[Chore] Update policies to use Illuminate\Auth\Access\Response (alexjustesen#1908)

alexjustesen · web-flow · commit c33e49c862b5 · 2024-12-11T18:24:49.000-05:00
diff --git a/app/Policies/ResultPolicy.php b/app/Policies/ResultPolicy.php
@@ -4,71 +4,75 @@
 
 use App\Models\Result;
 use App\Models\User;
+use Illuminate\Auth\Access\Response;
 
 class ResultPolicy
 {
     /**
      * Determine whether the user can view any models.
      */
-    public function viewAny(User $user): bool
+    public function viewAny(User $user): Response
     {
-        return true;
+        return Response::allow();
     }
 
     /**
      * Determine whether the user can view the model.
      */
-    public function view(User $user, Result $result): bool
+    public function view(User $user, Result $result): Response
     {
-        return true;
+        return Response::allow();
     }
 
     /**
      * Determine whether the user can create models.
      */
-    public function create(User $user): bool
+    public function create(User $user): Response
     {
-        return false;
+        return Response::deny();
     }
 
     /**
      * Determine whether the user can update the model.
      */
-    public function update(User $user, Result $result): bool
+    public function update(User $user, Result $result): Response
     {
-        return $user->is_admin
-            || $user->is_user;
+        return Response::allow();
     }
 
     /**
      * Determine whether the user can bulk delete any model.
      */
-    public function deleteAny(User $user)
+    public function deleteAny(User $user): Response
     {
-        return $user->is_admin;
+        return $user->is_admin
+            ? Response::allow()
+            : Response::deny('You do not have permission to delete results.');
     }
 
     /**
      * Determine whether the user can delete the model.
      */
-    public function delete(User $user, Result $result): bool
+    public function delete(User $user, Result $result): Response
     {
-        return $user->is_admin;
+        return $user->is_admin
+            ? Response::allow()
+            : Response::deny('You do not have permission to delete this result.');
     }
 
     /**
      * Determine whether the user can restore the model.
      */
-    public function restore(User $user, Result $result): bool
+    public function restore(User $user, Result $result): Response
     {
-        return false; // soft deletes not used
+        return Response::deny(); // soft deletes not used
     }
 
     /**
      * Determine whether the user can permanently delete the model.
      */
-    public function forceDelete(User $user, Result $result): bool
+    public function forceDelete(User $user, Result $result): Response
     {
-        return false; // soft deletes not used
+        return Response::deny(); // soft deletes not used
     }
 }
diff --git a/app/Policies/UserPolicy.php b/app/Policies/UserPolicy.php
@@ -3,75 +3,89 @@
 namespace App\Policies;
 
 use App\Models\User;
+use Illuminate\Auth\Access\Response;
 
 class UserPolicy
 {
     /**
      * Determine whether the user can view any models.
      */
-    public function viewAny(User $user): bool
+    public function viewAny(User $user): Response
     {
-        return $user->is_admin;
+        return $user->is_admin
+            ? Response::allow()
+            : Response::deny('You do not have permission to view users.');
     }
 
     /**
      * Determine whether the user can view the model.
      */
-    public function view(User $user, User $model): bool
+    public function view(User $user, User $model): Response
     {
-        return $user->is_admin;
+        return $user->is_admin
+            ? Response::allow()
+            : Response::deny('You do not have permission to view this user.');
     }
 
     /**
      * Determine whether the user can create models.
      */
-    public function create(User $user): bool
+    public function create(User $user): Response
     {
-        return $user->is_admin;
+        return $user->is_admin
+            ? Response::allow()
+            : Response::deny('You do not have permission to create a new user.');
     }
 
     /**
      * Determine whether the user can update the model.
      */
-    public function update(User $user, User $model): bool
+    public function update(User $user, User $model): Response
     {
-        if ($user->id == $model->id) {
-            return true;
+        if ($model->is($user)) {
+            return Response::deny('You cannot update your own account.');
         }
 
-        return $user->is_admin;
+        return $user->is_admin
+            ? Response::allow()
+            : Response::deny('You do not have permission to update this user.');
     }
 
     /**
      * Determine whether the user can bulk delete any model.
      */
-    public function deleteAny(User $user): bool
+    public function deleteAny(User $user): Response
     {
-        return false;
+        return Response::deny('You do not have permission to delete users.');
     }
 
     /**
      * Determine whether the user can delete the model.
      */
-    public function delete(User $user, User $model): bool
+    public function delete(User $user, User $model): Response
     {
+        if ($model->is_admin) {
+            return Response::deny('You cannot delete an admin user.');
+        }
+
         return $user->is_admin
-            && ! $model->is_admin;
+            ? Response::allow()
+            : Response::deny('You do not have permission to delete this user.');
     }
 
