Update on security, user to edit their own system
This commit is contained in:
@@ -6,6 +6,21 @@ use Illuminate\Auth\Access\HandlesAuthorization;
|
||||
|
||||
use App\Models\{System,User};
|
||||
|
||||
/**
|
||||
* This handles updating system records
|
||||
*
|
||||
* Authorisation is defined by function_role_only, where
|
||||
* - function = create,delete,update
|
||||
* - role = admin,zc,rc,nc,hc,nn,pt
|
||||
* - only = only that role can do (no hierarchy permission)
|
||||
* ie:
|
||||
* - admin - only site admin can do (user = admin)
|
||||
* - zc - only ZC can perform (user has an address that is a ZC)
|
||||
* - rc - only RC (or ZC) ...
|
||||
* - hc - only HC (or ZC/RC) ...
|
||||
* - nn - only NN (or ZC/RC/HC) ...
|
||||
* - pt - only PT (or ZC/RC/HC/NN) ...
|
||||
*/
|
||||
class SystemPolicy
|
||||
{
|
||||
use HandlesAuthorization;
|
||||
@@ -49,7 +64,7 @@ class SystemPolicy
|
||||
* @param System $system
|
||||
* @return bool
|
||||
*/
|
||||
public function update(User $user, System $system): bool
|
||||
public function update_nn(User $user,System $system): bool
|
||||
{
|
||||
// Site Admins can always edit
|
||||
if ($user->isAdmin())
|
||||
@@ -59,7 +74,8 @@ class SystemPolicy
|
||||
if (! $system->exists)
|
||||
return FALSE;
|
||||
|
||||
return $system->users->contains($user)
|
||||
&& (($system->addresses->count() === 0) || ($system->addresses->where('validated',TRUE)->count()));
|
||||
// @todo Permit ZC, RC, NC, HUB user
|
||||
|
||||
return $system->users->contains($user) && $system->akas->count();
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user