richard/cyca
1
Fork 0
Code Issues Activity

Refresh

Browse Source
This commit is contained in:
Richard Dern
2022-01-12 00:35:37 +01:00
commit 400e3d01f1
1363 changed files with 57778 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
app/Models/Policies/DocumentPolicy.php Executable file
View File

@@ -0,0 +1,78 @@
<?php
namespace App\Models\Policies;
use App\Models\Document;
use App\Models\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class DocumentPolicy
{
use HandlesAuthorization;
/**
* Determine whether the user can view any models.
*
* @return mixed
*/
public function viewAny(User $user)
{
}
/**
* Determine whether the user can view the model.
*
* @return mixed
*/
public function view(User $user, Document $document)
{
return true;
}
/**
* Determine whether the user can create models.
*
* @return mixed
*/
public function create(User $user)
{
// Authorization will be checked in target folder
return true;
}
/**
* Determine whether the user can update the model.
*
* @return mixed
*/
public function update(User $user, Document $document)
{
}
/**
* Determine whether the user can delete the model.
*
* @return mixed
*/
public function delete(User $user, Document $document)
{
}
/**
* Determine whether the user can restore the model.
*
* @return mixed
*/
public function restore(User $user, Document $document)
{
}
/**
* Determine whether the user can permanently delete the model.
*
* @return mixed
*/
public function forceDelete(User $user, Document $document)
{
}
}

211
app/Models/Policies/FolderPolicy.php Executable file
View File

@@ -0,0 +1,211 @@
<?php
namespace App\Models\Policies;
use App\Models\Folder;
use App\Models\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class FolderPolicy
{
use HandlesAuthorization;
/**
* Determine whether the user can view any models.
*
* @return mixed
*/
public function viewAny(User $user)
{
return false;
}
/**
* Determine whether the user can view the model.
*
* @return mixed
*/
public function view(User $user, Folder $folder)
{
return $this->checkFolderAuthorization($user, $folder);
}
/**
* Determine whether the user can create models.
*
* @return mixed
*/
public function create(User $user)
{
// We will perform real validation in the createIn method below through
// the Folder/StoreRequest FormRequest as we need the folder we're
// trying to create a sub-folder to
return true;
}
/**
* Determine whether the user can create models.
*
* @return mixed
*/
public function createIn(User $user, Folder $folder)
{
if ($folder->type === 'unread_items') {
return false;
}
return $this->checkFolderAuthorization($user, $folder, 'can_create_folder');
}
/**
* Determine whether the user can create a bookmark in specified folder.
*
* @return mixed
*/
public function createBookmarkIn(User $user, Folder $folder)
{
if ($folder->type === 'unread_items') {
return false;
}
return $this->checkFolderAuthorization($user, $folder, 'can_create_document');
}
/**
* Determine whether the user can remove a bookmark from specified folder.
*
* @return mixed
*/
public function deleteBookmarkFrom(User $user, Folder $folder)
{
if ($folder->type === 'unread_items') {
return false;
}
return $this->checkFolderAuthorization($user, $folder, 'can_delete_document');
}
/**
* Determine whether the user can update the model.
*
* @return mixed
*/
public function update(User $user, Folder $folder)
{
return $this->checkFolderAuthorization($user, $folder, 'can_update_folder');
}
/**
* Determine whether the user can delete the model.
*
* @return mixed
*/
public function delete(User $user, Folder $folder)
{
if ($folder->type !== 'folder') {
return false;
}
return $this->checkFolderAuthorization($user, $folder, 'can_delete_folder');
}
/**
* Determine whether the user can restore the model.
*
* @return mixed
*/
public function restore(User $user, Folder $folder)
{
return false;
}
/**
* Determine whether the user can permanently delete the model.
*
* @return mixed
*/
public function forceDelete(User $user, Folder $folder)
{
return false;
}
/**
* Determine whether the user can update model's permissions.
*
* @return mixed
*/
public function setPermission(User $user, Folder $folder)
{
return $folder->group->user_id === $user->id;
}
/**
* Check if specified user is the creator of specified folder.
*
* @return bool
*/
private function hasCreatedFolder(User $user, Folder $folder)
{
return (int) $folder->user_id === (int) $user->id;
}
/**
* Return a boolean value indicating if specified user has created the group
* specified folder belongs to.
*/
private function userCreatedFolderGroup(User $user, Folder $folder)
{
$group = $this->folderBelongsToActiveUserGroup($user, $folder);
if (!empty($group)) {
return $group->user_id === $user->id;
}
return false;
}
/**
* Perform common authorization tests for specified user and folder.
*
* @return array
*/
private function checkFolderAuthorization(User $user, Folder $folder, string $ability = null)
{
if ($this->hasCreatedFolder($user, $folder)) {
return true;
}
if ($this->userCreatedFolderGroup($user, $folder)) {
return true;
}
$permissions = $folder->permissions()->where('user_id', $user->id)->first();
if (!$permissions) {
$defaultPermissions = $folder->permissions()->whereNull('user_id')->first();
if (empty($defaultPermissions)) {
$defaultPermissions = $folder->setDefaultPermission();
}
$permissions = $defaultPermissions;
}
if ($ability) {
return $permissions->{$ability};
}
return false;
}
/**
* Determine if specified folder belongs to a group in which specified user
* is active.
*
* @return \App\Models\Group
*/
private function folderBelongsToActiveUserGroup(User $user, Folder $folder)
{
return $user->groups()->active()->find($folder->group_id);
}
}

