Server : Apache System : Linux server2.corals.io 4.18.0-348.2.1.el8_5.x86_64 #1 SMP Mon Nov 15 09:17:08 EST 2021 x86_64 User : corals ( 1002) PHP Version : 7.4.33 Disable Function : exec,passthru,shell_exec,system Directory : /home/corals/ts.corals.io/corals-api/Corals/modules/Timesheet/Policies/ |
<?php
namespace Corals\Modules\Timesheet\Policies;
use Corals\Foundation\Policies\BasePolicy;
use Corals\Modules\Timesheet\Facades\Timesheet;
use Corals\Modules\Timesheet\Models\Expense;
use Corals\User\Models\User;
class ExpensePolicy extends BasePolicy
{
/**
* @var string[]
*/
protected $skippedAbilities = ['update', 'destroy', 'generateInvoice'];
protected $administrationPermission = 'Administrations::admin.timesheet';
/**
* @param User $user
* @return bool
*/
public function view(User $user)
{
if ($user->can('Timesheet::expense.view')) {
return true;
}
return false;
}
/**
* @param User $user
* @return bool
*/
public function create(User $user)
{
return $user->can('Timesheet::expense.create');
}
/**
* @param User $user
* @param Expense $expense
* @return bool
*/
public function update(User $user, Expense $expense)
{
//prevent destroy entry when it has invoiced!
if ($expense->invoice_id) {
return false;
}
if ($user->can('Timesheet::expense.update')) {
return true;
}
return false;
}
/**
* @param User $user
* @param Expense $expense
* @return bool
*/
public function destroy(User $user, Expense $expense)
{
//prevent destroy entry when it has invoiced!
if ($expense->invoice_id) {
return false;
}
if ($user->can('Timesheet::expense.delete')) {
return true;
}
return false;
}
public function generateInvoice(User $user, Expense $expense): bool
{
return ($user->can('Timesheet::invoice.create') || Timesheet::isTimesheetAdministration()) && $expense->status === 'pending' && $expense->billable === 1;
}
}