-
Notifications
You must be signed in to change notification settings - Fork 58
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #479 from canyongbs/advapp-242
[ADVAPP-242]: Correct access for a new unlicensed user.
- Loading branch information
Showing
9 changed files
with
361 additions
and
0 deletions.
There are no files selected for viewing
100 changes: 100 additions & 0 deletions
100
app-modules/application/src/Policies/ApplicationSubmissionStatePolicy.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,100 @@ | ||
| <?php | ||
|
|
||
| /* | ||
| <COPYRIGHT> | ||
| Copyright © 2022-2023, Canyon GBS LLC. All rights reserved. | ||
| Advising App™ is licensed under the Elastic License 2.0. For more details, | ||
| see https://github.com/canyongbs/advisingapp/blob/main/LICENSE. | ||
| Notice: | ||
| - You may not provide the software to third parties as a hosted or managed | ||
| service, where the service provides users with access to any substantial set of | ||
| the features or functionality of the software. | ||
| - You may not move, change, disable, or circumvent the license key functionality | ||
| in the software, and you may not remove or obscure any functionality in the | ||
| software that is protected by the license key. | ||
| - You may not alter, remove, or obscure any licensing, copyright, or other notices | ||
| of the licensor in the software. Any use of the licensor’s trademarks is subject | ||
| to applicable law. | ||
| - Canyon GBS LLC respects the intellectual property rights of others and expects the | ||
| same in return. Canyon GBS™ and Advising App™ are registered trademarks of | ||
| Canyon GBS LLC, and we are committed to enforcing and protecting our trademarks | ||
| vigorously. | ||
| - The software solution, including services, infrastructure, and code, is offered as a | ||
| Software as a Service (SaaS) by Canyon GBS LLC. | ||
| - Use of this software implies agreement to the license terms and conditions as stated | ||
| in the Elastic License 2.0. | ||
| For more information or inquiries please visit our website at | ||
| https://www.canyongbs.com or contact us via email at legal@canyongbs.com. | ||
| </COPYRIGHT> | ||
| */ | ||
|
|
||
| namespace AdvisingApp\Application\Policies; | ||
|
|
||
| use App\Models\Authenticatable; | ||
| use Illuminate\Auth\Access\Response; | ||
| use AdvisingApp\Application\Models\ApplicationSubmissionState; | ||
|
|
||
| class ApplicationSubmissionStatePolicy | ||
| { | ||
| public function viewAny(Authenticatable $authenticatable): Response | ||
| { | ||
| return $authenticatable->canOrElse( | ||
| abilities: ['application_submission_state.view-any'], | ||
| denyResponse: 'You do not have permission to view states.' | ||
| ); | ||
| } | ||
|
|
||
| public function view(Authenticatable $authenticatable, ApplicationSubmissionState $model): Response | ||
| { | ||
| return $authenticatable->canOrElse( | ||
| abilities: ['application_submission_state.*.view', "application_submission_state.{$model->id}.view"], | ||
| denyResponse: 'You do not have permission to view this state.' | ||
| ); | ||
| } | ||
|
|
||
| public function create(Authenticatable $authenticatable): Response | ||
| { | ||
| return $authenticatable->canOrElse( | ||
| abilities: 'application_submission_state.create', | ||
| denyResponse: 'You do not have permission to create states.' | ||
| ); | ||
| } | ||
|
|
||
| public function update(Authenticatable $authenticatable, ApplicationSubmissionState $model): Response | ||
| { | ||
| return $authenticatable->canOrElse( | ||
| abilities: ['application_submission_state.*.update', "application_submission_state.{$model->id}.update"], | ||
| denyResponse: 'You do not have permission to update this state.' | ||
| ); | ||
| } | ||
|
|
||
| public function delete(Authenticatable $authenticatable, ApplicationSubmissionState $model): Response | ||
| { | ||
| return $authenticatable->canOrElse( | ||
| abilities: ['application_submission_state.*.delete', "application_submission_state.{$model->id}.delete"], | ||
| denyResponse: 'You do not have permission to delete this state.' | ||
| ); | ||
| } | ||
|
|
||
| public function restore(Authenticatable $authenticatable, ApplicationSubmissionState $model): Response | ||
| { | ||
| return $authenticatable->canOrElse( | ||
| abilities: ['application_submission_state.*.restore', "application_submission_state.{$model->id}.restore"], | ||
| denyResponse: 'You do not have permission to restore this state.' | ||
| ); | ||
| } | ||
|
|
||
| public function forceDelete(Authenticatable $authenticatable, ApplicationSubmissionState $model): Response | ||
| { | ||
| return $authenticatable->canOrElse( | ||
| abilities: ['application_submission_state.*.force-delete', "application_submission_state.{$model->id}.force-delete"], | ||
| denyResponse: 'You do not have permission to permanently delete this state.' | ||
| ); | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,100 @@ | ||
