<?php
return array('initialize' => function ($user) {
// The initialize method (this Closure function) will be ran on every page load when the bundle get's started.
// A User Object will be passed into this method and is available via $user
// The $user variable is a instantiated User Object (application/models/user.php)
// First, let's group together some "Actions" so we can later give a user access to multiple actions at once
Authority::action_alias('manage', array('create', 'read', 'update', 'delete'));
Authority::action_alias('moderate', array('update', 'delete'));
// If a user doesn't have any roles, we don't have to give him permissions so we can stop right here.
if (count($user->roles) === 0) {
return false;
}
if ($user->has_role('admin')) {
// The logged in user is an admin, we allow him to perform manage actions (create, read, update, delete) on "all" "Resources".
Authority::allow('manage', 'all');
// Let's say we want to "Deny" the admin from adding accounts if his age is below 21 (i don't mean to discriminate ;)
// Since we have the User object, and it has an "age" property, we can make a simple if statement.
if ($user->age < 21) {
// Too young! we "deny" the user to create users, i'm sorry...
Authority::deny('create', 'User');
}
// Let's make it a little harder, we don't want the admin to be able to delete his own User account, but has to be allowed to delete other Users.
// We only know that the "Resource" is a User, But we don't know the User id, we can send that information to the Rule Closure, in the Closure below, the argument is called $that_user.
// We also pass in the logged in user, since the Closure is outside of the scope where this comment is in.
Authority::deny('delete', 'User', function ($that_user) use($user) {
// If the id of the User that we are trying to delete is equal to our logged in user, we return true, meaning the Deny Rule will be set.
return (int) $that_user->id === (int) $user->id;
});
}
if ($user->has_role('store_owner')) {
