Added TeamFile Authorization Policy

This commit is contained in:
Miguel Nogueira 2020-12-08 03:09:17 +00:00
parent 7323ffec2b
commit a206782187
Signed by untrusted user: miguel456
GPG Key ID: 2CF61B825316C6A0
3 changed files with 53 additions and 1 deletions

View File

@ -32,6 +32,8 @@ class TeamFileController extends Controller
*/ */
public function index(Request $request) public function index(Request $request)
{ {
$this->authorize('index');
if (is_null(Auth::user()->currentTeam)) if (is_null(Auth::user()->currentTeam))
{ {
$request->session()->flash('error', 'Please choose a team before viewing it\'s files.'); $request->session()->flash('error', 'Please choose a team before viewing it\'s files.');
@ -51,6 +53,8 @@ class TeamFileController extends Controller
*/ */
public function store(UploadFileRequest $request) public function store(UploadFileRequest $request)
{ {
$this->authorize('store');
$upload = $request->file('file'); $upload = $request->file('file');
$file = $upload->store('uploads'); $file = $upload->store('uploads');
@ -83,6 +87,8 @@ class TeamFileController extends Controller
public function download(Request $request, TeamFile $teamFile) public function download(Request $request, TeamFile $teamFile)
{ {
$this->authorize('download');
try try
{ {
return Storage::download($teamFile->fs_location, $teamFile->name); return Storage::download($teamFile->fs_location, $teamFile->name);
@ -127,6 +133,7 @@ class TeamFileController extends Controller
*/ */
public function destroy(Request $request, TeamFile $teamFile) public function destroy(Request $request, TeamFile $teamFile)
{ {
$this->authorize('delete');
try try
{ {

View File

@ -0,0 +1,42 @@
<?php
namespace App\Policies;
use App\Team;
use App\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class TeamFilePolicy
{
use HandlesAuthorization;
/**
* Create a new policy instance.
*
* @return void
*/
public function __construct()
{
//
}
public function index(User $user)
{
return $user->hasPermissionTo('teams.files.view');
}
public function store(User $user, Team $team)
{
return $user->hasPermissionTo('teams.files.upload') || $user->hasTeam($team);
}
public function download(User $user)
{
return $user->hasPermissionTo('teams.files.download');
}
public function delete(User $user)
{
return $user->hasPermissionTo('teams.files.delete');
}
}

View File

@ -30,11 +30,13 @@ use App\Policies\AppointmentPolicy;
use App\Policies\BanPolicy; use App\Policies\BanPolicy;
use App\Policies\FormPolicy; use App\Policies\FormPolicy;
use App\Policies\ProfilePolicy; use App\Policies\ProfilePolicy;
use App\Policies\TeamFilePolicy;
use App\Policies\TeamPolicy; use App\Policies\TeamPolicy;
use App\Policies\UserPolicy; use App\Policies\UserPolicy;
use App\Policies\VacancyPolicy; use App\Policies\VacancyPolicy;
use App\Policies\VotePolicy; use App\Policies\VotePolicy;
use App\Team; use App\Team;
use App\TeamFile;
use App\User; use App\User;
use App\Vacancy; use App\Vacancy;
use App\Vote; use App\Vote;
@ -58,7 +60,8 @@ class AuthServiceProvider extends ServiceProvider
Vote::class => VotePolicy::class, Vote::class => VotePolicy::class,
Ban::class => BanPolicy::class, Ban::class => BanPolicy::class,
Appointment::class => AppointmentPolicy::class, Appointment::class => AppointmentPolicy::class,
Team::class => TeamPolicy::class Team::class => TeamPolicy::class,
TeamFile::class, TeamFilePolicy::class
]; ];
/** /**