From db6c6e604698d00a463bdab1049f769c3c100140 Mon Sep 17 00:00:00 2001
From: Vincent Vanwaelscappel <vincent@cubedesigners.com>
Date: Tue, 1 Dec 2020 21:07:16 +0100
Subject: [PATCH] wip #3753 @1

---
 src/app/CubistCrudPanel.php                   | 80 -------------------
 .../Controllers/Operations/ListOperation.php  |  5 +-
 .../Magic/Models/CubistMagicAbstractModel.php | 25 ++++--
 3 files changed, 20 insertions(+), 90 deletions(-)

diff --git a/src/app/CubistCrudPanel.php b/src/app/CubistCrudPanel.php
index 0a2375f..c9c2b95 100644
--- a/src/app/CubistCrudPanel.php
+++ b/src/app/CubistCrudPanel.php
@@ -60,84 +60,4 @@ class CubistCrudPanel extends CrudPanel
         $this->_seenFieldTypes[$type] = true;
         return true;
     }
-
-    public function addOwnerClause($user)
-    {
-        if (!$this->model instanceof CubistMagicAbstractModel) {
-            return;
-        }
-        if ($this->model->canAdmin($user)) {
-            return;
-        }
-        $this->model->addOwnerClause($this,$user);
-    }
-
-    public function hasAccess($operation)
-    {
-        // First filter with standard backpack gate
-        if (!parent::hasAccess($operation)) {
-            return false;
-        }
-
-        // Then, apply model rules
-        if ($this->model instanceof CubistMagicAbstractModel) {
-            $funcMap = ['list' => 'canList',
-                'create' => 'canCreate',
-                'update' => 'canUpdate',
-                'delete' => 'canDelete',
-                'revisions' => 'canUpdate',
-                'revise' => 'canUpdate',
-                'bulkClone' => 'canCreate',
-                'clone' => 'canCreate',
-                'bulkDelete' => 'canDelete',
-            ];
-
-            if (isset($funcMap[$operation])) {
-                $func = $funcMap[$operation];
-            } else {
-                $func = 'can' . ucfirst($operation);
-            }
-            $model = $this->entry ?? $this->model;
-            if (is_callable([$model, $func])) {
-                $res = $model->$func(backpack_user());
-            } else {
-                $res = true;
-            }
-            return $res;
-        }
-
-        return true;
-    }
-
-    public function hasAccessOrFail($operation)
-    {
-        if (!$this->hasAccess($operation)) {
-            throw new AccessDeniedException(trans('backpack::crud.unauthorized_access', ['access' => $operation]));
-        }
-
-
-        return true;
-    }
-
-    public function hasAccessToAll($operation_array)
-    {
-        foreach ((array)$operation_array as $key => $operation) {
-            if (!$this->hasAccess($operation)) {
-                return false;
-            }
-        }
-
-        return true;
-    }
-
-    public function hasAccessToAny($operation_array)
-    {
-        foreach ((array)$operation_array as $key => $operation) {
-            if ($this->hasAccess($operation) == true) {
-                return true;
-            }
-        }
-
-        return false;
-    }
 }
diff --git a/src/app/Http/Controllers/Operations/ListOperation.php b/src/app/Http/Controllers/Operations/ListOperation.php
index 58ef584..caf0686 100644
--- a/src/app/Http/Controllers/Operations/ListOperation.php
+++ b/src/app/Http/Controllers/Operations/ListOperation.php
@@ -6,8 +6,5 @@ namespace Cubist\Backpack\app\Http\Controllers\Operations;
 
 trait ListOperation
 {
-    public function setupListOperation()
-    {
-        $this->crud->addOwnerClause(backpack_user());
-    }
+    use \Backpack\CRUD\app\Http\Controllers\Operations\ListOperation;
 }
diff --git a/src/app/Magic/Models/CubistMagicAbstractModel.php b/src/app/Magic/Models/CubistMagicAbstractModel.php
index a45b550..0f85f6a 100644
--- a/src/app/Magic/Models/CubistMagicAbstractModel.php
+++ b/src/app/Magic/Models/CubistMagicAbstractModel.php
@@ -56,7 +56,7 @@ class CubistMagicAbstractModel extends Model implements HasMedia
     protected $_enableCreation = true;
     protected $_enableRevisions = true;
     protected $_enableBulk = true;
-    protected $_ownerAttribute = 'owner';
+    protected static $_ownerAttribute = 'owner';
 
     protected $_syncDbSchema = true;
 
@@ -91,6 +91,15 @@ class CubistMagicAbstractModel extends Model implements HasMedia
     public static function boot()
     {
         parent::boot();
+
+        static::addGlobalScope('userfilter', function (Builder $builder) {
+            static::addOwnerClause($builder);
+        });
+    }
+
+    public static function addOwnerClause(Builder $builder)
+    {
+        $builder->where(static::$_ownerAttribute, backpack_user()->id);
     }
 
     public function __construct(array $attributes = [])
@@ -678,25 +687,29 @@ class CubistMagicAbstractModel extends Model implements HasMedia
      */
     public function isOwner($user)
     {
+        if (null === $this->id) {
+            return true;
+        }
+
         return null !== $user && ($this->canAdmin($user) || $this->getAttribute($this->_ownerAttribute) === $user->id);
     }
 
     /**
-     * @param $crud CubistCrudPanel
      * @param $user CubistMagicAuthenticatable
+     * @return bool
      */
-    public function addOwnerClause($crud, $user)
+    public function canList($user)
     {
-        $crud->addClause('where', $this->_ownerAttribute, $user->id);
+        return null !== $user && ($this->canAdmin($user) || $this->_can('read', $user));
     }
 
     /**
      * @param $user CubistMagicAuthenticatable
      * @return bool
      */
-    public function canList($user)
+    public function canShow($user)
     {
-        return null !== $user && ($this->canAdmin($user) || $this->_can('read', $user));
+        return $this->canList($user);
     }
 
     /**
-- 
2.39.5