/** * Get list of all permissions that user has * * @param Roleable|null $resource * * @return array */ public function getPermissions(Roleable $resource = null) { // if user is not logged we will assign to it guest role $userRoles = $resource ? (array) $resource->getRoles() : [$this->config->get('authorize.guest_role_name')]; $permissions = []; foreach ($userRoles as $userRole) { $permissions = array_merge($permissions, $this->getPermissionsForRole($userRole)); } return array_values(array_unique($permissions)); }
/** * Base authorization verification method. In case non-null value is * returned this will indicate whether user has (or not) access for given * resource * * @param Roleable|null $user * @param string $ability * * @return bool|null * @throws \Exception */ public function before(Roleable $user = null, $ability) { // for super roles we will always allow everything no matter what // specific permissions are defined later $superRoles = $this->getSuperRoles(); if ($superRoles && $user && $user->hasRole($superRoles)) { return true; } // verify if user has permission for this group and this ability $can = $this->permService->can($user, $this->getPermissionName($ability)); // if user has no permission for this action, we don't need to do // anything more - user won't be able do run this action if (!$can) { return false; } // if he has and no custom rule defined for this ability, we assume // that user has permission for this action if (!$this->hasCustomAbilityRule($ability)) { return true; } // otherwise if user has this permission but custom rule is defined // we will go into this custom rule to verify it in details return null; }