From a206782187d2bcb1ada81677706ed75eacf1d2d4 Mon Sep 17 00:00:00 2001
From: Miguel Nogueira <miguel456@spacejewel-hosting.com>
Date: Tue, 8 Dec 2020 03:09:17 +0000
Subject: [PATCH] Added TeamFile Authorization Policy

---
 app/Http/Controllers/TeamFileController.php |  7 ++++
 app/Policies/TeamFilePolicy.php             | 42 +++++++++++++++++++++
 app/Providers/AuthServiceProvider.php       |  5 ++-
 3 files changed, 53 insertions(+), 1 deletion(-)
 create mode 100644 app/Policies/TeamFilePolicy.php

diff --git a/app/Http/Controllers/TeamFileController.php b/app/Http/Controllers/TeamFileController.php
index 415e696..fe92559 100755
--- a/app/Http/Controllers/TeamFileController.php
+++ b/app/Http/Controllers/TeamFileController.php
@@ -32,6 +32,8 @@ class TeamFileController extends Controller
      */
     public function index(Request $request)
     {
+        $this->authorize('index');
+
         if (is_null(Auth::user()->currentTeam))
         {
             $request->session()->flash('error', 'Please choose a team before viewing it\'s files.');
@@ -51,6 +53,8 @@ class TeamFileController extends Controller
      */
     public function store(UploadFileRequest $request)
     {
+        $this->authorize('store');
+
         $upload = $request->file('file');
 
         $file = $upload->store('uploads');
@@ -83,6 +87,8 @@ class TeamFileController extends Controller
 
     public function download(Request $request, TeamFile $teamFile)
     {
+        $this->authorize('download');
+
         try
         {
             return Storage::download($teamFile->fs_location, $teamFile->name);
@@ -127,6 +133,7 @@ class TeamFileController extends Controller
      */
     public function destroy(Request $request, TeamFile $teamFile)
     {
+        $this->authorize('delete');
 
         try
         {
diff --git a/app/Policies/TeamFilePolicy.php b/app/Policies/TeamFilePolicy.php
new file mode 100644
index 0000000..494e34c
--- /dev/null
+++ b/app/Policies/TeamFilePolicy.php
@@ -0,0 +1,42 @@
+<?php
+
+namespace App\Policies;
+
+use App\Team;
+use App\User;
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+class TeamFilePolicy
+{
+    use HandlesAuthorization;
+
+    /**
+     * Create a new policy instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        //
+    }
+
+    public function index(User $user)
+    {
+        return $user->hasPermissionTo('teams.files.view');
+    }
+
+    public function store(User $user, Team $team)
+    {
+        return $user->hasPermissionTo('teams.files.upload') || $user->hasTeam($team);
+    }
+
+    public function download(User $user)
+    {
+        return $user->hasPermissionTo('teams.files.download');
+    }
+
+    public function delete(User $user)
+    {
+        return $user->hasPermissionTo('teams.files.delete');
+    }
+}
diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php
index 74d7a56..5d33795 100755
--- a/app/Providers/AuthServiceProvider.php
+++ b/app/Providers/AuthServiceProvider.php
@@ -30,11 +30,13 @@ use App\Policies\AppointmentPolicy;
 use App\Policies\BanPolicy;
 use App\Policies\FormPolicy;
 use App\Policies\ProfilePolicy;
+use App\Policies\TeamFilePolicy;
 use App\Policies\TeamPolicy;
 use App\Policies\UserPolicy;
 use App\Policies\VacancyPolicy;
 use App\Policies\VotePolicy;
 use App\Team;
+use App\TeamFile;
 use App\User;
 use App\Vacancy;
 use App\Vote;
@@ -58,7 +60,8 @@ class AuthServiceProvider extends ServiceProvider
         Vote::class => VotePolicy::class,
         Ban::class => BanPolicy::class,
         Appointment::class => AppointmentPolicy::class,
-        Team::class => TeamPolicy::class
+        Team::class => TeamPolicy::class,
+        TeamFile::class, TeamFilePolicy::class
     ];
 
     /**