public function isAuthorized()
{
$action = $this->request->param('action');
$role = Session::getUserRole();
$resource = "downloads";
//only for admin
Permission::allow('admin', $resource, "*");
//only for normal users
Permission::allow('user', $resource, "download");
return Permission::check($role, $resource, $action);
}
public function isAuthorized()
{
$action = $this->request->param('action');
$role = Session::getUserRole();
$resource = "files";
//only for admins
Permission::allow('admin', $resource, ['*']);
//only for normal users
Permission::allow('user', $resource, ['index', 'getAll', 'create']);
Permission::allow('user', $resource, ['delete'], 'owner');
$fileId = Encryption::decryptIdWithDash($this->request->data("file_id"));
$config = ["user_id" => Session::getUserId(), "table" => "files", "id" => $fileId];
return Permission::check($role, $resource, $action, $config);
}
public function isAuthorized()
{
$action = $this->request->param('action');
$role = Session::getUserRole();
$resource = "todo";
// only for admins
Permission::allow('admin', $resource, ['*']);
// only for normal users
Permission::allow('user', $resource, ['delete'], 'owner');
$todoId = $this->request->data("todo_id");
if (!empty($todoId)) {
$todoId = Encryption::decryptIdWithDash($todoId);
}
$config = ["user_id" => Session::getUserId(), "table" => "todo", "id" => $todoId];
return Permission::check($role, $resource, $action, $config);
}
public function isAuthorized()
{
$action = $this->request->param('action');
$role = Session::getUserRole();
$resource = "posts";
// only for admins
Permission::allow('admin', $resource, ['*']);
// only for normal users
Permission::allow('user', $resource, ['index', 'view', 'newPost', 'create']);
Permission::allow('user', $resource, ['update', 'delete'], 'owner');
$postId = $action === "delete" ? $this->request->param("args")[0] : $this->request->data("post_id");
if (!empty($postId)) {
$postId = Encryption::decryptId($postId);
}
$config = ["user_id" => Session::getUserId(), "table" => "posts", "id" => $postId];
return Permission::check($role, $resource, $action, $config);
}
public function isAuthorized()
{
$action = $this->request->param('action');
$role = Session::getUserRole();
$resource = "newsfeed";
// only for admins
Permission::allow('admin', $resource, ['*']);
// only for normal users
Permission::allow('user', $resource, ['index', 'getAll', 'getById', 'create']);
Permission::allow('user', $resource, ['update', 'delete', 'getUpdateForm'], 'owner');
$newsfeedId = $this->request->data("newsfeed_id");
if (!empty($newsfeedId)) {
$newsfeedId = Encryption::decryptIdWithDash($newsfeedId);
}
$config = ["user_id" => Session::getUserId(), "table" => "newsfeed", "id" => $newsfeedId];
return Permission::check($role, $resource, $action, $config);
}
public function isAuthorized()
{
$action = $this->request->param('action');
$role = Session::getUserRole();
$resource = "posts";
//only for admins
Permission::allow('admin', $resource, ['*']);
//only for normal users
Permission::allow('user', $resource, ['index', 'view', 'newPost', 'getAll', 'getById', 'create']);
Permission::allow('user', $resource, ['update', 'delete', 'getUpdateForm'], 'owner');
$postId = $this->request->data("post_id");
$config = ["user_id" => Session::getUserId(), "table" => "posts", "id" => $postId];
return Permission::check($role, $resource, $action, $config);
}