protected function canDo($attribute, $subject, User $user) { // If the user is trying to access their own answers they can do anything if ($user->getId() === $subject->getServerUser()->getUser()->getId()) { return true; } return parent::canDo($attribute, $subject, $user); }
protected function canDo($attribute, $subject, User $user) { // If the user is trying to access their own participant entry record they can do anything if ($user->getId() === $subject->getParticipant()->getUser()->getId()) { return true; } return parent::canDo($attribute, $subject, $user); }
protected function canDo($attribute, $subject, User $user) { // If the user is a system administrator, they can do anything if ($user->getSystemAdministrator() === true) { return true; } // Otherwise, if the user is trying to access their own account they can do anything if ($user->getType() === $subject->getType() && $user->getId() === $subject->getId()) { return true; } return false; }