Server : Apache System : Linux server2.corals.io 4.18.0-348.2.1.el8_5.x86_64 #1 SMP Mon Nov 15 09:17:08 EST 2021 x86_64 User : corals ( 1002) PHP Version : 7.4.33 Disable Function : exec,passthru,shell_exec,system Directory : /home/corals/job-board.corals.io/Corals/modules/Payment/Common/Policies/ |
<?php
namespace Corals\Modules\Payment\Common\Policies;
use Corals\Foundation\Policies\BasePolicy;
use Corals\Modules\Payment\Common\Models\Transaction;
use Corals\User\Models\User;
class TransactionPolicy extends BasePolicy
{
protected $administrationPermission = 'Administrations::admin.payment';
protected $skippedAbilities = ['canReverseTransfer'];
/**
* @param User $user
* @param Transaction|null $transaction
* @return bool
*/
public function view(User $user, Transaction $transaction = null)
{
if ($user->can('Payment::transaction.view_all')) {
return true;
}
if ($user->can('Payment::transaction.view')) {
if (isset($transaction->owner) && $transaction->owner->id == $user->id) {
return true;
}
}
return false;
}
/**
* @param User $user
* @return bool
*/
public function create(User $user)
{
return $user->can('Payment::transaction.create');
}
/**
* @param User $user
* @param Transaction $transaction
* @return bool
*/
public function update(User $user, Transaction $transaction)
{
return $user->can('Payment::transaction.update');
}
/**
* @param User $user
* @param Transaction $transaction
* @return bool
*/
public function destroy(User $user, Transaction $transaction)
{
return $user->can('Payment::transaction.delete');
}
public function canReverseTransfer(User $user, Transaction $transaction)
{
$transactionCanBeReversed = $transaction->type == 'payout' && $transaction->reference && $transaction->status == 'completed';
if (!$transactionCanBeReversed) {
return false;
}
if ($user->hasPermissionTo($this->administrationPermission) || isSuperUser($user)) {
return true;
}
return $transaction->owner_id == $user->id && $transaction->owner_type == getMorphAlias($user);
}
}