Added Team Authorization Policy
This commit is contained in:
parent
6518ad3447
commit
7323ffec2b
|
@ -44,22 +44,14 @@ class TeamController extends Controller
|
||||||
*/
|
*/
|
||||||
public function index()
|
public function index()
|
||||||
{
|
{
|
||||||
|
$this->authorize('index');
|
||||||
|
|
||||||
$teams = Team::with('users.roles')->get();
|
$teams = Team::with('users.roles')->get();
|
||||||
|
|
||||||
return view('dashboard.teams.teams')
|
return view('dashboard.teams.teams')
|
||||||
->with('teams', $teams);
|
->with('teams', $teams);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Show the form for creating a new resource.
|
|
||||||
*
|
|
||||||
* @return \Illuminate\Http\Response
|
|
||||||
*/
|
|
||||||
public function create()
|
|
||||||
{
|
|
||||||
//
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Store a newly created resource in storage.
|
* Store a newly created resource in storage.
|
||||||
*
|
*
|
||||||
|
@ -68,6 +60,8 @@ class TeamController extends Controller
|
||||||
*/
|
*/
|
||||||
public function store(NewTeamRequest $request)
|
public function store(NewTeamRequest $request)
|
||||||
{
|
{
|
||||||
|
$this->authorize('create');
|
||||||
|
|
||||||
$team = Team::create([
|
$team = Team::create([
|
||||||
'name' => $request->teamName,
|
'name' => $request->teamName,
|
||||||
'owner_id' => Auth::user()->id,
|
'owner_id' => Auth::user()->id,
|
||||||
|
@ -80,17 +74,6 @@ class TeamController extends Controller
|
||||||
return redirect()->back();
|
return redirect()->back();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Display the specified resource.
|
|
||||||
*
|
|
||||||
* @param int $id
|
|
||||||
* @return \Illuminate\Http\Response
|
|
||||||
*/
|
|
||||||
public function show($id)
|
|
||||||
{
|
|
||||||
//
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Show the form for editing the specified resource.
|
* Show the form for editing the specified resource.
|
||||||
*
|
*
|
||||||
|
@ -99,6 +82,8 @@ class TeamController extends Controller
|
||||||
*/
|
*/
|
||||||
public function edit(Team $team)
|
public function edit(Team $team)
|
||||||
{
|
{
|
||||||
|
$this->authorize('update', $team);
|
||||||
|
|
||||||
return view('dashboard.teams.edit-team')
|
return view('dashboard.teams.edit-team')
|
||||||
->with('team', $team)
|
->with('team', $team)
|
||||||
->with('users', User::all())
|
->with('users', User::all())
|
||||||
|
@ -114,6 +99,9 @@ class TeamController extends Controller
|
||||||
*/
|
*/
|
||||||
public function update(EditTeamRequest $request, Team $team)
|
public function update(EditTeamRequest $request, Team $team)
|
||||||
{
|
{
|
||||||
|
$this->authorize('update', $team);
|
||||||
|
|
||||||
|
|
||||||
$team->description = $request->teamDescription;
|
$team->description = $request->teamDescription;
|
||||||
$team->openJoin = $request->joinType;
|
$team->openJoin = $request->joinType;
|
||||||
|
|
||||||
|
@ -137,6 +125,8 @@ class TeamController extends Controller
|
||||||
|
|
||||||
public function invite(SendInviteRequest $request, Team $team)
|
public function invite(SendInviteRequest $request, Team $team)
|
||||||
{
|
{
|
||||||
|
$this->authorize('invite', $team);
|
||||||
|
|
||||||
$user = User::findOrFail($request->user);
|
$user = User::findOrFail($request->user);
|
||||||
|
|
||||||
if (! $team->openJoin) {
|
if (! $team->openJoin) {
|
||||||
|
@ -196,6 +186,8 @@ class TeamController extends Controller
|
||||||
|
|
||||||
public function switchTeam(Request $request, Team $team)
|
public function switchTeam(Request $request, Team $team)
|
||||||
{
|
{
|
||||||
|
$this->authorize('switchTeam', $team);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
Auth::user()->switchTeam($team);
|
Auth::user()->switchTeam($team);
|
||||||
|
|
||||||
|
@ -210,6 +202,8 @@ class TeamController extends Controller
|
||||||
// Since it's a separate form, we shouldn't use the same update method
|
// Since it's a separate form, we shouldn't use the same update method
|
||||||
public function assignVacancies(Request $request, Team $team)
|
public function assignVacancies(Request $request, Team $team)
|
||||||
{
|
{
|
||||||
|
$this->authorize('update', $team);
|
||||||
|
|
||||||
// P.S. To future developers
|
// P.S. To future developers
|
||||||
// This method gave me a lot of trouble lol. It's hard to write code when you're half asleep.
|
// This method gave me a lot of trouble lol. It's hard to write code when you're half asleep.
|
||||||
// There may be an n+1 query in the view and I don't think there's a way to avoid that without writing a lot of extra code.
