use Backpack\CRUD\app\Exceptions\AccessDeniedException;
use Backpack\CRUD\app\Library\CrudPanel\CrudPanel;
use Cubist\Backpack\app\Magic\Models\CubistMagicAbstractModel;
-use Illuminate\Support\Facades\Gate;
/**
* @property CubistMagicAbstractModel $model
return false;
}
+ // Then, apply model rules
+ if ($this->model instanceof CubistMagicAbstractModel) {
+ $funcMap = ['list' => 'canList',
+ 'create' => 'canCreate',
+ 'update' => 'canUpdate',
+ 'delete' => 'canDelete',
+ 'revisions' => 'canUpdate',
+ 'revise' => 'canUpdate',
+ 'bulkClone' => 'canCreate',
+ 'clone' => 'canCreate',
+ 'bulkDelete' => 'canDelete',
+ ];
+
+ if (isset($funcMap[$operation])) {
+ $func = $funcMap[$operation];
+ } else {
+ $func = 'can' . ucfirst($operation);
+ }
+ $model = $this->entry ?? $this->model;
+ if (is_callable([$model, $func])) {
+ $res = $model->$func(backpack_user());
+ } else {
+ $res = true;
+ }
+
+ return true;
+ return $res;
+ }
return true;
}
throw new AccessDeniedException(trans('backpack::crud.unauthorized_access', ['access' => $operation]));
}
+
return true;
}
use Cubist\Backpack\app\Magic\EntityData;
use Cubist\Backpack\app\Magic\Fields\Field;
use Cubist\Backpack\app\Magic\PageData;
-use Cubist\Backpack\app\Magic\Policies\CubistMagicPermissivePolicy;
use Cubist\Backpack\app\Magic\QueryBuilder;
use Cubist\Backpack\app\Magic\Requests\CubistMagicUpdateRequest;
use Cubist\Backpack\app\Magic\Util;
use Cubist\Util\Json;
use Doctrine\DBAL\Schema\Schema;
use Doctrine\DBAL\Schema\Table;
-use GeneaLabs\LaravelModelCaching\Traits\Cachable;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Support\Carbon;
protected $_enableCreation = true;
protected $_enableRevisions = true;
protected $_enableBulk = true;
+ protected $_ownerAttribute = 'owner';
protected $_syncDbSchema = true;
Cache::tags($tags)->flush();
}
- public function isOwner(CubistMagicAuthenticatable $user)
+ /**
+ * @param $user CubistMagicAuthenticatable
+ * @return bool
+ */
+ public function isOwner($user)
+ {
+ return null !== $user && ($this->canAdmin($user) || $this->getAttribute($this->_ownerAttribute) === $user->id);
+ }
+
+ /**
+ * @param $user CubistMagicAuthenticatable
+ * @return bool
+ */
+ public function canList($user)
+ {
+ return null !== $user && ($this->canAdmin($user) || $this->_can('read', $user));
+ }
+
+ /**
+ * @param $user CubistMagicAuthenticatable
+ * @return bool
+ */
+ public function canCreate($user)
+ {
+ return null !== $user && ($this->canAdmin($user) || $this->_can('write', $user));
+ }
+
+ /**
+ * @param $user CubistMagicAuthenticatable
+ * @return bool
+ */
+ public function canAdmin($user)
{
- return true;
+ return null !== $user && $this->_can('admin', $user);
}
- public function canView(CubistMagicAuthenticatable $user)
+ /**
+ * @param $operation string
+ * @param $user CubistMagicAuthenticatable
+ * @return bool
+ */
+ protected function _can($operation, $user)
+ {
+ if (null === $user) {
+ return false;
+ }
+ $permission = $this->getOption('name') . ':' . $operation;
+ return $user->can($permission);
+ }
+
+ /**
+ * @param $user CubistMagicAuthenticatable
+ * @return bool
+ */
+ public function canView($user)
{
return $this->isOwner($user);
}
- public function canUpdate(CubistMagicAuthenticatable $user)
+ /**
+ * @param $user CubistMagicAuthenticatable
+ * @return bool
+ */
+ public function canUpdate($user)
{
return $this->isOwner($user);
}
- public function canDelete(CubistMagicAuthenticatable $user)
+ /**
+ * @param $user CubistMagicAuthenticatable
+ * @return bool
+ */
+ public function canDelete($user)
{
return $this->isOwner($user);
}
- public function canForceDelete(CubistMagicAuthenticatable $user)
+ /**
+ * @param $user CubistMagicAuthenticatable
+ * @return bool
+ */
+ public function canForceDelete($user)
{
return $this->canDelete($user);
}
- public function canRestore(CubistMagicAuthenticatable $user)
+ /**
+ * @param $user CubistMagicAuthenticatable
+ * @return bool
+ */
+ public function canRestore($user)
{
return $this->canUpdate($user);
}
+++ /dev/null
-<?php
-
-
-namespace Cubist\Backpack\app\Magic\Policies;
-
-
-class CubistMagicPermissivePolicy extends CubistMagicPolicy
-{
- public $allowAll = true;
-}
+++ /dev/null
-<?php
-
-
-namespace Cubist\Backpack\app\Magic\Policies;
-
-use Cubist\Backpack\app\Magic\Models\CubistMagicAbstractModel;
-use Cubist\Backpack\app\Magic\Models\CubistMagicAuthenticatable;
-use Illuminate\Auth\Access\HandlesAuthorization;
-
-class CubistMagicPolicy
-{
- use HandlesAuthorization;
-
- public $permissionBase = '';
- public $allowAll = false;
-
- /**
- * Determine whether the user can view any quizzes.