135
app/Models/Policies/GroupPolicy.php Executable file
View File

@@ -0,0 +1,135 @@
<?php
namespace App\Models\Policies;
use App\Models\Group;
use App\Models\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class GroupPolicy
{
use HandlesAuthorization;
/**
* Determine whether the user can view any models.
*
* @return mixed
*/
public function viewAny(User $user)
{
return true;
}
/**
* Determine whether the user can view the model.
*
* @return mixed
*/
public function view(User $user, Group $group)
{
return $this->checkGroupAuthorization($user, $group, [
Group::$STATUS_ACCEPTED,
]);
}
/**
* Determine whether the user can create models.
*
* @return mixed
*/
public function create(User $user)
{
return true;
}
/**
* Determine whether the user can update the model.
*
* @return mixed
*/
public function update(User $user, Group $group)
{
return $group->user_id === $user->id;
}
/**
* Determine whether the user can invite someone into specified group.
*
* @return mixed
*/
public function invite(User $user, Group $group)
{
return $this->checkGroupAuthorization($user, $group, [
Group::$STATUS_OWN,
Group::$STATUS_CREATED,
]);
}
/**
* Determine whether the user can approve someone to join specified group.
*
* @return mixed
*/
public function approve(User $user, Group $group)
{
return $this->checkGroupAuthorization($user, $group, [
Group::$STATUS_OWN,
Group::$STATUS_CREATED,
]);
}
/**
* Determine whether the user can delete the model.
*
* @return mixed
*/
public function delete(User $user, Group $group)
{
return $group->user_id === $user->id;
}
/**
* Determine whether the user can restore the model.
*
* @return mixed
*/
public function restore(User $user, Group $group)
{
}
/**
* Determine whether the user can permanently delete the model.
*
* @return mixed
*/
public function forceDelete(User $user, Group $group)
{
}
/**
* Perform common authorization tests for specified user and group.
*
* @param mixed $statuses
*
* @return bool
*/
private function checkGroupAuthorization(User $user, Group $group, $statuses = [])
{
// Specified user is group's creator
if ($group->user_id === $user->id) {
return true;
}
$userGroup = $user->groups()->active()->find($group->id);
if (!$userGroup) {
return false;
}
if (!empty($statuses) && $userGroup->pivot && in_array($userGroup->pivot->status, $statuses)) {
return true;
}
return false;
}
}