protected function isAllowed($model, $operation, $new_operation = true) { if ($new_operation || !$this->trusted || $this->last_model_instance != $model) { $this->trusted = Role::isAllowed($model, $operation); } $this->last_model_instance = $model; return $this->trusted; }
public function testAuth() { $auth = new Auth(); $this->assertFalse(Role::isAllowed($auth, 'update')); $this->assertFalse(Role::isAllowed($auth, 'delete')); $auth->setTrustedAction(true); $this->assertTrue(Role::isAllowed($auth, 'update')); $this->assertTrue(Role::isAllowed($auth, 'delete')); }
/** * Execute the query as a "select" statement. * * @param array $columns * @return \Illuminate\Database\Eloquent\Collection|static[] */ public function get($columns = array('*')) { if ($this->is_collection) { $this->query->setModel(new Collection(array('table_name' => $this->name))); } elseif ($this->query instanceof \Illuminate\Database\Query\Builder) { $this->query->from($this->name); } // Check 'read' access before running the query. // - for 'owner' role each entry need to be checked on results. $role = Role::getInstance()->getConfig($this->name, 'read'); if ($role !== 'owner' && !Role::isAllowed($this->name, 'read')) { throw new ForbiddenException(); } return $this->__call('get', func_get_args()); }
protected function isUpdateAllowed() { // // Allow updates only when: // - Is using 'server' context. // - Is using 'commandline' context. // - Authenticated user is updating it's own data // return Context::isTrusted() || Role::isAllowed($this, 'update') || $this->isAuthenticated(); }