/**
* Defines the Abilities for the application.
*
* @return void
*/
public function defineAbilities()
{
$this->gate->before(function ($user, $ability) {
if ($user->isSuperuser()) {
return true;
}
});
foreach ($this->getPermissions() as $permission) {
$this->gate->define($permission->name, function ($user) use($permission) {
return $user->hasPermission($permission->name);
});
}
}
/**
* Create a new stinter instance.
*
* @param GateContract $gate
* @param string|null $ability Name used to call the restriction
*/
public function __construct(GateContract $gate, $ability = null)
{
$this->stint = is_string($ability) ? $ability : static::class;
$gate->before([$this, 'before']);
$gate->define($this->stint, [$this, 'check']);
$gate->after([$this, 'after']);
}
public function boot(GateContract $gate)
{
$this->loadTranslation();
$gate->before(function ($user, $ability, $model) {
$interceptor = new GateInterceptor($this->app['permission.store']);
return $interceptor->check($user, $ability, $model);
});
}
/**
* Register any application authentication / authorization services.
*
* @param \Illuminate\Contracts\Auth\Access\Gate $gate
* @return void
*/
public function boot(GateContract $gate)
{
$gate->before(function ($user) {
if ($user->isAdmin()) {
return true;
}
});
parent::registerPolicies($gate);
}
/**
* Register the permissions.
*
* @return bool
*/
public function registerPermissions()
{
try {
$this->getPermissions()->map(function ($permission) {
$this->gate->before(function ($user, $ability) {
if ($user->hasRole(config('lair.super_role'))) {
return true;
}
});
$this->gate->define($permission->name, function ($user) use($permission) {
return $user->hasPermission($permission);
});
});
return true;
} catch (Exception $e) {
Log::alert('Could not register permissions');
return false;
}
}
private function registerPolicies(GateContract $gate, AdminManager $admin)
{
$gate->before(function ($user, $ability) use($admin) {
if ($ability === "admin") {
if ($user && $admin->isAdmin($user)) {
return $user;
}
}
});
}
/**
* Register any application authentication / authorization services.
*
* @param \Illuminate\Contracts\Auth\Access\Gate $gate
* @return void
*/
public function boot(GateContract $gate)
{
$gate->before(function ($user) {
if ($user->role === 'admin') {
return true;
}
});
$this->registerPolicies($gate);
//
}
/**
* Register the clipboard at the given gate.
*
* @param \Illuminate\Contracts\Auth\Access\Gate $gate
* @return void
*/
public function registerAt(Gate $gate)
{
$gate->before(function ($user, $ability, $model = null, $additional = null) {
if (!is_null($additional)) {
return;
}
if ($id = $this->checkGetId($user, $ability, $model)) {
return $this->allow('Bouncer granted permission via ability #' . $id);
}
});
}
private function registerPolicies(GateContract $gate)
{
$gate->before(function ($user, $ability) {
if ($ability === "sboard-write") {
return $user;
}
});
foreach ($this->policies as $key => $value) {
$gate->policy($key, $value);
}
}
/**
* Register the application's policies.
*
* @param \Illuminate\Contracts\Auth\Access\Gate $gate
* @return void
*/
public function registerPolicies(GateContract $gate)
{
$gate->before(function ($user, $ability) {
if ($user->hasRole('SUPER')) {
return true;
}
});
foreach ($this->policies as $key => $value) {
$gate->policy($key, $value);
}
}
/**
* Registers reactor policies
*
* @param GateContract $gate
*/
protected function registerReactorPolicies(GateContract $gate)
{
$gate->before(function ($user, $ability) {
if ($user->isSuperAdmin()) {
return true;
}
});
foreach ($this->getPermissions() as $permission) {
$gate->define($permission->name, function ($user) use($permission) {
return $user->hasPermission($permission->name) || $user->hasRole($permission->roles);
});
}
}
/**
* Register the clipboard at the given gate.
*
* @param \Illuminate\Contracts\Auth\Access\Gate $gate
* @return void
*/
public function registerAt(Gate $gate)
{
$gate->before(function ($authority, $ability, $arguments = [], $additional = null) {
list($model, $additional) = $this->parseGateArguments($arguments, $additional);
if (!is_null($additional)) {
return;
}
if ($id = $this->checkGetId($authority, $ability, $model)) {
return $this->allow('Bouncer granted permission via ability #' . $id);
}
// If the response from "checkGetId" is "false", then this ability
// has been explicity forbidden. We'll return false so the gate
// doesn't run any further checks. Otherwise we return null.
return $id;
});
}
