Add user directory & isolate authorisation

app/Policies/ApplicationPolicy.php

@@ -21,6 +21,16 @@ class ApplicationPolicy
         //
     }
 
+    public function viewAny(User $user)
+    {
+      if ($user->can('applications.view.all'))
+      {
+        return Response::allow();
+      }
+
+      return Response::deny('Forbidden');
+    }
+
     public function view(User $user, Application $application)
     {
        if ($user->is($application->user) && $user->can('applications.view.own') || $user->can('applications.view.all'))
@@ -30,4 +40,9 @@ class ApplicationPolicy
 
        return Response::deny('You are not authorised to view this application');
     }
+
+    public function update(User $user)
+    {
+        return $user->hasAnyRole('admin', 'hiringManager');
+    }
 }