' . (($authorizationResult) ? 'Authorized' : 'Unauthorized'));
}
}
}
}