- *
- * @param CubistMagicAuthenticatable $user
- * @return mixed
- */
- public function viewAny(CubistMagicAuthenticatable $user)
- {
- return $this->allowAll || $user->hasPermissionTo($this->permissionBase . ':admin');
- }
-
- public function viewList(CubistMagicAuthenticatable $user)
- {
- return $this->allowAll || $this->viewAny($user) || $user->hasPermissionTo($this->permissionBase . ':list');
- }
-
- /**
- * Determine whether the user can view the quiz.
- *
- * @param CubistMagicAuthenticatable $user
- * @param CubistMagicAbstractModel $model
- * @return mixed
- */
- public function view(CubistMagicAuthenticatable $user, CubistMagicAbstractModel $model)
- {
- if ($this->allowAll) {
- return true;
- }
- if ($this->viewAny($user)) {
- return true;
- }
- return $model->canView($user);
- }
-
- /**
- * Determine whether the user can create quizzes.
- *
- * @param CubistMagicAuthenticatable $user
- * @return mixed
- */
- public function create(CubistMagicAuthenticatable $user)
- {
- if ($this->allowAll) {
- return true;
- }
- if ($this->viewAny($user)) {
- return true;
- }
- $user->hasPermissionTo($this->permissionBase . ':create');
- }
-
- /**
- * Determine whether the user can update the quiz.
- *
- * @param CubistMagicAuthenticatable $user
- * @param CubistMagicAbstractModel $model
- * @return mixed
- */
- public function update(CubistMagicAuthenticatable $user, CubistMagicAbstractModel $model)
- {
- if ($this->allowAll) {
- return true;
- }
- return $model->canUpdate($user);
- }
-
- /**
- * Determine whether the user can delete the quiz.
- *
- * @param CubistMagicAuthenticatable $user
- * @param CubistMagicAbstractModel $model
- * @return mixed
- */
- public function delete(CubistMagicAuthenticatable $user, CubistMagicAbstractModel $model)
- {
- if ($this->allowAll) {
- return true;
- }
- return $model->canDelete($user);
- }
-
- /**
- * Determine whether the user can restore the quiz.
- *
- * @param CubistMagicAuthenticatable $user
- * @param CubistMagicAbstractModel $model
- * @return mixed
- */
- public function restore(CubistMagicAuthenticatable $user, CubistMagicAbstractModel $model)
- {
- if ($this->allowAll) {
- return true;
- }
- return $model->canRestore($user);
- }
-
- /**
- * Determine whether the user can permanently delete the quiz.
- *
- * @param CubistMagicAuthenticatable $user
- * @param CubistMagicAbstractModel $model
- * @return mixed
- */
- public function forceDelete(CubistMagicAuthenticatable $user, CubistMagicAbstractModel $model)
- {
- if ($this->allowAll) {
- return true;
- }
- return $model->canForceDelete($user);
- }
-}
+++ /dev/null
-<?php
-
-
-namespace Cubist\Backpack\app\Providers;
-
-use Cubist\Backpack\app\Magic\Models\CubistMagicAbstractModel;
-use Cubist\Backpack\app\Magic\Policies\CubistMagicPermissivePolicy;
-use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
-use Illuminate\Support\Facades\Gate;
-
-class AuthServiceProvider extends ServiceProvider
-{
- protected $_defaultPolicy = CubistMagicPermissivePolicy::class;
- /**
- * The policy mappings for the application.
- *
- * @var array
- */
- protected $policies = [];
-
- /**
- * Register any authentication / authorization services.
- *
- * @return void
- */
- public function boot()
- {
- $this->registerPolicies();
- Gate::guessPolicyNamesUsing(function ($modelClass) {
- $i = new $modelClass;
- if ($i instanceof CubistMagicAbstractModel) {
- $policy = $i->getPolicyClass();
- if (null !== $policy) {
- return $policy;
- }
- return $this->_defaultPolicy;
- }
- });
- }
-}
projects / cubist_cms-back.git / commitdiff