     /**
      * Determine whether the user can restore the model.
      */
-    public function restore(User $user, User $model): bool
+    public function restore(User $user, User $model): Response
     {
-        return false; // soft deletes not used
+        return Response::deny(); // soft deletes not used
     }
 
     /**
      * Determine whether the user can permanently delete the model.
      */
-    public function forceDelete(User $user, User $model): bool
+    public function forceDelete(User $user, User $model): Response
     {
-        return false; // soft deletes not used
+        return Response::deny(); // soft deletes not used
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -4,71 +4,75 @@`
`4`	`4`
`5`	`5`	`use App\Models\Result;`
`6`	`6`	`use App\Models\User;`
	`7`	`+use Illuminate\Auth\Access\Response;`
`7`	`8`
`8`	`9`	`class ResultPolicy`
`9`	`10`	`{`
`10`	`11`	`/**`
`11`	`12`	`* Determine whether the user can view any models.`
`12`	`13`	`*/`
`13`		`- public function viewAny(User $user): bool`
	`14`	`+ public function viewAny(User $user): Response`
`14`	`15`	`{`
`15`		`- return true;`
	`16`	`+ return Response::allow();`
`16`	`17`	`}`
`17`	`18`
`18`	`19`	`/**`
`19`	`20`	`* Determine whether the user can view the model.`
`20`	`21`	`*/`
`21`		`- public function view(User $user, Result $result): bool`
	`22`	`+ public function view(User $user, Result $result): Response`
`22`	`23`	`{`
`23`		`- return true;`
	`24`	`+ return Response::allow();`
`24`	`25`	`}`
`25`	`26`
`26`	`27`	`/**`
`27`	`28`	`* Determine whether the user can create models.`
`28`	`29`	`*/`
`29`		`- public function create(User $user): bool`
	`30`	`+ public function create(User $user): Response`
`30`	`31`	`{`
`31`		`- return false;`
	`32`	`+ return Response::deny();`
`32`	`33`	`}`
`33`	`34`
`34`	`35`	`/**`
`35`	`36`	`* Determine whether the user can update the model.`
`36`	`37`	`*/`
`37`		`- public function update(User $user, Result $result): bool`
	`38`	`+ public function update(User $user, Result $result): Response`
`38`	`39`	`{`
`39`		`- return $user->is_admin`
`40`		`- \|\| $user->is_user;`
	`40`	`+ return Response::allow();`
`41`	`41`	`}`
`42`	`42`
`43`	`43`	`/**`
`44`	`44`	`* Determine whether the user can bulk delete any model.`
`45`	`45`	`*/`
`46`		`- public function deleteAny(User $user)`
	`46`	`+ public function deleteAny(User $user): Response`
`47`	`47`	`{`
`48`		`- return $user->is_admin;`
	`48`	`+ return $user->is_admin`
	`49`	`+ ? Response::allow()`
	`50`	`+ : Response::deny('You do not have permission to delete results.');`
`49`	`51`	`}`
`50`	`52`
`51`	`53`	`/**`
`52`	`54`	`* Determine whether the user can delete the model.`
`53`	`55`	`*/`
`54`		`- public function delete(User $user, Result $result): bool`
	`56`	`+ public function delete(User $user, Result $result): Response`
`55`	`57`	`{`
`56`		`- return $user->is_admin;`
	`58`	`+ return $user->is_admin`
	`59`	`+ ? Response::allow()`
	`60`	`+ : Response::deny('You do not have permission to delete this result.');`
`57`	`61`	`}`
`58`	`62`
`59`	`63`	`/**`
`60`	`64`	`* Determine whether the user can restore the model.`
`61`	`65`	`*/`
`62`		`- public function restore(User $user, Result $result): bool`
	`66`	`+ public function restore(User $user, Result $result): Response`
`63`	`67`	`{`
`64`		`- return false; // soft deletes not used`
	`68`	`+ return Response::deny(); // soft deletes not used`
`65`	`69`	`}`
`66`	`70`
`67`	`71`	`/**`
`68`	`72`	`* Determine whether the user can permanently delete the model.`
`69`	`73`	`*/`
`70`		`- public function forceDelete(User $user, Result $result): bool`
	`74`	`+ public function forceDelete(User $user, Result $result): Response`
`71`	`75`	`{`
`72`		`- return false; // soft deletes not used`
	`76`	`+ return Response::deny(); // soft deletes not used`
`73`	`77`	`}`
`74`	`78`	`}`
