/**
* @param User $user
* @param Document $document
* @return bool
*/
public static function view(User $user, $document)
{
if ($user->hasPermission('view_all')) {
return true;
}
if ($document->expense) {
if ($document->expense->invoice) {
return $user->can('view', $document->expense->invoice);
}
return $user->can('view', $document->expense);
}
if ($document->invoice) {
return $user->can('view', $document->invoice);
}
return $user->owns($item);
}
/**
* @param User $user
* @return bool
*/
public static function create(User $user, $item)
{
return $user->hasPermission('admin');
}
echo 1;
}
use app\models\Session;
use app\models\User;
use app\classes\DB;
$user = DB::connect();
if (Session::exists('home')) {
echo "<p><b>" . Session::flash('home') . "</b></p>";
}
$user = new User();
if ($user->isLoggedIn()) {
?>
<p>Hello, <a href="profile.php?user=<?php
echo escape($user->data()->username);
?>
"><?php
echo $user->data()->username;
?>
</a></p>
<ul>
<li>You can <a href="logout.php">log out</a> here!</li>
<li>You can <a href="update.php">update</a> your profile here!</li>
<li>You can <a href="changepassword.php">change password</a> here!</li>
</ul>
<?php
if ($user->hasPermission('admin')) {
echo 'You are an admin';
}
} else {
echo "<p>You need to <a href='login.php'>log in</a> or <a href='register.php'>register</a>!" . "</p>";
}
/**
* @param User $user
* @param $ownerUserId
* @return bool
*/
public static function editByOwner(User $user, $ownerUserId)
{
return $user->hasPermission('edit_all') || $user->id == $ownerUserId;
}
/**
* Determine if the given permission can be destroyed by the user.
*
* @param \App\User $user
* @param \App\Model\Permission $permission
* @return bool
*/
public function destroy(\App\Models\User $user, \App\Models\Permission $permission)
{
return $user->hasPermission('permission.destroy');
}
/**
* Determine if the given role can be destroyed by the user.
*
* @param \App\User $user
* @param \App\Model\Role $role
* @return bool
*/
public function destroy(\App\Models\User $user, \App\Models\Role $role)
{
return $user->hasPermission('role.destroy');
}
