Added TeamFile Authorization Policy

This commit is contained in:
Miguel Nogueira 2020-12-08 03:09:17 +00:00
parent 7323ffec2b
commit a206782187
Signed by untrusted user: miguel456
GPG Key ID: 2CF61B825316C6A0
3 changed files with 53 additions and 1 deletions

View File

@ -32,6 +32,8 @@ class TeamFileController extends Controller
*/
public function index(Request $request)
{
$this->authorize('index');
if (is_null(Auth::user()->currentTeam))
{
$request->session()->flash('error', 'Please choose a team before viewing it\'s files.');
@ -51,6 +53,8 @@ class TeamFileController extends Controller
*/
public function store(UploadFileRequest $request)
{
$this->authorize('store');
$upload = $request->file('file');
$file = $upload->store('uploads');
@ -83,6 +87,8 @@ class TeamFileController extends Controller
public function download(Request $request, TeamFile $teamFile)
{
$this->authorize('download');
try
{
return Storage::download($teamFile->fs_location, $teamFile->name);
@ -127,6 +133,7 @@ class TeamFileController extends Controller
*/
public function destroy(Request $request, TeamFile $teamFile)
{
$this->authorize('delete');
try
{

View File

@ -0,0 +1,42 @@
<?php
namespace App\Policies;
use App\Team;
use App\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class TeamFilePolicy
{
use HandlesAuthorization;
/**
* Create a new policy instance.
*
* @return void
*/
public function __construct()
{
//
}
public function index(User $user)
{
return $user->hasPermissionTo('teams.files.view');
}
public function store(User $user, Team $team)
{
return $user->hasPermissionTo('teams.files.upload') || $user->hasTeam($team);
}
public function download(User $user)
{
return $user->hasPermissionTo('teams.files.download');
}
public function delete(User $user)
{
return $user->hasPermissionTo('teams.files.delete');
}
}

View File

@ -30,11 +30,13 @@ use App\Policies\AppointmentPolicy;
use App\Policies\BanPolicy;
use App\Policies\FormPolicy;
use App\Policies\ProfilePolicy;
use App\Policies\TeamFilePolicy;
use App\Policies\TeamPolicy;
use App\Policies\UserPolicy;
use App\Policies\VacancyPolicy;
use App\Policies\VotePolicy;
use App\Team;
use App\TeamFile;
use App\User;
use App\Vacancy;
use App\Vote;
@ -58,7 +60,8 @@ class AuthServiceProvider extends ServiceProvider
Vote::class => VotePolicy::class,
Ban::class => BanPolicy::class,
Appointment::class => AppointmentPolicy::class,
Team::class => TeamPolicy::class
Team::class => TeamPolicy::class,
TeamFile::class, TeamFilePolicy::class
];
/**