| <?php | ||
|
|
||
| /* | ||
| <COPYRIGHT> | ||
| Copyright © 2022-2023, Canyon GBS LLC. All rights reserved. | ||
| Advising App™ is licensed under the Elastic License 2.0. For more details, | ||
| see https://github.com/canyongbs/advisingapp/blob/main/LICENSE. | ||
| Notice: | ||
| - You may not provide the software to third parties as a hosted or managed | ||
| service, where the service provides users with access to any substantial set of | ||
| the features or functionality of the software. | ||
| - You may not move, change, disable, or circumvent the license key functionality | ||
| in the software, and you may not remove or obscure any functionality in the | ||
| software that is protected by the license key. | ||
| - You may not alter, remove, or obscure any licensing, copyright, or other notices | ||
| of the licensor in the software. Any use of the licensor’s trademarks is subject | ||
| to applicable law. | ||
| - Canyon GBS LLC respects the intellectual property rights of others and expects the | ||
| same in return. Canyon GBS™ and Advising App™ are registered trademarks of | ||
| Canyon GBS LLC, and we are committed to enforcing and protecting our trademarks | ||
| vigorously. | ||
| - The software solution, including services, infrastructure, and code, is offered as a | ||
| Software as a Service (SaaS) by Canyon GBS LLC. | ||
| - Use of this software implies agreement to the license terms and conditions as stated | ||
| in the Elastic License 2.0. | ||
| For more information or inquiries please visit our website at | ||
| https://www.canyongbs.com or contact us via email at legal@canyongbs.com. | ||
| </COPYRIGHT> | ||
| */ | ||
|
|
||
| namespace App\Policies; | ||
|
|
||
| use App\Models\Pronouns; | ||
| use App\Models\Authenticatable; | ||
| use Illuminate\Auth\Access\Response; | ||
|
|
||
| class PronounsPolicy | ||
| { | ||
| public function viewAny(Authenticatable $authenticatable): Response | ||
| { | ||
| return $authenticatable->canOrElse( | ||
| abilities: ['pronouns.view-any'], | ||
| denyResponse: 'You do not have permission to view pronouns.' | ||
| ); | ||
| } | ||
|
|
||
| public function view(Authenticatable $authenticatable, Pronouns $model): Response | ||
| { | ||
| return $authenticatable->canOrElse( | ||
| abilities: ['pronouns.*.view', "pronouns.{$model->id}.view"], | ||
| denyResponse: 'You do not have permission to view these pronouns.' | ||
| ); | ||
| } | ||
|
|
||
| public function create(Authenticatable $authenticatable): Response | ||
| { | ||
| return $authenticatable->canOrElse( | ||
| abilities: 'pronouns.create', | ||
| denyResponse: 'You do not have permission to create pronouns.' | ||
| ); | ||
| } | ||
|
|
||
| public function update(Authenticatable $authenticatable, Pronouns $model): Response | ||
| { | ||
| return $authenticatable->canOrElse( | ||
| abilities: ['pronouns.*.update', "pronouns.{$model->id}.update"], | ||
| denyResponse: 'You do not have permission to update these pronouns.' | ||
| ); | ||
| } | ||
|
|
||
| public function delete(Authenticatable $authenticatable, Pronouns $model): Response | ||
| { | ||
| return $authenticatable->canOrElse( | ||
| abilities: ['pronouns.*.delete', "pronouns.{$model->id}.delete"], | ||
| denyResponse: 'You do not have permission to delete these pronouns.' | ||
| ); | ||
| } | ||
|
|
||
| public function restore(Authenticatable $authenticatable, Pronouns $model): Response | ||
| { | ||
| return $authenticatable->canOrElse( | ||
| abilities: ['pronouns.*.restore', "pronouns.{$model->id}.restore"], | ||
| denyResponse: 'You do not have permission to restore these pronouns.' | ||
| ); | ||
| } | ||
|
|
||
| public function forceDelete(Authenticatable $authenticatable, Pronouns $model): Response | ||
| { | ||
| return $authenticatable->canOrElse( | ||
| abilities: ['pronouns.*.force-delete', "pronouns.{$model->id}.force-delete"], | ||
| denyResponse: 'You do not have permission to permanently delete these pronouns.' | ||
| ); | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,100 @@ | ||
| <?php | ||
|
|
||
| /* | ||
| <COPYRIGHT> | ||
| Copyright © 2022-2023, Canyon GBS LLC. All rights reserved. | ||
| Advising App™ is licensed under the Elastic License 2.0. For more details, | ||
| see https://github.com/canyongbs/advisingapp/blob/main/LICENSE. | ||
| Notice: | ||
| - You may not provide the software to third parties as a hosted or managed | ||
| service, where the service provides users with access to any substantial set of | ||
| the features or functionality of the software. | ||
| - You may not move, change, disable, or circumvent the license key functionality | ||
| in the software, and you may not remove or obscure any functionality in the | ||
| software that is protected by the license key. | ||
| - You may not alter, remove, or obscure any licensing, copyright, or other notices | ||
| of the licensor in the software. Any use of the licensor’s trademarks is subject | ||
