added permissions to settings
This commit is contained in:
parent
83f7073b18
commit
c31524977a
8 changed files with 121 additions and 83 deletions
|
|
@ -24,4 +24,9 @@ class MovieList extends Model
|
|||
{
|
||||
return $this->belongsTo(User::class, 'user_id');
|
||||
}
|
||||
|
||||
public function sharedUsers(): BelongsToMany
|
||||
{
|
||||
return $this->belongsToMany(User::class)->withPivot('permission')->withTimestamps();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,10 +0,0 @@
|
|||
<?php
|
||||
|
||||
namespace App\Models;
|
||||
|
||||
use Illuminate\Database\Eloquent\Model;
|
||||
|
||||
class Permission extends Model
|
||||
{
|
||||
//
|
||||
}
|
||||
|
|
@ -2,16 +2,13 @@
|
|||
|
||||
namespace App\Models;
|
||||
|
||||
// use Illuminate\Contracts\Auth\MustVerifyEmail;
|
||||
use Database\Factories\UserFactory;
|
||||
use Illuminate\Database\Eloquent\Factories\HasFactory;
|
||||
use Illuminate\Database\Eloquent\Relations\BelongsToMany;
|
||||
use Illuminate\Database\Eloquent\Relations\HasMany;
|
||||
use Illuminate\Database\Eloquent\Relations\HasOne;
|
||||
use Illuminate\Foundation\Auth\User as Authenticatable;
|
||||
use Illuminate\Notifications\Notifiable;
|
||||
use Illuminate\Support\Facades\Context;
|
||||
use Illuminate\Support\Str;
|
||||
use Laravel\Fortify\TwoFactorAuthenticatable;
|
||||
|
||||
class User extends Authenticatable
|
||||
|
|
@ -60,6 +57,12 @@ class User extends Authenticatable
|
|||
|
||||
return $this->roles->contains('name', strtolower($role));
|
||||
}
|
||||
|
||||
public function sharedLists(): BelongsToMany
|
||||
{
|
||||
return $this->belongsToMany(MovieList::class)->withPivot("permission")->withTimestamps();
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the user's initials
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -15,11 +15,54 @@ class MovieListPolicy
|
|||
//
|
||||
}
|
||||
|
||||
public function update(User $user, MovieList $movieList)
|
||||
/**
|
||||
* Determine if the user can view the movie list.
|
||||
*
|
||||
* Grants access to the list owner and any user who has been
|
||||
* granted view, edit, or admin permission.
|
||||
*/
|
||||
public function view(User $user, MovieList $movieList): bool
|
||||
{
|
||||
// If the user is the owner of the movie list or has been added as an editor for
|
||||
// the movie list, allow them to update it.
|
||||
if ($movieList->user_id === $user->id || $movieList->is_public === true) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return $movieList->owner()->id = $user->id; //|| $movieList->editors->contains($user->id);
|
||||
return $movieList->sharedUsers()->where("user_id", $user->id)->exists();
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine if the user can update the movie list.
|
||||
*
|
||||
* Grants access to the list owner and any user who has been
|
||||
* granted edit or admin permission.
|
||||
*/
|
||||
public function update(User $user, MovieList $movieList): bool
|
||||
{
|
||||
if ($movieList->user_id === $user->id) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return $movieList->sharedUsers()
|
||||
->where("user_id", $user->id)
|
||||
->whereIn("permission", ["edit", "admin"])
|
||||
->exists();
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine if the user can delete the movie list.
|
||||
*
|
||||
* Grants access to the list owner and any user who has been
|
||||
* granted admin permission.
|
||||
*/
|
||||
public function delete(User $user, MovieList $movieList): bool
|
||||
{
|
||||
if ($movieList->user_id === $user->id) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return $movieList->sharedUsers()
|
||||
->where("user_id", $user->id)
|
||||
->where("permission", "admin")
|
||||
->exists();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue