movie-night-nuevo/app/Policies/MovieListPolicy.php

<?php

namespace App\Policies;

use App\Models\MovieList;
use App\Models\User;

class MovieListPolicy
{
    /**
     * Create a new policy instance.
     */
    public function __construct()
    {
        //
    }

    /**
     * Determine if the user can view the movie list.
     *
     * Grants access to the list owner and any user who has been
     * granted view, edit, or admin permission.
     */
    public function view(User $user, MovieList $movieList): bool
    {
        if ($movieList->user_id === $user->id || $movieList->is_public === true) {
            return true;
        }

        return $movieList->sharedUsers()->where("user_id", $user->id)->exists();
    }

    /**
     * Determine if the user can update the movie list.
     *
     * Grants access to the list owner and any user who has been
     * granted edit or admin permission.
     */
    public function update(User $user, MovieList $movieList): bool
    {
        if ($movieList->user_id === $user->id) {
            return true;
        }

        return $movieList->sharedUsers()
            ->where("user_id", $user->id)
            ->whereIn("permission", ["edit", "admin"])
            ->exists();
    }

    /**
     * Determine if the user can delete the movie list.
     *
     * Grants access to the list owner and any user who has been
     * granted admin permission.
     */
    public function delete(User $user, MovieList $movieList): bool
    {
        if ($movieList->user_id === $user->id) {
            return true;
        }

        return $movieList->sharedUsers()
            ->where("user_id", $user->id)
            ->where("permission", "admin")
            ->exists();
    }
}
updated permissions 2025-12-30 21:15:42 -06:00			`<?php`

			`namespace App\Policies;`

			`use App\Models\MovieList;`
			`use App\Models\User;`

			`class MovieListPolicy`
			`{`
			`/**`
			`* Create a new policy instance.`
			`*/`
			`public function __construct()`
			`{`
			`//`
			`}`

added permissions to settings 2025-12-30 23:57:45 -06:00			`/**`
			`* Determine if the user can view the movie list.`
			`*`
			`* Grants access to the list owner and any user who has been`
			`* granted view, edit, or admin permission.`
			`*/`
			`public function view(User $user, MovieList $movieList): bool`
			`{`
			`if ($movieList->user_id === $user->id \|\| $movieList->is_public === true) {`
			`return true;`
			`}`

			`return $movieList->sharedUsers()->where("user_id", $user->id)->exists();`
			`}`

			`/**`
			`* Determine if the user can update the movie list.`
			`*`
			`* Grants access to the list owner and any user who has been`
			`* granted edit or admin permission.`
			`*/`
			`public function update(User $user, MovieList $movieList): bool`
			`{`
			`if ($movieList->user_id === $user->id) {`
			`return true;`
			`}`

			`return $movieList->sharedUsers()`
			`->where("user_id", $user->id)`
			`->whereIn("permission", ["edit", "admin"])`
			`->exists();`
			`}`

			`/**`
			`* Determine if the user can delete the movie list.`
			`*`
			`* Grants access to the list owner and any user who has been`
			`* granted admin permission.`
			`*/`
			`public function delete(User $user, MovieList $movieList): bool`
updated permissions 2025-12-30 21:15:42 -06:00			`{`
added permissions to settings 2025-12-30 23:57:45 -06:00			`if ($movieList->user_id === $user->id) {`
			`return true;`
			`}`
updated permissions 2025-12-30 21:15:42 -06:00
added permissions to settings 2025-12-30 23:57:45 -06:00			`return $movieList->sharedUsers()`
			`->where("user_id", $user->id)`
			`->where("permission", "admin")`
			`->exists();`
updated permissions 2025-12-30 21:15:42 -06:00			`}`
			`}`