62 lines
1.7 KiB
PHP
62 lines
1.7 KiB
PHP
<?php
|
|
|
|
namespace App\Providers;
|
|
|
|
use App\Services\Holding\ContextAssignmentService;
|
|
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
|
|
use Illuminate\Support\Facades\Gate;
|
|
|
|
class AuthServiceProvider extends ServiceProvider
|
|
{
|
|
/**
|
|
* The policy mappings for the application.
|
|
*
|
|
* @var array
|
|
*/
|
|
protected $policies = [
|
|
'App\Model' => 'App\Policies\ModelPolicy',
|
|
];
|
|
|
|
/**
|
|
* Register any authentication / authorization services.
|
|
*
|
|
* @return void
|
|
*/
|
|
public function boot()
|
|
{
|
|
$this->registerPolicies();
|
|
|
|
Gate::before(function ($user, $ability) {
|
|
if (in_array($ability, ['backup', 'superadmin',
|
|
'manage_modules', ])) {
|
|
$administrator_list = config('constants.administrator_usernames');
|
|
|
|
if (in_array(strtolower($user->username), explode(',', strtolower($administrator_list)))) {
|
|
return true;
|
|
}
|
|
} else {
|
|
if ($user->hasRole('Admin#'.$user->business_id)) {
|
|
return true;
|
|
}
|
|
}
|
|
});
|
|
|
|
Gate::define('holding.context.access', function ($user, $entityId = null) {
|
|
if (! config('constants.enable_holding_context_rbac')) {
|
|
return true;
|
|
}
|
|
|
|
$assignment = app(ContextAssignmentService::class)->getActiveAssignment($user);
|
|
if (empty($assignment)) {
|
|
return false;
|
|
}
|
|
|
|
if (empty($entityId)) {
|
|
return true;
|
|
}
|
|
|
|
return (int) $assignment->entity_id === (int) $entityId;
|
|
});
|
|
}
|
|
}
|