76 lines
1.8 KiB
PHP
76 lines
1.8 KiB
PHP
<?php
|
|
|
|
namespace App\Policies;
|
|
|
|
use App\Models\Post;
|
|
use App\Models\User;
|
|
|
|
class PostPolicy
|
|
{
|
|
/** Any authenticated user can create posts */
|
|
public function create(User $user): bool
|
|
{
|
|
return true;
|
|
}
|
|
|
|
/** Only the post author can update */
|
|
public function update(User $user, Post $post): bool
|
|
{
|
|
return $user->id === $post->user_id;
|
|
}
|
|
|
|
/** Author or admin/moderator can delete */
|
|
public function delete(User $user, Post $post): bool
|
|
{
|
|
return $user->id === $post->user_id
|
|
|| $user->isAdmin()
|
|
|| $user->isModerator();
|
|
}
|
|
|
|
/** Anyone can view public posts; followers-only requires following */
|
|
public function view(?User $user, Post $post): bool
|
|
{
|
|
if ($post->visibility === Post::VISIBILITY_PUBLIC) {
|
|
return true;
|
|
}
|
|
|
|
if (! $user) {
|
|
return false;
|
|
}
|
|
|
|
if ($user->id === $post->user_id) {
|
|
return true;
|
|
}
|
|
|
|
if ($post->visibility === Post::VISIBILITY_FOLLOWERS) {
|
|
return $post->user->isFollowedBy($user->id);
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
/** Only the author can report their own posts */
|
|
public function report(User $user, Post $post): bool
|
|
{
|
|
return $user->id !== $post->user_id;
|
|
}
|
|
|
|
/** Only the post owner can pin/unpin their own post */
|
|
public function pin(User $user, Post $post): bool
|
|
{
|
|
return $user->id === $post->user_id;
|
|
}
|
|
|
|
/** Any authenticated user can save a post (own or others') */
|
|
public function save(User $user, Post $post): bool
|
|
{
|
|
return $post->status === Post::STATUS_PUBLISHED;
|
|
}
|
|
|
|
/** Only post owner may highlight a comment */
|
|
public function highlightComment(User $user, Post $post): bool
|
|
{
|
|
return $user->id === $post->user_id;
|
|
}
|
|
}
|