/**
* Register any authentication / authorization services.
*
* @return void
*/
public function boot()
{
$this->registerPolicies();
Gate::define('administer', function (User $user) {
return $user->roles->contains('name', 'admin');
});
}
/**
* Register any authentication / authorization services.
*
* @return void
*/
public function boot()
{
$this->registerPolicies();
foreach ($this->getPermissions() as $permission) {
Gate::define($permission->name, function ($user) use($permission) {
return $user->hasRole($permission->roles);
});
}
}
/**
* Define abilities that checks if the current user is admin.
*
* @param array $arguments
* @return boolean
*/
private function isAdmin($arguments)
{
foreach ($arguments as $resource => $actions) {
foreach ($actions as $action) {
Gate::define($this->ability($action, $resource), function ($user) {
return $user->is_admin;
});
}
}
}
/**
* Register any authentication / authorization services.
*
* @return void
*/
public function boot()
{
$this->registerPolicies();
Gate::define('create', function ($user) {
if ($user->id) {
return true;
} else {
return false;
}
});
}
/**
* Boot the authentication services for the application.
*
* @return void
*/
public function boot()
{
// Here you may define how you wish users to be authenticated for your Lumen
// application. The callback which receives the incoming request instance
// should return either a User instance or null. You're free to obtain
// the User instance via an API token or any other method necessary.
Auth::viaRequest('api', function (Request $request) {
$authorization_header = explode(' ', $request->header('Authorization'));
if (count($authorization_header) != 2 || strpos($authorization_header[0], 'Bearer')) {
throw new Exception('Authorization header not set or invalid.');
}
$user = User::where('api_token', $authorization_header[1])->first();
if (is_null($user)) {
throw new Exception('Invalid access token.');
}
return $user;
});
// Event Authorization
Gate::define('create-event', function (User $user) {
return $user->hasPermission('create-event');
});
Gate::define('update-event', function (User $user, Event $event) {
return $user->hasPermission('update-event') && $user->id === $event->user_id;
});
Gate::define('delete-event', function (User $user, Event $event) {
return $user->hasPermission('delete-event') && $user->id === $event->user_id;
});
Gate::define('view-event', function (User $user, Event $event) {
return $user->hasPermission('view-event');
});
Gate::define('list-event', function (User $user) {
return $user->hasPermission('list-event');
});
// User Authorization
Gate::define('list-user', function (User $user) {
return $user->hasPermission('list-user');
});
Gate::define('view-user', function (User $user, User $user_check) {
return $user->hasPermission('view-user');
});
// User Location Authorization
Gate::define('list-user-location', function (User $user) {
return $user->hasPermission('list-user-location');
});
Gate::define('update-user-location', function (User $user, User $user_check) {
return $user->hasPermission('update-user-location') && $user->id === $user_check->id;
});
}
/**
* Boot the authentication services for the application.
*
* @return void
*/
public function boot()
{
// Here you may define how you wish users to be authenticated for your Lumen
// application. The callback which receives the incoming request instance
// should return either a User instance or null. You're free to obtain
// the User instance via an API token or any other method necessary.
$user = null;
$this->app['auth']->viaRequest('api', function ($request) {
if ($request->header("AuthToken")) {
$tk = Token::where('api_token', $request->header("AuthToken"))->first();
return User::where('id', $tk->user_id)->first();
}
});
// Authorises the current user for particular requests
Gate::define('getUser', function ($user, $userid) {
// TODO allow user to get users matched with them
return $user->id == $userid;
});
Gate::define('deleteUser', function ($user, $userid) {
// TODO allow user to get users matched with them
return $user->id == $userid;
});
}
public function test_closure_permission_fails()
{
$user = $this->createUser(['name' => 'John Doe']);
$create = new Permission();
$create->name = 'create-post';
$create->label = 'Create Post';
$create->closure = function ($user, $id, $otherParameter) {
return $user->id == $id;
};
$create->save();
// Stub the service provider defined ability.
Gate::define($create->name, $create->closure);
$this->assertTrue($user->can('create-post', [1, 'other-parameter']));
$this->setExpectedException(\ErrorException::class);
// Missing argument three.
$user->can('create-post', [1]);
}
/**
* Register any authentication / authorization services.
*
* @return void
*/
public function boot()
{
$this->registerPolicies();
// admins are gods
Gate::before(function ($user, $ability) {
// if no Laratrust role is configured, nobody is admin
if (!is_string(config('laraboard.user.admin_role'))) {
return false;
}
// ignore for these abilities
if (!in_array($ability, ['laraboard::thread-subscribe', 'laraboard::thread-unsubscribe'])) {
if (!is_null($user) && $user->hasRole(config('laraboard.user.admin_role'))) {
return true;
}
}
});
// reply edit
Gate::define('laraboard::reply-edit', function ($user, $post) {
if ($post->status != 'Open') {
return false;
}
return $user->id === $post->user_id;
});
// reply delete
Gate::define('laraboard::post-delete', function ($user, $post) {
if ($post->status != 'Open') {
return false;
}
return $user->id === $post->user_id;
});
// thread-reply
Gate::define('laraboard::thread-reply', function ($user, $post) {
if (!$post->is_open) {
return false;
}
return \Auth::check();
});
// thread-subscribe
Gate::define('laraboard::thread-subscribe', function ($user, $thread) {
if (\Auth::check()) {
// only if they aren't already subscribed
if (!$user->forumSubscriptions->contains('post_id', $thread->id)) {
return true;
}
}
});
// thread-unsubscribe
Gate::define('laraboard::thread-unsubscribe', function ($user, $thread) {
if (\Auth::check()) {
// only if they aren't already subscribed
if ($user->forumSubscriptions->contains('post_id', $thread->id)) {
return true;
}
}
});
// thread-create
Gate::define('laraboard::thread-create', function ($user, $board) {
if ($board->status != 'Open') {
return false;
}
return \Auth::check();
});
// category-create
Gate::define('laraboard::category-manage', function ($user) {
// only admins
return false;
});
// board-create
Gate::define('laraboard::board-create', function ($user, $board) {
if ($board->status != 'Open') {
return false;
}
// return \Auth::check();
});
// board-edit
Gate::define('laraboard::board-edit', function ($user, $board) {
return false;
});
// forum-create
Gate::define('laraboard::forum-create', function ($user) {
return false;
});
// forum-edit
Gate::define('laraboard::forum-edit', function ($user, $category) {
return false;
});
Gate::define('laraboard::post-edit', function ($user, $post) {
if (!in_array($post->type, ['Post', 'Thread'])) {
return false;
}
if ($user->id == $post->user_id) {
return true;
}
});
}
