added permissions to settings

app/Policies/MovieListPolicy.php

@@ -15,11 +15,54 @@ class MovieListPolicy
         //
     }
 
-    public function update(User $user, MovieList $movieList)
+    /**
+     * Determine if the user can view the movie list.
+     *
+     * Grants access to the list owner and any user who has been
+     * granted view, edit, or admin permission.
+     */
+    public function view(User $user, MovieList $movieList): bool
     {
-        // If the user is the owner of the movie list or has been added as an editor for
-        // the movie list, allow them to update it.
+        if ($movieList->user_id === $user->id || $movieList->is_public === true) {
+            return true;
+        }
 
-        return $movieList->owner()->id = $user->id; //|| $movieList->editors->contains($user->id);
+        return $movieList->sharedUsers()->where("user_id", $user->id)->exists();
+    }
+
+    /**
+     * Determine if the user can update the movie list.
+     *
+     * Grants access to the list owner and any user who has been
+     * granted edit or admin permission.
+     */
+    public function update(User $user, MovieList $movieList): bool
+    {
+        if ($movieList->user_id === $user->id) {
+            return true;
+        }
+
+        return $movieList->sharedUsers()
+            ->where("user_id", $user->id)
+            ->whereIn("permission", ["edit", "admin"])
+            ->exists();
+    }
+
+    /**
+     * Determine if the user can delete the movie list.
+     *
+     * Grants access to the list owner and any user who has been
+     * granted admin permission.
+     */
+    public function delete(User $user, MovieList $movieList): bool
+    {
+        if ($movieList->user_id === $user->id) {
+            return true;
+        }
+
+        return $movieList->sharedUsers()
+            ->where("user_id", $user->id)
+            ->where("permission", "admin")
+            ->exists();
     }
 }