68 lines
1.6 KiB
PHP
68 lines
1.6 KiB
PHP
<?php
|
|
|
|
namespace App\Policies;
|
|
|
|
use App\Models\MovieList;
|
|
use App\Models\User;
|
|
|
|
class MovieListPolicy
|
|
{
|
|
/**
|
|
* Create a new policy instance.
|
|
*/
|
|
public function __construct()
|
|
{
|
|
//
|
|
}
|
|
|
|
/**
|
|
* Determine if the user can view the movie list.
|
|
*
|
|
* Grants access to the list owner and any user who has been
|
|
* granted view, edit, or admin permission.
|
|
*/
|
|
public function view(User $user, MovieList $movieList): bool
|
|
{
|
|
if ($movieList->user_id === $user->id || $movieList->is_public === true) {
|
|
return true;
|
|
}
|
|
|
|
return $movieList->sharedUsers()->where("user_id", $user->id)->exists();
|
|
}
|
|
|
|
/**
|
|
* Determine if the user can update the movie list.
|
|
*
|
|
* Grants access to the list owner and any user who has been
|
|
* granted edit or admin permission.
|
|
*/
|
|
public function update(User $user, MovieList $movieList): bool
|
|
{
|
|
if ($movieList->user_id === $user->id) {
|
|
return true;
|
|
}
|
|
|
|
return $movieList->sharedUsers()
|
|
->where("user_id", $user->id)
|
|
->whereIn("permission", ["edit", "admin"])
|
|
->exists();
|
|
}
|
|
|
|
/**
|
|
* Determine if the user can delete the movie list.
|
|
*
|
|
* Grants access to the list owner and any user who has been
|
|
* granted admin permission.
|
|
*/
|
|
public function delete(User $user, MovieList $movieList): bool
|
|
{
|
|
if ($movieList->user_id === $user->id) {
|
|
return true;
|
|
}
|
|
|
|
return $movieList->sharedUsers()
|
|
->where("user_id", $user->id)
|
|
->where("permission", "admin")
|
|
->exists();
|
|
}
|
|
}
|