protected function hasPermission($permission, Model $requester)
{
// always allow new user registrations
if ($permission == 'create') {
return true;
}
// users can only edit themselves
if ($permission === 'edit' && $requester instanceof self && $requester->id() == $this->id()) {
return true;
}
// otherwise, defer to admin permissions
return $requester->isAdmin();
}
