/**
* Return this user's combined permissions from all roles.
* @return PermissionCollection
*/
public function permissions()
{
// Use the indexed value rather than doing a new query each time.
if (!empty($this->permissions)) {
return $this->permissions;
}
$permissions = new PermissionCollection();
$permissions->addRoles($this->roles);
return $this->permissions = $permissions;
}
/**
* Fired before the policies get checked.
* @param User $user
* @param $ability
* @param $model Model|string
* @return bool
*/
public function before(User $user, $ability, $model)
{
$this->class = is_object($model) ? get_class($model) : $model;
// Does the user have the Super User role?
if ($user->hasRole('Super User')) {
return true;
}
// Does the particular class have a management ability?
$this->manager = $this->permissions->exists('manage', $this->class);
// Does the permission exist in the index? If not, grant by default.
if (!$this->permissions->exists($ability, $this->class)) {
return true;
}
// Is this a managed class and does the user have the managed permissions?
if ($this->manager) {
return $this->manage($user, $model, $ability);
}
}
