first commit
This commit is contained in:
Noor E Ilahi
36
app/Scopes/ProjectAccessScope.php
Normal file
36
app/Scopes/ProjectAccessScope.php
Normal file
@@ -0,0 +1,36 @@
|
||||
<?php
|
||||
|
||||
namespace App\Scopes;
|
||||
|
||||
use App\Enums\Role;
|
||||
use App\Exceptions\Entities\AuthorizationException;
|
||||
use Illuminate\Contracts\Database\Query\Builder;
|
||||
use Illuminate\Database\Eloquent\Model;
|
||||
use Illuminate\Database\Eloquent\Scope;
|
||||
use Throwable;
|
||||
|
||||
class ProjectAccessScope implements Scope
|
||||
{
|
||||
/**
|
||||
* @param Builder $builder
|
||||
* @param Model $model
|
||||
* @return Builder
|
||||
* @throws Throwable
|
||||
*/
|
||||
public function apply(Builder $builder, Model $model): Builder
|
||||
{
|
||||
if (app()->runningInConsole()) {
|
||||
return $builder;
|
||||
}
|
||||
|
||||
$user = optional(request())->user();
|
||||
|
||||
throw_unless($user, new AuthorizationException);
|
||||
|
||||
if ($user->hasRole([Role::ADMIN, Role::MANAGER, Role::AUDITOR])) {
|
||||
return $builder;
|
||||
}
|
||||
|
||||
return $builder->whereHas('users', static fn(Builder $query) => $query->where('user_id', $user->id));
|
||||
}
|
||||
}
|
||||
49
app/Scopes/TaskAccessScope.php
Normal file
49
app/Scopes/TaskAccessScope.php
Normal file
@@ -0,0 +1,49 @@
|
||||
<?php
|
||||
|
||||
namespace App\Scopes;
|
||||
|
||||
use App\Exceptions\Entities\AuthorizationException;
|
||||
use App\Enums\Role;
|
||||
use Illuminate\Contracts\Database\Query\Builder;
|
||||
use Illuminate\Database\Eloquent\Model;
|
||||
use Illuminate\Database\Eloquent\Scope;
|
||||
use Throwable;
|
||||
|
||||
class TaskAccessScope implements Scope
|
||||
{
|
||||
/**
|
||||
* @param Builder $builder
|
||||
* @param Model $model
|
||||
* @return Builder
|
||||
* @throws Throwable
|
||||
*/
|
||||
public function apply(Builder $builder, Model $model): Builder
|
||||
{
|
||||
if (app()->runningInConsole()) {
|
||||
return $builder;
|
||||
}
|
||||
|
||||
$user = optional(request())->user();
|
||||
|
||||
throw_unless($user, new AuthorizationException);
|
||||
|
||||
if (!$user || $user->hasRole([Role::ADMIN, Role::MANAGER, Role::AUDITOR])) {
|
||||
return $builder;
|
||||
}
|
||||
|
||||
return $builder
|
||||
// A user with the user project role sees only their own tasks
|
||||
->whereHas('users', static fn(Builder $builder) => $builder->where('id', $user->id))
|
||||
->orWhereHas('project.users', static fn(Builder $builder) => $builder
|
||||
->where('user_id', $user->id)
|
||||
->whereIn(
|
||||
'projects_users.role_id',
|
||||
[
|
||||
Role::MANAGER->value,
|
||||
Role::USER->value,
|
||||
Role::AUDITOR->value,
|
||||
],
|
||||
))
|
||||
->orderBy('created_at', 'desc');
|
||||
}
|
||||
}
|
||||
43
app/Scopes/TimeIntervalAccessScope.php
Normal file
43
app/Scopes/TimeIntervalAccessScope.php
Normal file
@@ -0,0 +1,43 @@
|
||||
<?php
|
||||
|
||||
namespace App\Scopes;
|
||||
|
||||
use App\Enums\Role;
|
||||
use App\Exceptions\Entities\AuthorizationException;
|
||||
use Illuminate\Contracts\Database\Query\Builder;
|
||||
use Illuminate\Database\Eloquent\Model;
|
||||
use Illuminate\Database\Eloquent\Scope;
|
||||
use Throwable;
|
||||
|
||||
class TimeIntervalAccessScope implements Scope
|
||||
{
|
||||
/**
|
||||
* @param Builder $builder
|
||||
* @param Model $model
|
||||
* @return Builder|null
|
||||
* @throws Throwable
|
||||
*/
|
||||
public function apply(Builder $builder, Model $model): ?Builder
|
||||
{
|
||||
if (app()->runningInConsole()) {
|
||||
return $builder;
|
||||
}
|
||||
|
||||
$user = optional(request())->user();
|
||||
|
||||
throw_unless($user, new AuthorizationException);
|
||||
|
||||
if ($user->hasRole([Role::ADMIN, Role::MANAGER, Role::AUDITOR])) {
|
||||
return $builder;
|
||||
}
|
||||
|
||||
return $builder
|
||||
->where('time_intervals.user_id', $user->id)
|
||||
->orWhereHas('task.project.users', static fn(Builder $builder) => $builder
|
||||
->where('projects_users.user_id', $user->id)
|
||||
->where('projects_users.role_id', Role::MANAGER->value))
|
||||
->orWhereHas('task.project.users', static fn(Builder $builder) => $builder
|
||||
->where('projects_users.user_id', $user->id)
|
||||
->where('projects_users.role_id', Role::AUDITOR->value));
|
||||
}
|
||||
}
|
||||
51
app/Scopes/UserAccessScope.php
Normal file
51
app/Scopes/UserAccessScope.php
Normal file
@@ -0,0 +1,51 @@
|
||||
<?php
|
||||
|
||||
namespace App\Scopes;
|
||||
|
||||
use App\Exceptions\Entities\AuthorizationException;
|
||||
use App\Enums\Role;
|
||||
use Illuminate\Contracts\Database\Query\Builder;
|
||||
use Illuminate\Database\Eloquent\Model;
|
||||
use Illuminate\Database\Eloquent\Scope;
|
||||
use Throwable;
|
||||
|
||||
class UserAccessScope implements Scope
|
||||
{
|
||||
/**
|
||||
* @param Builder $builder
|
||||
* @param Model $model
|
||||
* @return Builder|null
|
||||
* @throws Throwable
|
||||
*/
|
||||
public function apply(Builder $builder, Model $model): ?Builder
|
||||
{
|
||||
if (!auth()->hasUser()) {
|
||||
return null;
|
||||
}
|
||||
|
||||
if (app()->runningInConsole()) {
|
||||
return $builder;
|
||||
}
|
||||
|
||||
$user = optional(request())->user();
|
||||
|
||||
throw_unless($user, new AuthorizationException);
|
||||
|
||||
if ($user->hasRole([Role::ADMIN, Role::MANAGER, Role::AUDITOR])) {
|
||||
return $builder;
|
||||
}
|
||||
|
||||
return $builder
|
||||
->where('id', $user->id)
|
||||
->orWhereHas('projectsRelation', static fn(Builder $builder) => $builder
|
||||
->whereIn('project_id', static fn(Builder $builder) => $builder
|
||||
->from('projects_users')
|
||||
->select('project_id')
|
||||
->where(static fn(Builder $builder) => $builder
|
||||
->where('user_id', $user->id)
|
||||
->where('role_id', Role::MANAGER->value))
|
||||
->orWhere(static fn(Builder $builder) => $builder
|
||||
->where('user_id', $user->id)
|
||||
->where('role_id', Role::AUDITOR->value))));
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user