35 lines
1.0 KiB
PHP
35 lines
1.0 KiB
PHP
<?php
|
|
|
|
namespace App\Policies;
|
|
|
|
use App\Invitation;
|
|
use App\User;
|
|
use Illuminate\Auth\Access\HandlesAuthorization;
|
|
use Illuminate\Auth\Access\Response;
|
|
|
|
class InvitationPolicy
|
|
{
|
|
use HandlesAuthorization;
|
|
|
|
public function viewAny(User $user): Response
|
|
{
|
|
return $user->can('admin.manageInvitations') ? Response::allow() : Response::deny(__('You do not have permission to view invitation requests.'));
|
|
}
|
|
|
|
public function create(?User $user): Response
|
|
{
|
|
if (is_null($user)) {
|
|
return Response::allow();
|
|
}
|
|
|
|
return $user->can('admin.manageInvitations') ? Response::allow() : Response::deny(__('You do not have permission to request privileged invitations.'));
|
|
}
|
|
|
|
public function update(User $user, Invitation $invitation): Response
|
|
{
|
|
return $user->can('admin.manageInvitations') ? Response::allow() : Response::deny(__('You do not have permission to update invitations.'));
|
|
}
|
|
|
|
// no delete policy; cleanup is handled by jobs, no users can delete directly
|
|
}
|