/** * Return this user's combined permissions from all roles. * @return PermissionCollection */ public function permissions() { // Use the indexed value rather than doing a new query each time. if (!empty($this->permissions)) { return $this->permissions; } $permissions = new PermissionCollection(); $permissions->addRoles($this->roles); return $this->permissions = $permissions; }
/** * Fired before the policies get checked. * @param User $user * @param $ability * @param $model Model|string * @return bool */ public function before(User $user, $ability, $model) { $this->class = is_object($model) ? get_class($model) : $model; // Does the user have the Super User role? if ($user->hasRole('Super User')) { return true; } // Does the particular class have a management ability? $this->manager = $this->permissions->exists('manage', $this->class); // Does the permission exist in the index? If not, grant by default. if (!$this->permissions->exists($ability, $this->class)) { return true; } // Is this a managed class and does the user have the managed permissions? if ($this->manager) { return $this->manage($user, $model, $ability); } }