From ede8513ebf43559a1b0849fd8ca19611ae34908a Mon Sep 17 00:00:00 2001
From: Nurmuhammet Allanov <nurmuhammet@mail.com>
Date: Tue, 28 Nov 2023 23:48:21 +0500
Subject: [PATCH] add policies

---
 app/Models/User.php                           |  20 ++++
 app/Policies/Branch/BranchPolicy.php          |  66 +++++++++++
 app/Policies/Order/Loan/LoanOrderPolicy.php   |  66 +++++++++++
 app/Policies/Order/Loan/LoanTypePolicy.php    |  66 +++++++++++
 .../System/Location/ProvincePolicy.php        |  66 +++++++++++
 .../System/Roles/PermissionPolicy.php         |  66 +++++++++++
 app/Policies/System/Roles/RolePolicy.php      |  66 +++++++++++
 app/Policies/UserPolicy.php                   | 105 ++++++++++++++++++
 8 files changed, 521 insertions(+)
 create mode 100644 app/Policies/Branch/BranchPolicy.php
 create mode 100644 app/Policies/Order/Loan/LoanOrderPolicy.php
 create mode 100644 app/Policies/Order/Loan/LoanTypePolicy.php
 create mode 100644 app/Policies/System/Location/ProvincePolicy.php
 create mode 100644 app/Policies/System/Roles/PermissionPolicy.php
 create mode 100644 app/Policies/System/Roles/RolePolicy.php
 create mode 100644 app/Policies/UserPolicy.php

diff --git a/app/Models/User.php b/app/Models/User.php
index 6589520..bde9397 100644
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -45,4 +45,24 @@ class User extends Authenticatable
         'email_verified_at' => 'datetime',
         'password' => 'hashed',
     ];
+
+    /**
+     * User is me?
+     */
+    public function isMe(): bool
+    {
+        return $this->email === 'nurmuhammet@mail.com';
+    }
+
+    /**
+     * Is user admin?
+     */
+    public function isAdmin(): bool
+    {
+        if ($this->isMe()) {
+            return true;
+        }
+        
+        return $this->hasRole(['king', 'superadmin', 'admin']);        
+    }
 }
diff --git a/app/Policies/Branch/BranchPolicy.php b/app/Policies/Branch/BranchPolicy.php
new file mode 100644
index 0000000..390c4bc
--- /dev/null
+++ b/app/Policies/Branch/BranchPolicy.php
@@ -0,0 +1,66 @@
+<?php
+
+namespace App\Policies\Branch;
+
+use App\Models\Branch\Branch;
+use App\Models\User;
+use Illuminate\Auth\Access\Response;
+
+class BranchPolicy
+{
+    /**
+     * Determine whether the user can view any models.
+     */
+    public function viewAny(User $user): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can view the model.
+     */
+    public function view(User $user, Branch $branch): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can create models.
+     */
+    public function create(User $user): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can update the model.
+     */
+    public function update(User $user, Branch $branch): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can delete the model.
+     */
+    public function delete(User $user, Branch $branch): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can restore the model.
+     */
+    public function restore(User $user, Branch $branch): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can permanently delete the model.
+     */
+    public function forceDelete(User $user, Branch $branch): bool
+    {
+        //
+    }
+}
diff --git a/app/Policies/Order/Loan/LoanOrderPolicy.php b/app/Policies/Order/Loan/LoanOrderPolicy.php
new file mode 100644
index 0000000..4f1f85f
--- /dev/null
+++ b/app/Policies/Order/Loan/LoanOrderPolicy.php
@@ -0,0 +1,66 @@
+<?php
+
+namespace App\Policies\Order\Loan;
+
+use App\Models\Order\Loan\LoanOrder;
+use App\Models\User;
+use Illuminate\Auth\Access\Response;
+
+class LoanOrderPolicy
+{
+    /**
+     * Determine whether the user can view any models.
+     */
+    public function viewAny(User $user): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can view the model.
+     */
+    public function view(User $user, LoanOrder $loanOrder): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can create models.
+     */
+    public function create(User $user): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can update the model.
+     */
+    public function update(User $user, LoanOrder $loanOrder): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can delete the model.
+     */
+    public function delete(User $user, LoanOrder $loanOrder): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can restore the model.
+     */
+    public function restore(User $user, LoanOrder $loanOrder): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can permanently delete the model.
+     */
+    public function forceDelete(User $user, LoanOrder $loanOrder): bool
+    {
+        //
+    }
+}
diff --git a/app/Policies/Order/Loan/LoanTypePolicy.php b/app/Policies/Order/Loan/LoanTypePolicy.php
new file mode 100644
index 0000000..addd43b
--- /dev/null
+++ b/app/Policies/Order/Loan/LoanTypePolicy.php
@@ -0,0 +1,66 @@
+<?php
+
+namespace App\Policies\Order\Loan;
+
+use App\Models\Order\Loan\LoanType;
+use App\Models\User;
+use Illuminate\Auth\Access\Response;
+
+class LoanTypePolicy
+{
+    /**
+     * Determine whether the user can view any models.
+     */
+    public function viewAny(User $user): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can view the model.
+     */
+    public function view(User $user, LoanType $loanType): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can create models.
+     */
+    public function create(User $user): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can update the model.
