isOperator()) { return $user->getPermissionNames()->contains('ViewLoanOrders'); } return true; } /** * Determine whether the user can view the model. */ public function view(User $user, LoanOrder $loanOrder): bool { if ($user->isAdmin()) { return true; } if ($user->isOperator() && $user->getPermissionNames()->contains('ViewLoanOrders')) { return in_array( $loanOrder->branch_id, $user->branches->pluck('id')->toArray() ); } if ($user->ownsLoanOrder($loanOrder)) { return true; } return false; } /** * Determine whether the user can create models. */ public function create(User $user): bool { if ($user->isOperator()) { return $user->getPermissionNames()->contains('ViewLoanOrders'); } return true; } /** * Determine whether the user can update the model. */ public function update(User $user, LoanOrder $loanOrder): bool { if ($user->isAdmin()) { return true; } if ($user->isOperator() && $user->getPermissionNames()->contains('ViewLoanOrders')) { return in_array( $loanOrder->branch_id, $user->branches->pluck('id')->toArray() ); } if ($user->ownsLoanOrder($loanOrder) && in_array($loanOrder->status, [ OrderRepo::PENDING, ])) { return true; } return false; } /** * Determine whether the user can delete the model. */ public function delete(User $user, LoanOrder $loanOrder): bool { if ($user->isAdmin()) { return true; } if ($user->isOperator() && $user->getPermissionNames()->contains('ViewLoanOrders')) { return in_array( $loanOrder->branch_id, $user->branches->pluck('id')->toArray() ); } if ($user->ownsLoanOrder($loanOrder)) { return true; } return false; } /** * Determine whether the user can restore the model. */ public function restore(User $user, LoanOrder $loanOrder): bool { if ($user->isMe()) { return true; } return false; } /** * Determine whether the user can permanently delete the model. */ public function forceDelete(User $user, LoanOrder $loanOrder): bool { if ($user->isMe()) { return true; } return false; } }