user = $user; } public function can(string $action, mixed $subject) : bool { if ($this->user === null) { return false; } $is_destructive = in_array($action, self::DESTRUCTIVE_ACTIONS); if (is_a($subject, 'Paste')) { if (($subject->visible == Paste::VISIBILITY_PRIVATE) || $is_destructive) { return $subject->user_id === $this->user->id; } return true; } if (is_a($subject, 'User')) { return !$is_destructive || $subject->id === $this->user->id; } return false; } }