policies in nafiesl/free-pmo

app/Providers/AuthServiceProvider.php

use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;

class AuthServiceProvider extends ServiceProvider
{
    protected $policies = [
        //
        'App\Entities\Projects\Project'  => 'App\Policies\Projects\ProjectPolicy',
        //
    ];
    //
}

app/Policies/Projects/ProjectPolicy.php

Open in GitHub

use App\Entities\Projects\Project;
use App\Entities\Users\User;
use Illuminate\Auth\Access\HandlesAuthorization;

class ProjectPolicy
{
    use HandlesAuthorization;

    public function view(User $user, Project $project)
    {
        return $user->hasRole('admin')
            || ($user->hasRole('worker') && $user->projects->contains($project->id));
    }

    public function create(User $user, Project $project)
    {
        return $user->hasRole('admin');
    }

    public function update(User $user, Project $project)
    {
        return $user->hasRole('admin');
    }

    public function delete(User $user, Project $project)
    {
        return $user->hasRole('admin');
    }
    //
}

app/Http/Controllers/Projects/ProjectsController.php

Open in GitHub

use App\Entities\Projects\Project;
use App\Entities\Projects\ProjectsRepository;
use App\Http\Controllers\Controller;
use App\Http\Requests\Projects\CreateRequest;
use App\Http\Requests\Projects\UpdateRequest;
use Illuminate\Http\Request;

class ProjectsController extends Controller
{
    //
    public function create()
    {
        $this->authorize('create', new Project());

        $customers = $this->repo->getCustomersList();

        return view('projects.create', compact('customers'));
    }

    public function store(CreateRequest $request)
    {
        $this->authorize('create', new Project());

        $project = $this->repo->create($request->except('_token'));
        flash(__('project.created'), 'success');

        return redirect()->route('projects.show', $project);
    }

    public function show(Project $project)
    {
        $this->authorize('view', $project);

        return view('projects.show', compact('project'));
    }

    public function edit(Project $project)
    {
        $this->authorize('update', $project);

        $customers = $this->repo->getCustomersList();

        return view('projects.edit', compact('project', 'customers'));
    }

    public function update(UpdateRequest $request, Project $project)
    {
        $this->authorize('update', $project);

        $project = $this->repo->update($request->validated(), $project->id);
        flash(__('project.updated'), 'success');

        return redirect()->route('projects.edit', $project);
    }

    public function delete(Project $project)
    {
        $this->authorize('delete', $project);

        return view('projects.delete', compact('project'));
    }

    public function destroy(Project $project)
    {
        $this->authorize('delete', $project);

        if ($project->id == request('project_id')) {
            $this->repo->delete($project->id);
            flash(__('project.deleted'), 'success');
        } else {
            flash(__('project.undeleted'), 'danger');
        }

        return redirect()->route('projects.index');
    }
    //
}

nafiesl/free-pmo

app/Providers/AuthServiceProvider.php

app/Policies/Projects/ProjectPolicy.php

app/Http/Controllers/Projects/ProjectsController.php

Additional resources on policies:

Laravel Roles and Permissions: All CORE Things You Need To Know

How To Use Laravel Gates And Policies?

Policy Usage: Adding more policies