forked from miguel456/rbrecruiter
Added TeamFile Authorization Policy
This commit is contained in:
parent
7323ffec2b
commit
a206782187
|
@ -32,6 +32,8 @@ class TeamFileController extends Controller
|
|||
*/
|
||||
public function index(Request $request)
|
||||
{
|
||||
$this->authorize('index');
|
||||
|
||||
if (is_null(Auth::user()->currentTeam))
|
||||
{
|
||||
$request->session()->flash('error', 'Please choose a team before viewing it\'s files.');
|
||||
|
@ -51,6 +53,8 @@ class TeamFileController extends Controller
|
|||
*/
|
||||
public function store(UploadFileRequest $request)
|
||||
{
|
||||
$this->authorize('store');
|
||||
|
||||
$upload = $request->file('file');
|
||||
|
||||
$file = $upload->store('uploads');
|
||||
|
@ -83,6 +87,8 @@ class TeamFileController extends Controller
|
|||
|
||||
public function download(Request $request, TeamFile $teamFile)
|
||||
{
|
||||
$this->authorize('download');
|
||||
|
||||
try
|
||||
{
|
||||
return Storage::download($teamFile->fs_location, $teamFile->name);
|
||||
|
@ -127,6 +133,7 @@ class TeamFileController extends Controller
|
|||
*/
|
||||
public function destroy(Request $request, TeamFile $teamFile)
|
||||
{
|
||||
$this->authorize('delete');
|
||||
|
||||
try
|
||||
{
|
||||
|
|
|
@ -0,0 +1,42 @@
|
|||
<?php
|
||||
|
||||
namespace App\Policies;
|
||||
|
||||
use App\Team;
|
||||
use App\User;
|
||||
use Illuminate\Auth\Access\HandlesAuthorization;
|
||||
|
||||
class TeamFilePolicy
|
||||
{
|
||||
use HandlesAuthorization;
|
||||
|
||||
/**
|
||||
* Create a new policy instance.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function __construct()
|
||||
{
|
||||
//
|
||||
}
|
||||
|
||||
public function index(User $user)
|
||||
{
|
||||
return $user->hasPermissionTo('teams.files.view');
|
||||
}
|
||||
|
||||
public function store(User $user, Team $team)
|
||||
{
|
||||
return $user->hasPermissionTo('teams.files.upload') || $user->hasTeam($team);
|
||||
}
|
||||
|
||||
public function download(User $user)
|
||||
{
|
||||
return $user->hasPermissionTo('teams.files.download');
|
||||
}
|
||||
|
||||
public function delete(User $user)
|
||||
{
|
||||
return $user->hasPermissionTo('teams.files.delete');
|
||||
}
|
||||
}
|
|
@ -30,11 +30,13 @@ use App\Policies\AppointmentPolicy;
|
|||
use App\Policies\BanPolicy;
|
||||
use App\Policies\FormPolicy;
|
||||
use App\Policies\ProfilePolicy;
|
||||
use App\Policies\TeamFilePolicy;
|
||||
use App\Policies\TeamPolicy;
|
||||
use App\Policies\UserPolicy;
|
||||
use App\Policies\VacancyPolicy;
|
||||
use App\Policies\VotePolicy;
|
||||
use App\Team;
|
||||
use App\TeamFile;
|
||||
use App\User;
|
||||
use App\Vacancy;
|
||||
use App\Vote;
|
||||
|
@ -58,7 +60,8 @@ class AuthServiceProvider extends ServiceProvider
|
|||
Vote::class => VotePolicy::class,
|
||||
Ban::class => BanPolicy::class,
|
||||
Appointment::class => AppointmentPolicy::class,
|
||||
Team::class => TeamPolicy::class
|
||||
Team::class => TeamPolicy::class,
|
||||
TeamFile::class, TeamFilePolicy::class
|
||||
];
|
||||
|
||||
/**
|
||||
|
|
Loading…
Reference in New Issue