Defined new gates

Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe
2025-07-17 20:12:10 +01:00
parent 0fe49e04bf
commit d9a5452388
+46
View File
@@ -108,6 +108,8 @@ class AuthServiceProvider extends ServiceProvider
});
/**
* GENERAL GATES
*
@@ -115,6 +117,49 @@ class AuthServiceProvider extends ServiceProvider
* use in our controllers to determine if a user has access to a certain area.
*/
Gate::define('editCurrentUser', function ($user, $item) {
if ($item instanceof User) {
if ($item) {
// if they can only edit users, deny them if the user is admin or superadmin
if ($user->hasAccess('users.edit')) {
\Log::debug('User can edit users');
if ($item->isAdmin() || $item->isSuperUser()) {
\Log::debug('User cannot edit admins or superusers');
return false;
}
return true;
}
// if they are an admin, deny them only if the user is a superadmin
if ($user->hasAccess('admin')) {
\Log::debug('User is an admin');
if ($item->isSuperUser()) {
\Log::debug('User cannot edit superuser');
return false;
}
return true;
}
}
}
});
/**
* Define the demo mode gate so we have an easy way to use @can and Gate::allows()
*/
Gate::define('editableOnDemo', function () {
if (config('app.lock_passwords')) {
\Log::debug('We are in demo mode');
return false;
}
return true;
});
Gate::define('admin', function ($user) {
if ($user->hasAccess('admin')) {
return true;
@@ -249,5 +294,6 @@ class AuthServiceProvider extends ServiceProvider
return $user->canEditProfile();
});
}
}