More updates for laravel 11

2024-11-04 18:25:49 +11:00
parent 0bd2f6e82c
commit dc2e84386f
50 changed files with 870 additions and 1320 deletions
--- a/app/Models/Policies/EchomailPolicy.php
+++ b/app/Models/Policies/EchomailPolicy.php
@@ -0,0 +1,28 @@
+<?php
+
+namespace App\Models\Policies;
+
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+use App\Models\{Echomail,User};
+
+class EchomailPolicy
+{
+	use HandlesAuthorization;
+
+	/**
+	 * This determines whether a logged-in user can view an echomail
+	 *
+	 * @param User $user
+	 * @param Echomail $o
+	 * @return bool
+	 */
+	public function view(User $user, Echomail $o): bool
+	{
+		return (
+			$user->isAdmin()
+			|| $user->isZC()
+			|| $o->seenby->pluck('id')->intersect($user->addresses()->pluck('id'))->count()
+		);
+	}
+}
--- a/app/Models/Policies/NetmailPolicy.php
+++ b/app/Models/Policies/NetmailPolicy.php
@@ -0,0 +1,32 @@
+<?php
+
+namespace App\Models\Policies;
+
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+use App\Models\{Netmail,User};
+
+class NetmailPolicy
+{
+	use HandlesAuthorization;
+
+	/**
+	 * This determines whether a logged-in user can view a netmail
+	 *
+	 * @param User $user
+	 * @param Netmail $o
+	 * @return bool
+	 */
+	public function view(User $user, Netmail $o): bool
+	{
+		$addresses = $user->addresses()->pluck('id');
+
+		// Site Admins can always view
+		return (
+			$user->isAdmin()
+			|| $user->isZC()
+			|| ($addresses->contains($o->fftn_id))
+			|| ($addresses->contains($o->tftn_id))
+		);
+	}
+}
--- a/app/Models/Policies/SystemPolicy.php
+++ b/app/Models/Policies/SystemPolicy.php
@@ -0,0 +1,81 @@
+<?php
+
+namespace App\Models\Policies;
+
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+use App\Models\{System,User};
+
+/**
+ * This handles updating system records
+ *
+ * Authorisation is defined by function_role_only, where
+ * - function = create,delete,update
+ * - role = admin,zc,rc,nc,hc,nn,pt
+ * - only = only that role can do (no hierarchy permission)
+ *   ie:
+ *   - admin - only site admin can do (user = admin)
+ *   - zc - only ZC can perform (user has an address that is a ZC)
+ *   - rc - only RC (or ZC) ...
+ *   - hc - only HC (or ZC/RC) ...
+ *   - nn - only NN (or ZC/RC/HC) ...
+ *   - pt - only PT (or ZC/RC/HC/NN) ...
+ */
+class SystemPolicy
+{
+	use HandlesAuthorization;
+
+	/**
+	 * Determine whether the user can create the model.
+	 *
+	 * A user can create a system if it doesnt exist.
+	 *
+	 * @param User $user
+	 * @param System $system
+	 * @return bool
+	 */
+	public function create(User $user, System $system): bool
+	{
+		// Site Admins can always create
+		// If it doesnt exist, then a user can create it.
+		return ($user->isAdmin() || (! $system->exists));
+	}
+
+	/**
+	 * Can the user register this system
+	 *
+	 * @param User $user
+	 * @param System $system
+	 * @return bool
+	 */
+	public function register(User $user,System $system): bool
+	{
+		return ! $system->users->count() || $system->users->has($user);
+	}
+
+	/**
+	 * Determine whether the user can update the model.
+	 *
+	 * A user can update a system if they are the user of it and it has no addresses.
+	 * If it has addresses, at least one of the addresses must have been validated.
+	 * (The assumption is, if a system has multiple addresses, they would be valid, or an admin can remove them.)
+	 *
+	 * @param User $user
+	 * @param System $system
+	 * @return bool
+	 */
+	public function update_nn(User $user,System $system): bool
+	{
+		// Site Admins can always edit
+		if ($user->isAdmin())
+			return TRUE;
+
+		// If it doesnt exist, then its a false.
+		if (! $system->exists)
+			return FALSE;
+
+		// @todo Permit ZC, RC, NC, HUB user
+
+		return $system->users->contains($user) && $system->akas->count();
+	}
+}
--- a/app/Models/Policies/UserPolicy.php
+++ b/app/Models/Policies/UserPolicy.php
@@ -0,0 +1,87 @@
+<?php
+
+namespace App\Models\Policies;
+
+use App\Models\User;
+
+class UserPolicy
+{
+	/**
+	 * Does this user have admin privileges
+	 *
+	 * @param User $user
+	 * @return bool
+	 */
+	public function admin(User $user): bool
+	{
+		return $user->isAdmin();
+	}
+
+	/**
+	 * Does this user own the model?
+	 *
+	 * @param User $user
+	 * @param User $model
+	 * @return bool
+	 */
+	public function ownes(User $user,User $model): bool
+	{
+		return $user->id === $model->id;
+	}
+
+	/**
+	 * Determine whether the user can view any models.
+	 */
+	public function viewAny(User $user): bool
+	{
+		return FALSE;
+	}
+
+	/**
+	 * Determine whether the user can view the model.
+	 */
+	public function view(User $user, User $model): bool
+	{
+		return FALSE;
+	}
+
+	/**
+	 * Determine whether the user can create models.
+	 */
+	public function create(User $user): bool
+	{
+		return FALSE;
+	}
+
+	/**
+	 * Determine whether the user can update the model, or if the user is an admin, and thus they can update all users.
+	 */
+	public function update(User $user, User $model): bool
+	{
+	return $user->isAdmin() || ($model->id === $user->id);
+	}
+
+	/**
+	 * Determine whether the user can delete the model.
+	 */
+	public function delete(User $user, User $model): bool
+	{
+	return FALSE;
+	}
+
+	/**
+	 * Determine whether the user can restore the model.
+	 */
+	public function restore(User $user, User $model): bool
+	{
+		return FALSE;
+	}
+
+	/**
+	 * Determine whether the user can permanently delete the model.
+	 */
+	public function forceDelete(User $user, User $model): bool
+	{
+		return FALSE;
+	}
+}