52 lines
1.5 KiB
PHP
52 lines
1.5 KiB
PHP
<?php
|
|
|
|
namespace App\Scopes;
|
|
|
|
use App\Exceptions\Entities\AuthorizationException;
|
|
use App\Enums\Role;
|
|
use Illuminate\Contracts\Database\Query\Builder;
|
|
use Illuminate\Database\Eloquent\Model;
|
|
use Illuminate\Database\Eloquent\Scope;
|
|
use Throwable;
|
|
|
|
class UserAccessScope implements Scope
|
|
{
|
|
/**
|
|
* @param Builder $builder
|
|
* @param Model $model
|
|
* @return Builder|null
|
|
* @throws Throwable
|
|
*/
|
|
public function apply(Builder $builder, Model $model): ?Builder
|
|
{
|
|
if (!auth()->hasUser()) {
|
|
return null;
|
|
}
|
|
|
|
if (app()->runningInConsole()) {
|
|
return $builder;
|
|
}
|
|
|
|
$user = optional(request())->user();
|
|
|
|
throw_unless($user, new AuthorizationException);
|
|
|
|
if ($user->hasRole([Role::ADMIN, Role::MANAGER, Role::AUDITOR])) {
|
|
return $builder;
|
|
}
|
|
|
|
return $builder
|
|
->where('id', $user->id)
|
|
->orWhereHas('projectsRelation', static fn(Builder $builder) => $builder
|
|
->whereIn('project_id', static fn(Builder $builder) => $builder
|
|
->from('projects_users')
|
|
->select('project_id')
|
|
->where(static fn(Builder $builder) => $builder
|
|
->where('user_id', $user->id)
|
|
->where('role_id', Role::MANAGER->value))
|
|
->orWhere(static fn(Builder $builder) => $builder
|
|
->where('user_id', $user->id)
|
|
->where('role_id', Role::AUDITOR->value))));
|
|
}
|
|
}
|