/** * Register any authentication / authorization services. * * @return void */ public function boot() { $this->registerPolicies(); Gate::define('administer', function (User $user) { return $user->roles->contains('name', 'admin'); }); }
/** * Register any authentication / authorization services. * * @return void */ public function boot() { $this->registerPolicies(); foreach ($this->getPermissions() as $permission) { Gate::define($permission->name, function ($user) use($permission) { return $user->hasRole($permission->roles); }); } }
/** * Define abilities that checks if the current user is admin. * * @param array $arguments * @return boolean */ private function isAdmin($arguments) { foreach ($arguments as $resource => $actions) { foreach ($actions as $action) { Gate::define($this->ability($action, $resource), function ($user) { return $user->is_admin; }); } } }
/** * Register any authentication / authorization services. * * @return void */ public function boot() { $this->registerPolicies(); Gate::define('create', function ($user) { if ($user->id) { return true; } else { return false; } }); }
/** * Boot the authentication services for the application. * * @return void */ public function boot() { // Here you may define how you wish users to be authenticated for your Lumen // application. The callback which receives the incoming request instance // should return either a User instance or null. You're free to obtain // the User instance via an API token or any other method necessary. Auth::viaRequest('api', function (Request $request) { $authorization_header = explode(' ', $request->header('Authorization')); if (count($authorization_header) != 2 || strpos($authorization_header[0], 'Bearer')) { throw new Exception('Authorization header not set or invalid.'); } $user = User::where('api_token', $authorization_header[1])->first(); if (is_null($user)) { throw new Exception('Invalid access token.'); } return $user; }); // Event Authorization Gate::define('create-event', function (User $user) { return $user->hasPermission('create-event'); }); Gate::define('update-event', function (User $user, Event $event) { return $user->hasPermission('update-event') && $user->id === $event->user_id; }); Gate::define('delete-event', function (User $user, Event $event) { return $user->hasPermission('delete-event') && $user->id === $event->user_id; }); Gate::define('view-event', function (User $user, Event $event) { return $user->hasPermission('view-event'); }); Gate::define('list-event', function (User $user) { return $user->hasPermission('list-event'); }); // User Authorization Gate::define('list-user', function (User $user) { return $user->hasPermission('list-user'); }); Gate::define('view-user', function (User $user, User $user_check) { return $user->hasPermission('view-user'); }); // User Location Authorization Gate::define('list-user-location', function (User $user) { return $user->hasPermission('list-user-location'); }); Gate::define('update-user-location', function (User $user, User $user_check) { return $user->hasPermission('update-user-location') && $user->id === $user_check->id; }); }
/** * Boot the authentication services for the application. * * @return void */ public function boot() { // Here you may define how you wish users to be authenticated for your Lumen // application. The callback which receives the incoming request instance // should return either a User instance or null. You're free to obtain // the User instance via an API token or any other method necessary. $user = null; $this->app['auth']->viaRequest('api', function ($request) { if ($request->header("AuthToken")) { $tk = Token::where('api_token', $request->header("AuthToken"))->first(); return User::where('id', $tk->user_id)->first(); } }); // Authorises the current user for particular requests Gate::define('getUser', function ($user, $userid) { // TODO allow user to get users matched with them return $user->id == $userid; }); Gate::define('deleteUser', function ($user, $userid) { // TODO allow user to get users matched with them return $user->id == $userid; }); }
public function test_closure_permission_fails() { $user = $this->createUser(['name' => 'John Doe']); $create = new Permission(); $create->name = 'create-post'; $create->label = 'Create Post'; $create->closure = function ($user, $id, $otherParameter) { return $user->id == $id; }; $create->save(); // Stub the service provider defined ability. Gate::define($create->name, $create->closure); $this->assertTrue($user->can('create-post', [1, 'other-parameter'])); $this->setExpectedException(\ErrorException::class); // Missing argument three. $user->can('create-post', [1]); }
/** * Register any authentication / authorization services. * * @return void */ public function boot() { $this->registerPolicies(); // admins are gods Gate::before(function ($user, $ability) { // if no Laratrust role is configured, nobody is admin if (!is_string(config('laraboard.user.admin_role'))) { return false; } // ignore for these abilities if (!in_array($ability, ['laraboard::thread-subscribe', 'laraboard::thread-unsubscribe'])) { if (!is_null($user) && $user->hasRole(config('laraboard.user.admin_role'))) { return true; } } }); // reply edit Gate::define('laraboard::reply-edit', function ($user, $post) { if ($post->status != 'Open') { return false; } return $user->id === $post->user_id; }); // reply delete Gate::define('laraboard::post-delete', function ($user, $post) { if ($post->status != 'Open') { return false; } return $user->id === $post->user_id; }); // thread-reply Gate::define('laraboard::thread-reply', function ($user, $post) { if (!$post->is_open) { return false; } return \Auth::check(); }); // thread-subscribe Gate::define('laraboard::thread-subscribe', function ($user, $thread) { if (\Auth::check()) { // only if they aren't already subscribed if (!$user->forumSubscriptions->contains('post_id', $thread->id)) { return true; } } }); // thread-unsubscribe Gate::define('laraboard::thread-unsubscribe', function ($user, $thread) { if (\Auth::check()) { // only if they aren't already subscribed if ($user->forumSubscriptions->contains('post_id', $thread->id)) { return true; } } }); // thread-create Gate::define('laraboard::thread-create', function ($user, $board) { if ($board->status != 'Open') { return false; } return \Auth::check(); }); // category-create Gate::define('laraboard::category-manage', function ($user) { // only admins return false; }); // board-create Gate::define('laraboard::board-create', function ($user, $board) { if ($board->status != 'Open') { return false; } // return \Auth::check(); }); // board-edit Gate::define('laraboard::board-edit', function ($user, $board) { return false; }); // forum-create Gate::define('laraboard::forum-create', function ($user) { return false; }); // forum-edit Gate::define('laraboard::forum-edit', function ($user, $category) { return false; }); Gate::define('laraboard::post-edit', function ($user, $post) { if (!in_array($post->type, ['Post', 'Thread'])) { return false; } if ($user->id == $post->user_id) { return true; } }); }