diff --git a/app/Console/Commands/Database/CreatePermissions.php b/app/Console/Commands/Database/CreatePermissions.php new file mode 100644 index 00000000..425b9360 --- /dev/null +++ b/app/Console/Commands/Database/CreatePermissions.php @@ -0,0 +1,77 @@ +info($permission); + foreach ($actions as $action) { + $this->info($action); + \Spatie\Permission\Models\Permission::firstOrCreate([ + 'name' => $permission.'.'.$action, + ], [ + 'guard_name' => 'web', + ]); + } + } + + return Command::SUCCESS; + } +} diff --git a/app/Nova/User.php b/app/Nova/User.php index 3a86b61a..10eef4d9 100644 --- a/app/Nova/User.php +++ b/app/Nova/User.php @@ -71,7 +71,9 @@ class User extends Resource ->updateRules('nullable', Rules\Password::defaults()), MorphToMany::make('Roles', 'roles', \Itsmejoshua\Novaspatiepermissions\Role::class), + MorphToMany::make('Permissions', 'permissions', \Itsmejoshua\Novaspatiepermissions\Permission::class), + ]; } diff --git a/app/Policies/BitcoinEventPolicy.php b/app/Policies/BitcoinEventPolicy.php index 99073f3e..e4bc7d39 100644 --- a/app/Policies/BitcoinEventPolicy.php +++ b/app/Policies/BitcoinEventPolicy.php @@ -57,7 +57,7 @@ class BitcoinEventPolicy extends BasePolicy */ public function update(User $user, BitcoinEvent $bitcoinEvent) { - return $bitcoinEvent->created_by === $user->id; + return $bitcoinEvent->created_by === $user->id || $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** diff --git a/app/Policies/CategoryPolicy.php b/app/Policies/CategoryPolicy.php index 2f419978..e3213cdf 100644 --- a/app/Policies/CategoryPolicy.php +++ b/app/Policies/CategoryPolicy.php @@ -41,7 +41,7 @@ class CategoryPolicy extends BasePolicy */ public function create(User $user) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** @@ -53,7 +53,7 @@ class CategoryPolicy extends BasePolicy */ public function update(User $user, Category $category) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** @@ -65,7 +65,7 @@ class CategoryPolicy extends BasePolicy */ public function delete(User $user, Category $category) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** @@ -77,7 +77,7 @@ class CategoryPolicy extends BasePolicy */ public function restore(User $user, Category $category) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** @@ -89,6 +89,6 @@ class CategoryPolicy extends BasePolicy */ public function forceDelete(User $user, Category $category) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } } diff --git a/app/Policies/CityPolicy.php b/app/Policies/CityPolicy.php index 467684ea..657a2da5 100644 --- a/app/Policies/CityPolicy.php +++ b/app/Policies/CityPolicy.php @@ -53,7 +53,7 @@ class CityPolicy extends BasePolicy */ public function update(User $user, City $city) { - return $city->created_by === $user->id; + return $city->created_by === $user->id || $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** diff --git a/app/Policies/CountryPolicy.php b/app/Policies/CountryPolicy.php index 00cc9471..8f14b4a4 100644 --- a/app/Policies/CountryPolicy.php +++ b/app/Policies/CountryPolicy.php @@ -41,7 +41,7 @@ class CountryPolicy extends BasePolicy */ public function create(User $user) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** @@ -53,7 +53,7 @@ class CountryPolicy extends BasePolicy */ public function update(User $user, Country $country) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** @@ -65,7 +65,7 @@ class CountryPolicy extends BasePolicy */ public function delete(User $user, Country $country) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** @@ -77,7 +77,7 @@ class CountryPolicy extends BasePolicy */ public function restore(User $user, Country $country) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** @@ -89,6 +89,6 @@ class CountryPolicy extends BasePolicy */ public function forceDelete(User $user, Country $country) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } } diff --git a/app/Policies/CourseEventPolicy.php b/app/Policies/CourseEventPolicy.php index e1d2c6c0..2068b0df 100644 --- a/app/Policies/CourseEventPolicy.php +++ b/app/Policies/CourseEventPolicy.php @@ -55,7 +55,7 @@ class CourseEventPolicy extends BasePolicy */ public function update(User $user, CourseEvent $courseEvent) { - return $user->belongsToTeam($courseEvent->course->lecturer->team); + return $user->belongsToTeam($courseEvent->course->lecturer->team) || $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** diff --git a/app/Policies/CoursePolicy.php b/app/Policies/CoursePolicy.php index 6087660b..ae736210 100644 --- a/app/Policies/CoursePolicy.php +++ b/app/Policies/CoursePolicy.php @@ -53,7 +53,7 @@ class CoursePolicy extends BasePolicy */ public function update(User $user, Course $course) { - return $user->belongsToTeam($course->lecturer->team); + return $user->belongsToTeam($course->lecturer->team) || $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** diff --git a/app/Policies/EpisodePolicy.php b/app/Policies/EpisodePolicy.php index 71ae7693..4ae55f46 100644 --- a/app/Policies/EpisodePolicy.php +++ b/app/Policies/EpisodePolicy.php @@ -57,7 +57,7 @@ class EpisodePolicy extends BasePolicy */ public function update(User $user, Episode $episode) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** diff --git a/app/Policies/LecturerPolicy.php b/app/Policies/LecturerPolicy.php index 8ca0ea11..6014d1cc 100644 --- a/app/Policies/LecturerPolicy.php +++ b/app/Policies/LecturerPolicy.php @@ -57,7 +57,7 @@ class LecturerPolicy extends BasePolicy */ public function update(User $user, Lecturer $lecturer) { - return $lecturer->created_by === $user->id; + return $lecturer->created_by === $user->id || $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** diff --git a/app/Policies/LibraryItemPolicy.php b/app/Policies/LibraryItemPolicy.php index 3470eae2..d6b5451a 100644 --- a/app/Policies/LibraryItemPolicy.php +++ b/app/Policies/LibraryItemPolicy.php @@ -53,7 +53,7 @@ class LibraryItemPolicy extends BasePolicy */ public function update(User $user, LibraryItem $libraryItem) { - return $libraryItem->created_by === $user->id; + return $libraryItem->created_by === $user->id || $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** diff --git a/app/Policies/LibraryPolicy.php b/app/Policies/LibraryPolicy.php index 9966985e..2653d34e 100644 --- a/app/Policies/LibraryPolicy.php +++ b/app/Policies/LibraryPolicy.php @@ -53,7 +53,7 @@ class LibraryPolicy extends BasePolicy */ public function update(User $user, Library $library) { - return $library->created_by === $user->id; + return $library->created_by === $user->id || $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** diff --git a/app/Policies/MeetupEventPolicy.php b/app/Policies/MeetupEventPolicy.php index ac828ca5..f6c1b4f7 100644 --- a/app/Policies/MeetupEventPolicy.php +++ b/app/Policies/MeetupEventPolicy.php @@ -53,7 +53,7 @@ class MeetupEventPolicy extends BasePolicy */ public function update(User $user, MeetupEvent $meetupEvent) { - return $meetupEvent->created_by === $user->id; + return $meetupEvent->created_by === $user->id || $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** diff --git a/app/Policies/MeetupPolicy.php b/app/Policies/MeetupPolicy.php index ebed96b8..06582433 100644 --- a/app/Policies/MeetupPolicy.php +++ b/app/Policies/MeetupPolicy.php @@ -57,7 +57,7 @@ class MeetupPolicy extends BasePolicy */ public function update(User $user, Meetup $meetup) { - return $meetup->created_by === $user->id; + return $meetup->created_by === $user->id || $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** diff --git a/app/Policies/PermissionPolicy.php b/app/Policies/PermissionPolicy.php index 9769d65f..702f99df 100644 --- a/app/Policies/PermissionPolicy.php +++ b/app/Policies/PermissionPolicy.php @@ -14,11 +14,12 @@ class PermissionPolicy extends BasePolicy * Determine whether the user can view any models. * * @param \App\Models\User $user + * * @return \Illuminate\Auth\Access\Response|bool */ public function viewAny(User $user) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** @@ -26,22 +27,24 @@ class PermissionPolicy extends BasePolicy * * @param \App\Models\User $user * @param \Spatie\Permission\Models\Permission $permission + * * @return \Illuminate\Auth\Access\Response|bool */ public function view(User $user, Permission $permission) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** * Determine whether the user can create models. * * @param \App\Models\User $user + * * @return \Illuminate\Auth\Access\Response|bool */ public function create(User $user) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** @@ -49,11 +52,12 @@ class PermissionPolicy extends BasePolicy * * @param \App\Models\User $user * @param \Spatie\Permission\Models\Permission $permission + * * @return \Illuminate\Auth\Access\Response|bool */ public function update(User $user, Permission $permission) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** @@ -61,11 +65,12 @@ class PermissionPolicy extends BasePolicy * * @param \App\Models\User $user * @param \Spatie\Permission\Models\Permission $permission + * * @return \Illuminate\Auth\Access\Response|bool */ public function delete(User $user, Permission $permission) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** @@ -73,11 +78,12 @@ class PermissionPolicy extends BasePolicy * * @param \App\Models\User $user * @param \Spatie\Permission\Models\Permission $permission + * * @return \Illuminate\Auth\Access\Response|bool */ public function restore(User $user, Permission $permission) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** @@ -85,10 +91,11 @@ class PermissionPolicy extends BasePolicy * * @param \App\Models\User $user * @param \Spatie\Permission\Models\Permission $permission + * * @return \Illuminate\Auth\Access\Response|bool */ public function forceDelete(User $user, Permission $permission) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } } diff --git a/app/Policies/PodcastPolicy.php b/app/Policies/PodcastPolicy.php index 12fd34f0..95f0f226 100644 --- a/app/Policies/PodcastPolicy.php +++ b/app/Policies/PodcastPolicy.php @@ -6,7 +6,7 @@ use App\Models\Podcast; use App\Models\User; use Illuminate\Auth\Access\HandlesAuthorization; -class PodcastPolicy +class PodcastPolicy extends BasePolicy { use HandlesAuthorization; diff --git a/app/Policies/RolePolicy.php b/app/Policies/RolePolicy.php index 5bdc731f..b5f39a1a 100644 --- a/app/Policies/RolePolicy.php +++ b/app/Policies/RolePolicy.php @@ -18,7 +18,7 @@ class RolePolicy extends BasePolicy */ public function viewAny(User $user) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** @@ -30,7 +30,7 @@ class RolePolicy extends BasePolicy */ public function view(User $user, Role $role) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** @@ -41,7 +41,7 @@ class RolePolicy extends BasePolicy */ public function create(User $user) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** @@ -53,7 +53,7 @@ class RolePolicy extends BasePolicy */ public function update(User $user, Role $role) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** @@ -65,7 +65,7 @@ class RolePolicy extends BasePolicy */ public function delete(User $user, Role $role) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** @@ -77,7 +77,7 @@ class RolePolicy extends BasePolicy */ public function restore(User $user, Role $role) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** @@ -89,6 +89,6 @@ class RolePolicy extends BasePolicy */ public function forceDelete(User $user, Role $role) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } } diff --git a/app/Policies/TeamPolicy.php b/app/Policies/TeamPolicy.php index 387a3214..626896c8 100644 --- a/app/Policies/TeamPolicy.php +++ b/app/Policies/TeamPolicy.php @@ -19,7 +19,7 @@ class TeamPolicy extends BasePolicy */ public function viewAny(User $user) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** @@ -44,7 +44,7 @@ class TeamPolicy extends BasePolicy */ public function create(User $user) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** @@ -109,6 +109,6 @@ class TeamPolicy extends BasePolicy */ public function delete(User $user, Team $team) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } } diff --git a/app/Policies/UserPolicy.php b/app/Policies/UserPolicy.php index 4b4f6e85..5998a353 100644 --- a/app/Policies/UserPolicy.php +++ b/app/Policies/UserPolicy.php @@ -17,7 +17,7 @@ class UserPolicy extends BasePolicy */ public function viewAny(User $user) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** @@ -29,7 +29,7 @@ class UserPolicy extends BasePolicy */ public function view(User $user, User $model) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** @@ -40,7 +40,7 @@ class UserPolicy extends BasePolicy */ public function create(User $user) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** @@ -52,7 +52,7 @@ class UserPolicy extends BasePolicy */ public function update(User $user, User $model) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** @@ -64,7 +64,7 @@ class UserPolicy extends BasePolicy */ public function delete(User $user, User $model) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** @@ -76,7 +76,7 @@ class UserPolicy extends BasePolicy */ public function restore(User $user, User $model) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** @@ -88,6 +88,6 @@ class UserPolicy extends BasePolicy */ public function forceDelete(User $user, User $model) { - return $user->hasRole('super-admin'); + return $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } } diff --git a/app/Policies/VenuePolicy.php b/app/Policies/VenuePolicy.php index 71a3ac13..4049dc00 100644 --- a/app/Policies/VenuePolicy.php +++ b/app/Policies/VenuePolicy.php @@ -32,7 +32,7 @@ class VenuePolicy extends BasePolicy */ public function view(User $user, Venue $venue) { - return $user->is_lecturer; + return $user->is_lecturer || $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** @@ -44,7 +44,7 @@ class VenuePolicy extends BasePolicy */ public function create(User $user) { - return $user->is_lecturer; + return $user->is_lecturer || $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** @@ -57,7 +57,7 @@ class VenuePolicy extends BasePolicy */ public function update(User $user, Venue $venue) { - return $venue->created_by === $user->id; + return $venue->created_by === $user->id || $user->can((new \ReflectionClass($this))->getShortName().'.'.__FUNCTION__); } /** diff --git a/app/Providers/NovaServiceProvider.php b/app/Providers/NovaServiceProvider.php index 1f0bb414..9e2cac48 100644 --- a/app/Providers/NovaServiceProvider.php +++ b/app/Providers/NovaServiceProvider.php @@ -42,16 +42,16 @@ class NovaServiceProvider extends NovaApplicationServiceProvider parent::boot(); Nova::mainMenu(function (Request $request) { - $adminItems = $request->user() - ->hasRole('super-admin') ? + $comments = $request->user()->can('CommentPolicy.viewAny') ? [ + MenuSection::make('Comments', [ + MenuItem::resource(Comment::class), + ]) + ->icon('chat') + ->collapsable(), + ] : []; + + $adminItems = $request->user()->can('NovaAdminPolicy.viewAny') ? [ - - MenuSection::make('Comments', [ - MenuItem::resource(Comment::class), - ]) - ->icon('chat') - ->collapsable(), - MenuSection::make('Admin', [ MenuItem::resource(Category::class), MenuItem::resource(Country::class), @@ -62,17 +62,19 @@ class NovaServiceProvider extends NovaApplicationServiceProvider ->icon('key') ->collapsable(), - MenuSection::make(__('nova-spatie-permissions::lang.sidebar_label'), [ - MenuItem::link(__('nova-spatie-permissions::lang.sidebar_label_roles'), 'resources/roles'), - MenuItem::link(__('nova-spatie-permissions::lang.sidebar_label_permissions'), - 'resources/permissions'), - ]) - ->icon('key') - ->collapsable(), - ] : []; + $permissions = $request->user()->can('PermissionPolicy.viewAny') ? [ + MenuSection::make(__('nova-spatie-permissions::lang.sidebar_label'), [ + MenuItem::link(__('nova-spatie-permissions::lang.sidebar_label_roles'), 'resources/roles'), + MenuItem::link(__('nova-spatie-permissions::lang.sidebar_label_permissions'), + 'resources/permissions'), + ]) + ->icon('key') + ->collapsable(), + ] : []; + return array_merge([ MenuSection::dashboard(Main::class) ->icon('lightning-bolt'), @@ -133,7 +135,7 @@ class NovaServiceProvider extends NovaApplicationServiceProvider ->icon('book-open') ->collapsable(), - ], $adminItems); + ], $comments, $adminItems, $permissions); }); Nova::withBreadcrumbs();