Server : Apache System : Linux server2.corals.io 4.18.0-348.2.1.el8_5.x86_64 #1 SMP Mon Nov 15 09:17:08 EST 2021 x86_64 User : corals ( 1002) PHP Version : 7.4.33 Disable Function : exec,passthru,shell_exec,system Directory : /home/corals/ts.corals.io/corals-api/Corals/modules/Timesheet/Policies/ |
<?php
namespace Corals\Modules\Timesheet\Policies;
use Corals\Foundation\Policies\BasePolicy;
use Corals\Modules\Timesheet\Models\Entry;
use Corals\User\Models\User;
class EntryPolicy extends BasePolicy
{
/**
* @var string[]
*/
protected $skippedAbilities = ['update', 'destroy', 'markAsReviewed'];
protected $administrationPermission = 'Administrations::admin.timesheet';
/**
* @param User $user
* @return bool
*/
public function view(User $user, Entry $entry = null)
{
if (!$user->can('Timesheet::entry.view')) {
return false;
}
if (!$entry) {
return true;
}
if ($this->isAdministrator($user)) {
return true;
}
return $entry->user_id == $user->id;
}
/**
* @param User $user
* @return bool
*/
public function create(User $user)
{
return $user->can('Timesheet::entry.create');
}
/**
* @param User $user
* @param Entry $entry
* @return bool
*/
public function update(User $user, Entry $entry)
{
//prevent edit entry when it has invoiced!
if ($entry->invoice_id) {
return false;
}
return $this->isAdministrator($user) || ($user->can('Timesheet::entry.update') && $entry->user_id === $user->id && !$entry->has_reviewed);
}
/**
* @param User $user
* @param Entry $entry
* @return bool
*/
public function destroy(User $user, Entry $entry)
{
//prevent destroy entry when it has invoiced!
if ($entry->invoice_id) {
return false;
}
return $this->isAdministrator($user) || ($user->can('Timesheet::entry.delete') && $entry->user_id === $user->id && !$entry->has_reviewed);
}
/**
* @param User $user
* @param Entry $entry
* @return bool
*/
public function markAsReviewed(User $user, Entry $entry): bool
{
return $this->isAdministrator($user) && $this->update($user, $entry) && !$entry->has_reviewed;
}
}