From: Vincent Vanwaelscappel <vincent@cubedesigners.com>
Date: Wed, 2 Dec 2020 17:05:35 +0000 (+0100)
Subject: wip #3753 @1
X-Git-Url: http://git.cubedesigners.com/?a=commitdiff_plain;h=3e42b5a8872166cb6bf813846d74c3230b59a288;p=cubist_cms-back.git

wip #3753 @1
---

diff --git a/src/app/CubistCrudPanel.php b/src/app/CubistCrudPanel.php
index c9c2b95..893be99 100644
--- a/src/app/CubistCrudPanel.php
+++ b/src/app/CubistCrudPanel.php
@@ -60,4 +60,69 @@ class CubistCrudPanel extends CrudPanel
         $this->_seenFieldTypes[$type] = true;
         return true;
     }
+
+    public function hasAccess($operation)
+    {
+        // First filter with standard backpack gate
+        if (!parent::hasAccess($operation)) {
+            return false;
+        }
+
+        // Then, apply model rules
+        if ($this->model instanceof CubistMagicAbstractModel) {
+            $funcMap = ['list' => 'canList',
+                'create' => 'canCreate',
+                'update' => 'canUpdate',
+                'delete' => 'canDelete',
+                'revisions' => 'canUpdate',
+                'revise' => 'canUpdate',
+                'bulkClone' => 'canCreate',
+                'clone' => 'canCreate',
+                'bulkDelete' => 'canDelete',
+            ];
+
+            if (isset($funcMap[$operation])) {
+                $func = $funcMap[$operation];
+            } else {
+                $func = 'can' . ucfirst($operation);
+            }
+            $model = $this->entry ?? $this->model;
+            if (is_callable([$model, $func])) {
+                return $model->$func(backpack_user());
+            }
+            return true;
+        }
+        return true;
+    }
+
+    public function hasAccessOrFail($operation)
+    {
+        if (!$this->hasAccess($operation)) {
+            throw new AccessDeniedException(trans('backpack::crud.unauthorized_access', ['access' => $operation]));
+        }
+
+        return true;
+    }
+
+    public function hasAccessToAll($operation_array)
+    {
+        foreach ((array)$operation_array as $key => $operation) {
+            if (!$this->hasAccess($operation)) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    public function hasAccessToAny($operation_array)
+    {
+        foreach ((array)$operation_array as $key => $operation) {
+            if ($this->hasAccess($operation) == true) {
+                return true;
+            }
+        }
+
+        return false;
+    }
 }
diff --git a/src/app/Http/Controllers/Operations/ShowOperation.php b/src/app/Http/Controllers/Operations/ShowOperation.php
new file mode 100644
index 0000000..e844cf3
--- /dev/null
+++ b/src/app/Http/Controllers/Operations/ShowOperation.php
@@ -0,0 +1,8 @@
+<?php
+
+namespace Cubist\Backpack\app\Http\Controllers\Operations;
+
+trait ShowOperation
+{
+    use \Backpack\CRUD\app\Http\Controllers\Operations\ShowOperation;
+}
diff --git a/src/app/Magic/Fields/Field.php b/src/app/Magic/Fields/Field.php
index cc84ec0..7106915 100644
--- a/src/app/Magic/Fields/Field.php
+++ b/src/app/Magic/Fields/Field.php
@@ -237,6 +237,7 @@ class Field implements \ArrayAccess
 
         if (null !== $this->getAttribute('can', null)) {
             if (!can($this->getAttribute('can'))) {
+                $this->setAttribute('column',false);
                 $this->setAttribute('auth', false);
                 $this->setAttribute('type', 'authhidden');
                 $this->setAttribute('view_namespace', CubistBackpackServiceProvider::NAMESPACE . '::fields');
diff --git a/src/app/Magic/Models/CubistMagicAbstractModel.php b/src/app/Magic/Models/CubistMagicAbstractModel.php
index bf1d800..dd674ba 100644
--- a/src/app/Magic/Models/CubistMagicAbstractModel.php
+++ b/src/app/Magic/Models/CubistMagicAbstractModel.php
@@ -679,19 +679,6 @@ class CubistMagicAbstractModel extends Model implements HasMedia
         Cache::tags($tags)->flush();
     }
 
-    /**
-     * @param $user CubistMagicAuthenticatable
-     * @return bool
-     */
-    public function isOwner($user)
-    {
-        if (null === $this->id) {
-            return true;
-        }
-
-        return null !== $user && ($this->canAdmin($user) || $this->getAttribute($this->_ownerAttribute) === $user->id);
-    }
-
     /**
      * @param $user CubistMagicAuthenticatable
      * @return bool
@@ -739,7 +726,7 @@ class CubistMagicAbstractModel extends Model implements HasMedia
             return false;
         }
         $permission = $this->getOption('name') . ':' . $operation;
-        return $user->can($permission);
+        return $user->hasPermissionTo($permission);
     }
 
     /**
@@ -748,7 +735,7 @@ class CubistMagicAbstractModel extends Model implements HasMedia
      */
     public function canView($user)
     {
-        return $this->isOwner($user);
+        return $this->canList($user);
     }
 
     /**
@@ -757,7 +744,7 @@ class CubistMagicAbstractModel extends Model implements HasMedia
      */
     public function canUpdate($user)
     {
-        return $this->isOwner($user);
+        return $this->canCreate($user);
     }
 
     /**
@@ -766,7 +753,7 @@ class CubistMagicAbstractModel extends Model implements HasMedia
      */
     public function canDelete($user)
     {
-        return $this->isOwner($user);
+        return $this->canUpdate($user);
     }
 
     /**