protected function isAllowed($model, $operation, $new_operation = true)
{
if ($new_operation || !$this->trusted || $this->last_model_instance != $model) {
$this->trusted = Role::isAllowed($model, $operation);
}
$this->last_model_instance = $model;
return $this->trusted;
}
public function testAuth()
{
$auth = new Auth();
$this->assertFalse(Role::isAllowed($auth, 'update'));
$this->assertFalse(Role::isAllowed($auth, 'delete'));
$auth->setTrustedAction(true);
$this->assertTrue(Role::isAllowed($auth, 'update'));
$this->assertTrue(Role::isAllowed($auth, 'delete'));
}
/**
* Execute the query as a "select" statement.
*
* @param array $columns
* @return \Illuminate\Database\Eloquent\Collection|static[]
*/
public function get($columns = array('*'))
{
if ($this->is_collection) {
$this->query->setModel(new Collection(array('table_name' => $this->name)));
} elseif ($this->query instanceof \Illuminate\Database\Query\Builder) {
$this->query->from($this->name);
}
// Check 'read' access before running the query.
// - for 'owner' role each entry need to be checked on results.
$role = Role::getInstance()->getConfig($this->name, 'read');
if ($role !== 'owner' && !Role::isAllowed($this->name, 'read')) {
throw new ForbiddenException();
}
return $this->__call('get', func_get_args());
}
protected function isUpdateAllowed()
{
//
// Allow updates only when:
// - Is using 'server' context.
// - Is using 'commandline' context.
// - Authenticated user is updating it's own data
//
return Context::isTrusted() || Role::isAllowed($this, 'update') || $this->isAuthenticated();
}