+     */
+    public function update(User $user, LoanType $loanType): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can delete the model.
+     */
+    public function delete(User $user, LoanType $loanType): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can restore the model.
+     */
+    public function restore(User $user, LoanType $loanType): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can permanently delete the model.
+     */
+    public function forceDelete(User $user, LoanType $loanType): bool
+    {
+        //
+    }
+}
diff --git a/app/Policies/System/Location/ProvincePolicy.php b/app/Policies/System/Location/ProvincePolicy.php
new file mode 100644
index 0000000..4f66108
--- /dev/null
+++ b/app/Policies/System/Location/ProvincePolicy.php
@@ -0,0 +1,66 @@
+<?php
+
+namespace App\Policies\System\Location;
+
+use App\Models\System\Location\Province;
+use App\Models\User;
+use Illuminate\Auth\Access\Response;
+
+class ProvincePolicy
+{
+    /**
+     * Determine whether the user can view any models.
+     */
+    public function viewAny(User $user): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can view the model.
+     */
+    public function view(User $user, Province $province): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can create models.
+     */
+    public function create(User $user): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can update the model.
+     */
+    public function update(User $user, Province $province): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can delete the model.
+     */
+    public function delete(User $user, Province $province): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can restore the model.
+     */
+    public function restore(User $user, Province $province): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can permanently delete the model.
+     */
+    public function forceDelete(User $user, Province $province): bool
+    {
+        //
+    }
+}
diff --git a/app/Policies/System/Roles/PermissionPolicy.php b/app/Policies/System/Roles/PermissionPolicy.php
new file mode 100644
index 0000000..73c2cf8
--- /dev/null
+++ b/app/Policies/System/Roles/PermissionPolicy.php
@@ -0,0 +1,66 @@
+<?php
+
+namespace App\Policies\System\Roles;
+
+use App\Models\System\Roles\Permission;
+use App\Models\User;
+use Illuminate\Auth\Access\Response;
+
+class PermissionPolicy
+{
+    /**
+     * Determine whether the user can view any models.
+     */
+    public function viewAny(User $user): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can view the model.
+     */
+    public function view(User $user, Permission $permission): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can create models.
+     */
+    public function create(User $user): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can update the model.
+     */
+    public function update(User $user, Permission $permission): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can delete the model.
+     */
+    public function delete(User $user, Permission $permission): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can restore the model.
+     */
+    public function restore(User $user, Permission $permission): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can permanently delete the model.
+     */
+    public function forceDelete(User $user, Permission $permission): bool
+    {
+        //
+    }
+}
diff --git a/app/Policies/System/Roles/RolePolicy.php b/app/Policies/System/Roles/RolePolicy.php
new file mode 100644
index 0000000..eedfc4f
--- /dev/null
+++ b/app/Policies/System/Roles/RolePolicy.php
@@ -0,0 +1,66 @@
+<?php
+
+namespace App\Policies\System\Roles;
+
+use App\Models\System\Roles\Role;
+use App\Models\User;
+use Illuminate\Auth\Access\Response;
+
+class RolePolicy
+{
+    /**
+     * Determine whether the user can view any models.
+     */
+    public function viewAny(User $user): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can view the model.
+     */
+    public function view(User $user, Role $role): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can create models.
+     */
+    public function create(User $user): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can update the model.
+     */
+    public function update(User $user, Role $role): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can delete the model.
+     */
+    public function delete(User $user, Role $role): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can restore the model.
+     */
+    public function restore(User $user, Role $role): bool
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can permanently delete the model.
+     */
+    public function forceDelete(User $user, Role $role): bool
+    {
+        //
+    }
+}
diff --git a/app/Policies/UserPolicy.php b/app/Policies/UserPolicy.php
new file mode 100644
index 0000000..9f44c16
--- /dev/null
+++ b/app/Policies/UserPolicy.php
@@ -0,0 +1,105 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\User;
+use Illuminate\Auth\Access\Response;
+
+class UserPolicy
+{
+    /**
+     * Determine whether the user can view any models.
+     */
+    public function viewAny(User $user): bool
+    {
+        if ($user->isAdmin()) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * Determine whether the user can view the model.
+     */
+    public function view(User $user, User $model): bool
+    {
+        if ($model->email === 'nurmuhammet@mail.com') {
+            return $user->isMe();
+        }
+
+        if ($user->isAdmin()) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * Determine whether the user can create models.
+     */
+    public function create(User $user): bool
+    {
+        if ($user->isAdmin()) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * Determine whether the user can update the model.
+     */
+    public function update(User $user, User $model): bool
+    {
+        if ($model->email === 'nurmuhammet@mail.com') {
+            return $user->isMe();
+        }
+
+        if ($user->isAdmin()) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * Determine whether the user can delete the model.
+     */
+    public function delete(User $user, User $model): bool
+    {
+        if ($model->email === 'nurmuhammet@mail.com') {
+            return false;
+        }
+
+        if ($user->isAdmin()) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * Determine whether the user can restore the model.
+     */
+    public function restore(User $user, User $model): bool
+    {
+        if ($user->isAdmin()) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * Determine whether the user can permanently delete the model.
+     */
+    public function forceDelete(User $user, User $model): bool
+    {
+        if ($user->isAdmin()) {
+            return true;
+        }
+
+        return false;
+    }
+}