65 lines
2.3 KiB
PHP
65 lines
2.3 KiB
PHP
<?php
|
|
|
|
namespace App\Providers;
|
|
|
|
use App\Models\PlatformUser;
|
|
use App\Models\ProviderConnection;
|
|
use App\Models\Tenant;
|
|
use App\Models\User;
|
|
use App\Models\Workspace;
|
|
use App\Models\WorkspaceMembership;
|
|
use App\Policies\ProviderConnectionPolicy;
|
|
use App\Policies\WorkspaceMembershipPolicy;
|
|
use App\Policies\WorkspacePolicy;
|
|
use App\Services\Auth\CapabilityResolver;
|
|
use App\Services\Auth\WorkspaceCapabilityResolver;
|
|
use App\Support\Auth\Capabilities;
|
|
use App\Support\Auth\PlatformCapabilities;
|
|
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
|
|
use Illuminate\Support\Facades\Gate;
|
|
|
|
class AuthServiceProvider extends ServiceProvider
|
|
{
|
|
protected $policies = [
|
|
ProviderConnection::class => ProviderConnectionPolicy::class,
|
|
Workspace::class => WorkspacePolicy::class,
|
|
WorkspaceMembership::class => WorkspaceMembershipPolicy::class,
|
|
];
|
|
|
|
public function boot(): void
|
|
{
|
|
$this->registerPolicies();
|
|
|
|
$tenantResolver = app(CapabilityResolver::class);
|
|
$workspaceResolver = app(WorkspaceCapabilityResolver::class);
|
|
|
|
$defineWorkspaceCapability = function (string $capability) use ($workspaceResolver): void {
|
|
Gate::define($capability, function (User $user, Workspace $workspace) use ($workspaceResolver, $capability): bool {
|
|
return $workspaceResolver->can($user, $workspace, $capability);
|
|
});
|
|
};
|
|
|
|
$defineTenantCapability = function (string $capability) use ($tenantResolver): void {
|
|
Gate::define($capability, function (User $user, Tenant $tenant) use ($tenantResolver, $capability): bool {
|
|
return $tenantResolver->can($user, $tenant, $capability);
|
|
});
|
|
};
|
|
|
|
foreach (Capabilities::all() as $capability) {
|
|
if (str_starts_with($capability, 'workspace.') || str_starts_with($capability, 'workspace_membership.')) {
|
|
$defineWorkspaceCapability($capability);
|
|
|
|
continue;
|
|
}
|
|
|
|
$defineTenantCapability($capability);
|
|
}
|
|
|
|
foreach (PlatformCapabilities::all() as $capability) {
|
|
Gate::define($capability, function (PlatformUser $user) use ($capability): bool {
|
|
return $user->hasCapability($capability);
|
|
});
|
|
}
|
|
}
|
|
}
|