Original file line number	Diff line number	Diff line change
`@@ -3,75 +3,89 @@`
`3`	`3`	`namespace App\Policies;`
`4`	`4`
`5`	`5`	`use App\Models\User;`
	`6`	`+use Illuminate\Auth\Access\Response;`
`6`	`7`
`7`	`8`	`class UserPolicy`
`8`	`9`	`{`
`9`	`10`	`/**`
`10`	`11`	`* Determine whether the user can view any models.`
`11`	`12`	`*/`
`12`		`- public function viewAny(User $user): bool`
	`13`	`+ public function viewAny(User $user): Response`
`13`	`14`	`{`
`14`		`- return $user->is_admin;`
	`15`	`+ return $user->is_admin`
	`16`	`+ ? Response::allow()`
	`17`	`+ : Response::deny('You do not have permission to view users.');`
`15`	`18`	`}`
`16`	`19`
`17`	`20`	`/**`
`18`	`21`	`* Determine whether the user can view the model.`
`19`	`22`	`*/`
`20`		`- public function view(User $user, User $model): bool`
	`23`	`+ public function view(User $user, User $model): Response`
`21`	`24`	`{`
`22`		`- return $user->is_admin;`
	`25`	`+ return $user->is_admin`
	`26`	`+ ? Response::allow()`
	`27`	`+ : Response::deny('You do not have permission to view this user.');`
`23`	`28`	`}`
`24`	`29`
`25`	`30`	`/**`
`26`	`31`	`* Determine whether the user can create models.`
`27`	`32`	`*/`
`28`		`- public function create(User $user): bool`
	`33`	`+ public function create(User $user): Response`
`29`	`34`	`{`
`30`		`- return $user->is_admin;`
	`35`	`+ return $user->is_admin`
	`36`	`+ ? Response::allow()`
	`37`	`+ : Response::deny('You do not have permission to create a new user.');`
`31`	`38`	`}`
`32`	`39`
`33`	`40`	`/**`
`34`	`41`	`* Determine whether the user can update the model.`
`35`	`42`	`*/`
`36`		`- public function update(User $user, User $model): bool`
	`43`	`+ public function update(User $user, User $model): Response`
`37`	`44`	`{`
`38`		`- if ($user->id == $model->id) {`
`39`		`- return true;`
	`45`	`+ if ($model->is($user)) {`
	`46`	`+ return Response::deny('You cannot update your own account.');`
`40`	`47`	`}`
`41`	`48`
`42`		`- return $user->is_admin;`
	`49`	`+ return $user->is_admin`
	`50`	`+ ? Response::allow()`
	`51`	`+ : Response::deny('You do not have permission to update this user.');`
`43`	`52`	`}`
`44`	`53`
`45`	`54`	`/**`
`46`	`55`	`* Determine whether the user can bulk delete any model.`
`47`	`56`	`*/`
`48`		`- public function deleteAny(User $user): bool`
	`57`	`+ public function deleteAny(User $user): Response`
`49`	`58`	`{`
`50`		`- return false;`
	`59`	`+ return Response::deny('You do not have permission to delete users.');`
`51`	`60`	`}`
`52`	`61`
`53`	`62`	`/**`
`54`	`63`	`* Determine whether the user can delete the model.`
`55`	`64`	`*/`
`56`		`- public function delete(User $user, User $model): bool`
	`65`	`+ public function delete(User $user, User $model): Response`
`57`	`66`	`{`
	`67`	`+ if ($model->is_admin) {`
	`68`	`+ return Response::deny('You cannot delete an admin user.');`
	`69`	`+ }`
	`70`	`+`
`58`	`71`	`return $user->is_admin`
`59`		`- && ! $model->is_admin;`
	`72`	`+ ? Response::allow()`
	`73`	`+ : Response::deny('You do not have permission to delete this user.');`
`60`	`74`	`}`
`61`	`75`
`62`	`76`	`/**`
`63`	`77`	`* Determine whether the user can restore the model.`
`64`	`78`	`*/`
`65`		`- public function restore(User $user, User $model): bool`
	`79`	`+ public function restore(User $user, User $model): Response`
`66`	`80`	`{`
`67`		`- return false; // soft deletes not used`
	`81`	`+ return Response::deny(); // soft deletes not used`
`68`	`82`	`}`
`69`	`83`
`70`	`84`	`/**`
`71`	`85`	`* Determine whether the user can permanently delete the model.`
`72`	`86`	`*/`
`73`		`- public function forceDelete(User $user, User $model): bool`
	`87`	`+ public function forceDelete(User $user, User $model): Response`
`74`	`88`	`{`
`75`		`- return false; // soft deletes not used`
	`89`	`+ return Response::deny(); // soft deletes not used`
`76`	`90`	`}`
`77`	`91`	`}`