diff --git a/app/Http/Controllers/TeamFileController.php b/app/Http/Controllers/TeamFileController.php index 415e696..fe92559 100755 --- a/app/Http/Controllers/TeamFileController.php +++ b/app/Http/Controllers/TeamFileController.php @@ -32,6 +32,8 @@ class TeamFileController extends Controller */ public function index(Request $request) { + $this->authorize('index'); + if (is_null(Auth::user()->currentTeam)) { $request->session()->flash('error', 'Please choose a team before viewing it\'s files.'); @@ -51,6 +53,8 @@ class TeamFileController extends Controller */ public function store(UploadFileRequest $request) { + $this->authorize('store'); + $upload = $request->file('file'); $file = $upload->store('uploads'); @@ -83,6 +87,8 @@ class TeamFileController extends Controller public function download(Request $request, TeamFile $teamFile) { + $this->authorize('download'); + try { return Storage::download($teamFile->fs_location, $teamFile->name); @@ -127,6 +133,7 @@ class TeamFileController extends Controller */ public function destroy(Request $request, TeamFile $teamFile) { + $this->authorize('delete'); try { diff --git a/app/Policies/TeamFilePolicy.php b/app/Policies/TeamFilePolicy.php new file mode 100644 index 0000000..494e34c --- /dev/null +++ b/app/Policies/TeamFilePolicy.php @@ -0,0 +1,42 @@ +hasPermissionTo('teams.files.view'); + } + + public function store(User $user, Team $team) + { + return $user->hasPermissionTo('teams.files.upload') || $user->hasTeam($team); + } + + public function download(User $user) + { + return $user->hasPermissionTo('teams.files.download'); + } + + public function delete(User $user) + { + return $user->hasPermissionTo('teams.files.delete'); + } +} diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php index 74d7a56..5d33795 100755 --- a/app/Providers/AuthServiceProvider.php +++ b/app/Providers/AuthServiceProvider.php @@ -30,11 +30,13 @@ use App\Policies\AppointmentPolicy; use App\Policies\BanPolicy; use App\Policies\FormPolicy; use App\Policies\ProfilePolicy; +use App\Policies\TeamFilePolicy; use App\Policies\TeamPolicy; use App\Policies\UserPolicy; use App\Policies\VacancyPolicy; use App\Policies\VotePolicy; use App\Team; +use App\TeamFile; use App\User; use App\Vacancy; use App\Vote; @@ -58,7 +60,8 @@ class AuthServiceProvider extends ServiceProvider Vote::class => VotePolicy::class, Ban::class => BanPolicy::class, Appointment::class => AppointmentPolicy::class, - Team::class => TeamPolicy::class + Team::class => TeamPolicy::class, + TeamFile::class, TeamFilePolicy::class ]; /**