diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php index 899df2ef14..cf2f97e974 100644 --- a/app/Providers/AuthServiceProvider.php +++ b/app/Providers/AuthServiceProvider.php @@ -108,6 +108,8 @@ class AuthServiceProvider extends ServiceProvider }); + + /** * GENERAL GATES * @@ -115,6 +117,49 @@ class AuthServiceProvider extends ServiceProvider * use in our controllers to determine if a user has access to a certain area. */ + Gate::define('editCurrentUser', function ($user, $item) { + + if ($item instanceof User) { + if ($item) { + + // if they can only edit users, deny them if the user is admin or superadmin + if ($user->hasAccess('users.edit')) { + \Log::debug('User can edit users'); + if ($item->isAdmin() || $item->isSuperUser()) { + \Log::debug('User cannot edit admins or superusers'); + return false; + } + + return true; + } + + // if they are an admin, deny them only if the user is a superadmin + if ($user->hasAccess('admin')) { + \Log::debug('User is an admin'); + if ($item->isSuperUser()) { + \Log::debug('User cannot edit superuser'); + return false; + } + + return true; + } + + } + } + }); + + + /** + * Define the demo mode gate so we have an easy way to use @can and Gate::allows() + */ + Gate::define('editableOnDemo', function () { + if (config('app.lock_passwords')) { + \Log::debug('We are in demo mode'); + return false; + } + return true; + }); + Gate::define('admin', function ($user) { if ($user->hasAccess('admin')) { return true; @@ -249,5 +294,6 @@ class AuthServiceProvider extends ServiceProvider return $user->canEditProfile(); }); + } }