|
// There may be an n+1 query in the view and I don't think there's a way to avoid that without writing a lot of extra code.
|
||||||
|
|
|
@ -0,0 +1,56 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace App\Policies;
|
||||||
|
|
||||||
|
use App\Team;
|
||||||
|
use App\User;
|
||||||
|
use Illuminate\Auth\Access\HandlesAuthorization;
|
||||||
|
|
||||||
|
class TeamPolicy
|
||||||
|
{
|
||||||
|
use HandlesAuthorization;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create a new policy instance.
|
||||||
|
*
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function __construct()
|
||||||
|
{
|
||||||
|
//
|
||||||
|
}
|
||||||
|
|
||||||
|
public function index(User $user)
|
||||||
|
{
|
||||||
|
return $user->hasPermissionTo('teams.view');
|
||||||
|
}
|
||||||
|
|
||||||
|
public function create(User $user)
|
||||||
|
{
|
||||||
|
return $user->hasPermissionTo('teams.create');
|
||||||
|
}
|
||||||
|
|
||||||
|
public function update(User $user, Team $team)
|
||||||
|
{
|
||||||
|
// Team owners can update their team regardless of perm.
|
||||||
|
// This perm would let admins change all teams
|
||||||
|
return $user->isOwnerOfTeam($team) || $user->hasPermissionTo('teams.update');
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public function invite(User $user, Team $team)
|
||||||
|
{
|
||||||
|
if (!$team->openJoin && $user->isOwnerOfTeam($team) || !$team->openJoin && $user->hasPermissionTo('teams.invite'))
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function switchTeam(User $user, Team $team): bool
|
||||||
|
{
|
||||||
|
// is the user in the team they're trying to switch to?
|
||||||
|
return $user->hasTeam($team);
|
||||||
|
}
|
||||||
|
}
|
|
@ -30,9 +30,11 @@ use App\Policies\AppointmentPolicy;
|
||||||
use App\Policies\BanPolicy;
|
use App\Policies\BanPolicy;
|
||||||
use App\Policies\FormPolicy;
|
use App\Policies\FormPolicy;
|
||||||
use App\Policies\ProfilePolicy;
|
use App\Policies\ProfilePolicy;
|
||||||
|
use App\Policies\TeamPolicy;
|
||||||
use App\Policies\UserPolicy;
|
use App\Policies\UserPolicy;
|
||||||
use App\Policies\VacancyPolicy;
|
use App\Policies\VacancyPolicy;
|
||||||
use App\Policies\VotePolicy;
|
use App\Policies\VotePolicy;
|
||||||
|
use App\Team;
|
||||||
use App\User;
|
use App\User;
|
||||||
use App\Vacancy;
|
use App\Vacancy;
|
||||||
use App\Vote;
|
use App\Vote;
|
||||||
|
@ -56,6 +58,7 @@ class AuthServiceProvider extends ServiceProvider
|
||||||
Vote::class => VotePolicy::class,
|
Vote::class => VotePolicy::class,
|
||||||
Ban::class => BanPolicy::class,
|
Ban::class => BanPolicy::class,
|
||||||
Appointment::class => AppointmentPolicy::class,
|
Appointment::class => AppointmentPolicy::class,
|
||||||
|
Team::class => TeamPolicy::class
|
||||||
];
|
];
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
15
app/User.php
15
app/User.php
|
@ -109,6 +109,21 @@ class User extends Authenticatable implements MustVerifyEmail
|
||||||
return ! is_null($this->twofa_secret);
|
return ! is_null($this->twofa_secret);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function hasTeam($team): bool
|
||||||
|
{
|
||||||
|
if ($team instanceof Team || is_int($team))
|
||||||
|
{
|
||||||
|
return $this->teams->contains($team);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* In PHP 8, we can just use union types and let PHP enforce this for us.
|
||||||
|
*/
|
||||||
|
throw new \InvalidArgumentException('Please pass either a Team object or an integer identifying a Team.');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public function routeNotificationForSlack($notification)
|
public function routeNotificationForSlack($notification)
|
||||||
{
|
{
|
||||||
return config('slack.webhook.integrationURL');
|
return config('slack.webhook.integrationURL');
|
||||||
|
|
|
@ -35,6 +35,7 @@ use App\Http\Controllers\TeamFileController;
|
||||||
use App\Http\Controllers\UserController;
|
use App\Http\Controllers\UserController;
|
||||||
use App\Http\Controllers\VacancyController;
|
use App\Http\Controllers\VacancyController;
|
||||||
use App\Http\Controllers\VoteController;
|
use App\Http\Controllers\VoteController;
|
||||||
|
use App\Http\Controllers\OptionsController;
|
||||||
use Illuminate\Support\Facades\Route;
|
use Illuminate\Support\Facades\Route;
|
||||||
use Mcamara\LaravelLocalization\Facades\LaravelLocalization;
|
use Mcamara\LaravelLocalization\Facades\LaravelLocalization;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue