feat: refactor user permissions to use UserPermission enum and add la…

…bel method for UserRole
dfo-osdt · Nov 20, 2024 · 1b99b5c · 1b99b5c
1 parent 1b9f8e7
commit 1b99b5c
Show file tree

Hide file tree

Showing 9 changed files with 26 additions and 9 deletions.
diff --git a/app/Enums/Permissions/UserRole.php b/app/Enums/Permissions/UserRole.php
@@ -34,4 +34,13 @@ public function permissions(): array
             ],
         };
     }
+
+    public function label(): string
+    {
+        return match($this) {
+            self::AUTHOR => 'Author',
+            self::DIRECTOR => 'Director',
+            self::ADMIN => 'Admin',
+        };
+    }
 }
diff --git a/app/Models/User.php b/app/Models/User.php
@@ -2,6 +2,7 @@
 
 namespace App\Models;
 
+use App\Enums\Permissions\UserPermission;
 use App\Notifications\Authentication\PasswordResetNotification;
 use Filament\Models\Contracts\FilamentUser;
 use Filament\Models\Contracts\HasName;
@@ -206,7 +207,7 @@ public function markEmailAsVerified(): bool
      */
     public function canAccessPanel(Panel $panel): bool
     {
-        return $this->can('view_librarium');
+        return $this->can(UserPermission::VIEW_LIBRARIUM);
     }
 
     /**

diff --git a/app/Policies/AuthorEmploymentPolicy.php b/app/Policies/AuthorEmploymentPolicy.php
@@ -2,6 +2,7 @@
 
 namespace App\Policies;
 
+use App\Enums\Permissions\UserPermission;
 use App\Models\Author;
 use App\Models\AuthorEmployment;
 use App\Models\User;
@@ -33,7 +34,7 @@ public function create(User $user, Author $author): bool
             return false;
         }
 
-        return $user->can('create_author_employments');
+        return $user->can(UserPermission::CREATE_AUTHOR_EMPLOYMENTS);
     }
 
     /**

diff --git a/app/Policies/AuthorPolicy.php b/app/Policies/AuthorPolicy.php
@@ -2,6 +2,7 @@
 
 namespace App\Policies;
 
+use App\Enums\Permissions\UserPermission;
 use App\Models\Author;
 use App\Models\User;
 use Illuminate\Auth\Access\HandlesAuthorization;
@@ -49,7 +50,7 @@ public function update(User $user, Author $author)
     {
         // this record isn't associated with a user,
         // and user can update authors.
-        if ($author->user_id === null && $user->can('update_authors')) {
+        if ($author->user_id === null && $user->can(UserPermission::UPDATE_AUTHORS)) {
             return true;
         }
 

diff --git a/app/Policies/ManuscriptRecordPolicy.php b/app/Policies/ManuscriptRecordPolicy.php
@@ -3,6 +3,7 @@
 namespace App\Policies;
 
 use App\Enums\ManuscriptRecordStatus;
+use App\Enums\Permissions\UserPermission;
 use App\Models\ManuscriptRecord;
 use App\Models\User;
 use Illuminate\Auth\Access\HandlesAuthorization;
@@ -59,7 +60,7 @@ public function view(User $user, ManuscriptRecord $manuscriptRecord)
      */
     public function create(User $user)
     {
-        return $user->can('create_manuscript_records');
+        return $user->can(UserPermission::CREATE_MANUSCRIPT_RECORDS);
     }
 
     /**

diff --git a/app/Policies/PublicationPolicy.php b/app/Policies/PublicationPolicy.php
@@ -2,6 +2,7 @@
 
 namespace App\Policies;
 
+use App\Enums\Permissions\UserPermission;
 use App\Enums\PublicationStatus;
 use App\Models\Publication;
 use App\Models\User;
@@ -82,7 +83,7 @@ public function viewPdf(User $user, Publication $publication)
      */
     public function create(User $user)
     {
-        return $user->can('create_publications');
+        return $user->can(UserPermission::CREATE_PUBLICATIONS);
     }
 
     /**

diff --git a/app/Policies/UserPolicy.php b/app/Policies/UserPolicy.php
@@ -2,6 +2,7 @@
 
 namespace App\Policies;
 
+use App\Enums\Permissions\UserPermission;
 use App\Models\User;
 use Illuminate\Auth\Access\HandlesAuthorization;
 
@@ -16,7 +17,7 @@ class UserPolicy
      */
     public function viewAny(User $user)
     {
-        return $user->can('view_any_users');
+        return $user->can(UserPermission::VIEW_ANY_USERS);
     }
 
     /**
@@ -49,7 +50,7 @@ public function create(User $user)
     public function update(User $user, User $model)
     {
 
-        if ($user->can('administer_users')) {
+        if ($user->can(UserPermission::ADMINISTER_USERS)) {
             return true;
         }
 

diff --git a/app/Providers/HorizonServiceProvider.php b/app/Providers/HorizonServiceProvider.php
@@ -2,6 +2,7 @@
 
 namespace App\Providers;
 
+use App\Enums\Permissions\UserPermission;
 use Illuminate\Support\Facades\Gate;
 use Laravel\Horizon\Horizon;
 use Laravel\Horizon\HorizonApplicationServiceProvider;
@@ -30,7 +31,7 @@ public function boot(): void
     protected function gate(): void
     {
         Gate::define('viewHorizon', function ($user) {
-            return $user->can('view_horizon');
+            return $user->can(UserPermission::VIEW_HORIZON);
         });
     }
 }
diff --git a/app/Providers/TelescopeServiceProvider.php b/app/Providers/TelescopeServiceProvider.php
@@ -2,6 +2,7 @@
 
 namespace App\Providers;
 
+use App\Enums\Permissions\UserPermission;
 use Illuminate\Support\Facades\Gate;
 use Laravel\Telescope\IncomingEntry;
 use Laravel\Telescope\Telescope;
@@ -63,7 +64,7 @@ protected function hideSensitiveRequestDetails()
     protected function gate()
     {
         Gate::define('viewTelescope', function ($user) {
-            return $user->can('view_telescope');
+            return $user->can(UserPermission::VIEW_TELESCOPE);
         });
     }
 }