ponepaste/includes/Helpers/AbilityHelper.php

<?php
namespace PonePaste\Helpers;

use PonePaste\Models\User;
use PonePaste\Models\Paste;

class AbilityHelper {
    private array $modelToActions = [];
    private User | null $user;

    public function __construct(User | null $user) {
        $this->user = $user;
        $this->setupAllowedActions();
    }

    public function can(string $action, mixed $subject) : bool {
        if ($this->user !== null
            && $this->user->role == User::ROLE_ADMIN) { // Admins can do anything
            return true;
        }

        return $this->modelToActions[$subject::class][$action]($this->user, $subject);
    }

    private function setupAllowedActions() : void {
        $this->modelToActions['PonePaste\\Models\\Paste'] = [
            'view' => function(User | null $user, Paste $paste) {
                $publicly_visible = ((int) $paste->visible !== Paste::VISIBILITY_PRIVATE) && !$paste->is_hidden;

                return $publicly_visible // Everyone can see public pastes
                    || ($user !== null && $user->id === $paste->user_id) // Creators of pastes can see their own private pastes
                    || ($user !== null && $user->role >= User::ROLE_MODERATOR); // Moderators and above can see all pastes
            },
            'edit' => function(User | null $user, Paste $paste) {
                return $user !== null
                    && $user->id === $paste->user_id; // Creators of non-anonymous pastes can edit their own pastes
            },
            'hide' => function(User | null $user, Paste $paste) {
                return $user !== null
                    && $user->role >= User::ROLE_MODERATOR; // Moderators and above can hide pastes
            },
            'delete' => function(User | null $user, Paste $paste) {
                return $user !== null
                    && ($user->id === $paste->user_id // Creators of pastes can delete their own pastes
                        || $user->role >= User::ROLE_ADMIN); // Admins can delete all pastes
            },
            'blank' => function(User | null $user, Paste $paste) {
                return $user !== null
                    && $user->role >= User::ROLE_ADMIN; // Only admins can blank pastes
            },
        ];
        $this->modelToActions['PonePaste\\Models\\User'] = [
            'view' => function(User | null $user, User $subject) {
                return true; // Everyone can view users
            },
            'edit' => function(User | null $user, User $subject) {
                return $user !== null
                    && $user->id === $subject->id; // Users can edit their own profiles
            },
            'administrate' => function(User | null $user, User $subject) {
                return $user !== null
                    && $user->role >= User::ROLE_ADMIN; // Admins can edit all users
            }
        ];
    }
}
New router and ability stuff. 2022-04-17 19:41:18 -04:00			`<?php`
			`namespace PonePaste\Helpers;`

			`use PonePaste\Models\User;`
			`use PonePaste\Models\Paste;`

			`class AbilityHelper {`
feat: reporting, lots of admin improvements 2023-05-13 20:05:10 -04:00			`private array $modelToActions = [];`
New router and ability stuff. 2022-04-17 19:41:18 -04:00			`private User \| null $user;`

			`public function __construct(User \| null $user) {`
			`$this->user = $user;`
feat: reporting, lots of admin improvements 2023-05-13 20:05:10 -04:00			`$this->setupAllowedActions();`
New router and ability stuff. 2022-04-17 19:41:18 -04:00			`}`

			`public function can(string $action, mixed $subject) : bool {`
feat: add moderator role system 2023-05-13 21:19:35 -04:00			`if ($this->user !== null`
			`&& $this->user->role == User::ROLE_ADMIN) { // Admins can do anything`
New router and ability stuff. 2022-04-17 19:41:18 -04:00			`return true;`
			`}`

feat: reporting, lots of admin improvements 2023-05-13 20:05:10 -04:00			`return $this->modelToActions[$subject::class][$action]($this->user, $subject);`
			`}`
New router and ability stuff. 2022-04-17 19:41:18 -04:00
feat: reporting, lots of admin improvements 2023-05-13 20:05:10 -04:00			`private function setupAllowedActions() : void {`
			`$this->modelToActions['PonePaste\\Models\\Paste'] = [`
			`'view' => function(User \| null $user, Paste $paste) {`
feat: add moderator role system 2023-05-13 21:19:35 -04:00			`$publicly_visible = ((int) $paste->visible !== Paste::VISIBILITY_PRIVATE) && !$paste->is_hidden;`

			`return $publicly_visible // Everyone can see public pastes`
			`\|\| ($user !== null && $user->id === $paste->user_id) // Creators of pastes can see their own private pastes`
fix: fix a couple undefined variable errors 2024-04-25 12:08:25 -04:00			`\|\| ($user !== null && $user->role >= User::ROLE_MODERATOR); // Moderators and above can see all pastes`
feat: reporting, lots of admin improvements 2023-05-13 20:05:10 -04:00			`},`
			`'edit' => function(User \| null $user, Paste $paste) {`
feat: add moderator role system 2023-05-13 21:19:35 -04:00			`return $user !== null`
			`&& $user->id === $paste->user_id; // Creators of non-anonymous pastes can edit their own pastes`
feat: reporting, lots of admin improvements 2023-05-13 20:05:10 -04:00			`},`
			`'hide' => function(User \| null $user, Paste $paste) {`
feat: add moderator role system 2023-05-13 21:19:35 -04:00			`return $user !== null`
			`&& $user->role >= User::ROLE_MODERATOR; // Moderators and above can hide pastes`
feat: reporting, lots of admin improvements 2023-05-13 20:05:10 -04:00			`},`
			`'delete' => function(User \| null $user, Paste $paste) {`
feat: add moderator role system 2023-05-13 21:19:35 -04:00			`return $user !== null`
			`&& ($user->id === $paste->user_id // Creators of pastes can delete their own pastes`
			`\|\| $user->role >= User::ROLE_ADMIN); // Admins can delete all pastes`
fix(pastes): fix mods not being able to edit pastes 2023-08-29 03:25:35 -04:00			`},`
			`'blank' => function(User \| null $user, Paste $paste) {`
			`return $user !== null`
			`&& $user->role >= User::ROLE_ADMIN; // Only admins can blank pastes`
			`},`
feat: reporting, lots of admin improvements 2023-05-13 20:05:10 -04:00			`];`
			`$this->modelToActions['PonePaste\\Models\\User'] = [`
			`'view' => function(User \| null $user, User $subject) {`
feat: add moderator role system 2023-05-13 21:19:35 -04:00			`return true; // Everyone can view users`
feat: reporting, lots of admin improvements 2023-05-13 20:05:10 -04:00			`},`
			`'edit' => function(User \| null $user, User $subject) {`
feat: add moderator role system 2023-05-13 21:19:35 -04:00			`return $user !== null`
			`&& $user->id === $subject->id; // Users can edit their own profiles`
feat: reporting, lots of admin improvements 2023-05-13 20:05:10 -04:00			`},`
feat: user password resets 2023-05-15 12:44:04 -04:00			`'administrate' => function(User \| null $user, User $subject) {`
			`return $user !== null`
			`&& $user->role >= User::ROLE_ADMIN; // Admins can edit all users`
			`}`
feat: reporting, lots of admin improvements 2023-05-13 20:05:10 -04:00			`];`
New router and ability stuff. 2022-04-17 19:41:18 -04:00			`}`
misc cleanup, update vendor stuff, fix captcha 2023-02-24 06:26:40 -05:00			`}`