/**
* Get list of all permissions that user has
*
* @param Roleable|null $resource
*
* @return array
*/
public function getPermissions(Roleable $resource = null)
{
// if user is not logged we will assign to it guest role
$userRoles = $resource ? (array) $resource->getRoles() : [$this->config->get('authorize.guest_role_name')];
$permissions = [];
foreach ($userRoles as $userRole) {
$permissions = array_merge($permissions, $this->getPermissionsForRole($userRole));
}
return array_values(array_unique($permissions));
}
/**
* Base authorization verification method. In case non-null value is
* returned this will indicate whether user has (or not) access for given
* resource
*
* @param Roleable|null $user
* @param string $ability
*
* @return bool|null
* @throws \Exception
*/
public function before(Roleable $user = null, $ability)
{
// for super roles we will always allow everything no matter what
// specific permissions are defined later
$superRoles = $this->getSuperRoles();
if ($superRoles && $user && $user->hasRole($superRoles)) {
return true;
}
// verify if user has permission for this group and this ability
$can = $this->permService->can($user, $this->getPermissionName($ability));
// if user has no permission for this action, we don't need to do
// anything more - user won't be able do run this action
if (!$can) {
return false;
}
// if he has and no custom rule defined for this ability, we assume
// that user has permission for this action
if (!$this->hasCustomAbilityRule($ability)) {
return true;
}
// otherwise if user has this permission but custom rule is defined
// we will go into this custom rule to verify it in details
return null;
}
