isOperator() && $user->cannot('viewCardOrders')) { return false; } return true; } /** * Determine whether the user can view the model. */ public function view(User $user, CardOrder $cardOrder): bool { if ($user->isAdmin()) { return true; } if ($user->isOperator() && $user->can('viewCardOrders')) { return $user->branches()->where('branches.id', $cardOrder->branch_id)->exists(); } if ($user->ownsCardOrder($cardOrder)) { return true; } return false; } /** * Determine whether the user can create models. */ public function create(User $user): bool { if ($user->isOperator() && $user->cannot('viewCardOrders')) { return false; } return true; } /** * Determine whether the user can update the model. */ public function update(User $user, CardOrder $cardOrder): bool { if ($user->isAdmin()) { return true; } if ($user->isOperator() && $user->can('viewCardOrders')) { return $user->branches()->where('branches.id', $cardOrder->branch_id)->exists(); } if ($user->ownsCardOrder($cardOrder) && in_array($cardOrder->status, [ OrderRepo::PENDING, ])) { return true; } return false; } /** * Determine whether the user can delete the model. */ public function delete(User $user, CardOrder $cardOrder): bool { if ($user->isAdmin()) { return true; } if ($user->isOperator() && $user->can('viewLoanOrders')) { return $user->branches()->where('branches.id', $cardOrder->branch_id)->exists(); } if ($user->ownsCardOrder($cardOrder)) { return true; } return false; } /** * Determine whether the user can restore the model. */ public function restore(User $user, CardOrder $cardOrder): bool { if ($user->isMe()) { return true; } return false; } /** * Determine whether the user can permanently delete the model. */ public function forceDelete(User $user, CardOrder $cardOrder): bool { if ($user->isMe()) { return true; } return false; } }