/** * @param User $user * @param Document $document * @return bool */ public static function view(User $user, $document) { if ($user->hasPermission('view_all')) { return true; } if ($document->expense) { if ($document->expense->invoice) { return $user->can('view', $document->expense->invoice); } return $user->can('view', $document->expense); } if ($document->invoice) { return $user->can('view', $document->invoice); } return $user->owns($item); }
/** * @param User $user * @return bool */ public static function create(User $user, $item) { return $user->hasPermission('admin'); }
echo 1; } use app\models\Session; use app\models\User; use app\classes\DB; $user = DB::connect(); if (Session::exists('home')) { echo "<p><b>" . Session::flash('home') . "</b></p>"; } $user = new User(); if ($user->isLoggedIn()) { ?> <p>Hello, <a href="profile.php?user=<?php echo escape($user->data()->username); ?> "><?php echo $user->data()->username; ?> </a></p> <ul> <li>You can <a href="logout.php">log out</a> here!</li> <li>You can <a href="update.php">update</a> your profile here!</li> <li>You can <a href="changepassword.php">change password</a> here!</li> </ul> <?php if ($user->hasPermission('admin')) { echo 'You are an admin'; } } else { echo "<p>You need to <a href='login.php'>log in</a> or <a href='register.php'>register</a>!" . "</p>"; }
/** * @param User $user * @param $ownerUserId * @return bool */ public static function editByOwner(User $user, $ownerUserId) { return $user->hasPermission('edit_all') || $user->id == $ownerUserId; }
/** * Determine if the given permission can be destroyed by the user. * * @param \App\User $user * @param \App\Model\Permission $permission * @return bool */ public function destroy(\App\Models\User $user, \App\Models\Permission $permission) { return $user->hasPermission('permission.destroy'); }
/** * Determine if the given role can be destroyed by the user. * * @param \App\User $user * @param \App\Model\Role $role * @return bool */ public function destroy(\App\Models\User $user, \App\Models\Role $role) { return $user->hasPermission('role.destroy'); }