loan order permissions

app/Models/Branch/Branch.php

@@ -2,6 +2,7 @@
 
 namespace App\Models\Branch;
 
+use App\Models\User;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Model;
 use Spatie\Translatable\HasTranslations;
@@ -44,4 +45,12 @@ class Branch extends Model
         'name',
         'address',
     ];
+
+    /**
+     * Branches associated with user
+     */
+    public function users(): BelongsToMany
+    {
+        return $this->belongsToMany(User::class);
+    }
 }

app/Models/User.php

@@ -3,7 +3,11 @@
 namespace App\Models;
 
 // use Illuminate\Contracts\Auth\MustVerifyEmail;
+use App\Models\Branch\Branch;
+use App\Models\Order\Loan\LoanOrder;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
+use Illuminate\Database\Eloquent\Relations\BelongsToMany;
+use Illuminate\Database\Eloquent\Relations\HasMany;
 use Illuminate\Foundation\Auth\User as Authenticatable;
 use Illuminate\Notifications\Notifiable;
 use Laravel\Sanctum\HasApiTokens;
@@ -47,7 +51,23 @@ class User extends Authenticatable
     ];
 
     /**
-     * User is me?
+     * Branches associated with user
+     */
+    public function branches(): BelongsToMany
+    {
+        return $this->belongsToMany(Branch::class);
+    }
+
+    /**
+     * Loan orders user created
+     */
+    public function loanOrders(): HasMany
+    {
+        return $this->hasMany(LoanOrder::class);
+    }
+
+    /**
+     * Check if user is me.
      */
     public function isMe(): bool
     {
@@ -55,7 +75,7 @@ class User extends Authenticatable
     }
 
     /**
-     * Is user admin?
+     * Check if user is admin.
      */
     public function isAdmin(): bool
     {
@@ -65,4 +85,20 @@ class User extends Authenticatable
 
         return $this->hasRole(['king', 'superadmin', 'admin']);
     }
+
+    /**
+     * Check if user is operator.
+     */
+    public function isOperator(): bool
+    {
+        return $this->hasRole('operator');
+    }
+
+    /**
+     * Check if user owns loan order.
+     */
+    public function ownsLoanOrder(LoanOrder $loanOrder): bool
+    {
+        return $this->id === $loanOrder->user_id;
+    }
 }

app/Nova/Resource.php

@@ -2,6 +2,7 @@
 
 namespace App\Nova;
 
+use Illuminate\Http\Request;
 use Laravel\Nova\Http\Requests\NovaRequest;
 use Laravel\Nova\Resource as NovaResource;
 
@@ -14,6 +15,14 @@ abstract class Resource extends NovaResource
      */
     public static $trafficCop = false;
 
+    /**
+     * Determine if the current user can replicate the given resource.
+     */
+    public function authorizedToReplicate(Request $request): bool
+    {
+        return false;
+    }
+
     /**
      * Build an "index" query for the given resource.
      *

app/Nova/User.php

@@ -2,9 +2,11 @@
 
 namespace App\Nova;
 
+use App\Nova\Resources\Branch\Branch;
 use App\Nova\Resources\System\Roles\Role;
 use Illuminate\Http\Request;
 use Illuminate\Validation\Rules;
+use Laravel\Nova\Fields\BelongsToMany;
 use Laravel\Nova\Fields\ID;
 use Laravel\Nova\Fields\MorphToMany;
 use Laravel\Nova\Fields\Password;
@@ -90,6 +92,8 @@ class User extends Resource
                 ->updateRules('nullable', Rules\Password::defaults()),
 
             MorphToMany::make(__('Roles'), 'roles', Role::class),
+
+            BelongsToMany::make(__('Branches'), 'branches', Branch::class),
         ];
     }
 

app/Policies/Order/Loan/LoanOrderPolicy.php

@@ -12,11 +12,7 @@ class LoanOrderPolicy
      */
     public function viewAny(User $user): bool
     {
-        if ($user->isAdmin()) {
-            return true;
-        }
-
-        return false;
+        return true;
     }
 
     /**
@@ -28,6 +24,14 @@ class LoanOrderPolicy
             return true;
         }
 
+        if ($user->isOperator()) {
+            return $user->branches()->where('id', $loanOrder->branch_id)->exists();
+        }
+
+        if ($user->ownsLoanOrder($loanOrder)) {
+            return true;
+        }
+
         return false;
     }
 
@@ -36,11 +40,7 @@ class LoanOrderPolicy
      */
     public function create(User $user): bool
     {
-        if ($user->isAdmin()) {
-            return true;
-        }
-
-        return false;
+        return true;
     }
 
     /**
@@ -52,6 +52,14 @@ class LoanOrderPolicy
             return true;
         }
 
+        if ($user->isOperator()) {
+            return $user->branches()->where('id', $loanOrder->branch_id)->exists();
+        }
+
+        if ($user->ownsLoanOrder($loanOrder)) {
+            return true;
+        }
+
         return false;
     }
 
@@ -64,6 +72,14 @@ class LoanOrderPolicy
             return true;
         }
 
+        if ($user->isOperator()) {
+            return $user->branches()->where('id', $loanOrder->branch_id)->exists();
+        }
+
+        if ($user->ownsLoanOrder($loanOrder)) {
+            return true;
+        }
+
         return false;
     }