| to applicable law. | ||
| - Canyon GBS LLC respects the intellectual property rights of others and expects the | ||
| same in return. Canyon GBS™ and Advising App™ are registered trademarks of | ||
| Canyon GBS LLC, and we are committed to enforcing and protecting our trademarks | ||
| vigorously. | ||
| - The software solution, including services, infrastructure, and code, is offered as a | ||
| Software as a Service (SaaS) by Canyon GBS LLC. | ||
| - Use of this software implies agreement to the license terms and conditions as stated | ||
| in the Elastic License 2.0. | ||
| For more information or inquiries please visit our website at | ||
| https://www.canyongbs.com or contact us via email at legal@canyongbs.com. | ||
| </COPYRIGHT> | ||
| */ | ||
|
|
||
| namespace App\Policies; | ||
|
|
||
| use App\Models\SystemUser; | ||
| use App\Models\Authenticatable; | ||
| use Illuminate\Auth\Access\Response; | ||
|
|
||
| class SystemUserPolicy | ||
| { | ||
| public function viewAny(Authenticatable $authenticatable): Response | ||
| { | ||
| return $authenticatable->canOrElse( | ||
| abilities: ['system_user.view-any'], | ||
| denyResponse: 'You do not have permission to view users.' | ||
| ); | ||
| } | ||
|
|
||
| public function view(Authenticatable $authenticatable, SystemUser $model): Response | ||
| { | ||
| return $authenticatable->canOrElse( | ||
| abilities: ['system_user.*.view', "system_user.{$model->id}.view"], | ||
| denyResponse: 'You do not have permission to view this user.' | ||
| ); | ||
| } | ||
|
|
||
| public function create(Authenticatable $authenticatable): Response | ||
| { | ||
| return $authenticatable->canOrElse( | ||
| abilities: 'system_user.create', | ||
| denyResponse: 'You do not have permission to create users.' | ||
| ); | ||
| } | ||
|
|
||
| public function update(Authenticatable $authenticatable, SystemUser $model): Response | ||
| { | ||
| return $authenticatable->canOrElse( | ||
| abilities: ['system_user.*.update', "system_user.{$model->id}.update"], | ||
| denyResponse: 'You do not have permission to update this user.' | ||
| ); | ||
| } | ||
|
|
||
| public function delete(Authenticatable $authenticatable, SystemUser $model): Response | ||
| { | ||
| return $authenticatable->canOrElse( | ||
| abilities: ['system_user.*.delete', "system_user.{$model->id}.delete"], | ||
| denyResponse: 'You do not have permission to delete this user.' | ||
| ); | ||
| } | ||
|
|
||
| public function restore(Authenticatable $authenticatable, SystemUser $model): Response | ||
| { | ||
| return $authenticatable->canOrElse( | ||
| abilities: ['system_user.*.restore', "system_user.{$model->id}.restore"], | ||
| denyResponse: 'You do not have permission to restore this user.' | ||
| ); | ||
| } | ||
|
|
||
| public function forceDelete(Authenticatable $authenticatable, SystemUser $model): Response | ||
| { | ||
| return $authenticatable->canOrElse( | ||
| abilities: ['system_user.*.force-delete', "system_user.{$model->id}.force-delete"], | ||
| denyResponse: 'You do not have permission to permanently delete this user.' | ||
| ); | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -82,5 +82,6 @@ | |
| 'report_prospect.delete', | ||
| 'report_prospect.access', | ||
| 'journey_menu.access', | ||
| 'license_settings.manage', | ||
| ], | ||
| ]; | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| <?php | ||
|
|
||
| /* | ||
| <COPYRIGHT> | ||
| Copyright © 2022-2023, Canyon GBS LLC. All rights reserved. | ||
| Advising App™ is licensed under the Elastic License 2.0. For more details, | ||
| see https://github.com/canyongbs/advisingapp/blob/main/LICENSE. | ||
| Notice: | ||
| - You may not provide the software to third parties as a hosted or managed | ||
| service, where the service provides users with access to any substantial set of | ||
| the features or functionality of the software. | ||
| - You may not move, change, disable, or circumvent the license key functionality | ||
| in the software, and you may not remove or obscure any functionality in the | ||
| software that is protected by the license key. | ||
| - You may not alter, remove, or obscure any licensing, copyright, or other notices | ||
| of the licensor in the software. Any use of the licensor’s trademarks is subject | ||
| to applicable law. | ||
| - Canyon GBS LLC respects the intellectual property rights of others and expects the | ||
| same in return. Canyon GBS™ and Advising App™ are registered trademarks of | ||
| Canyon GBS LLC, and we are committed to enforcing and protecting our trademarks | ||
| vigorously. | ||
| - The software solution, including services, infrastructure, and code, is offered as a | ||
| Software as a Service (SaaS) by Canyon GBS LLC. | ||
| - Use of this software implies agreement to the license terms and conditions as stated | ||
| in the Elastic License 2.0. | ||
| For more information or inquiries please visit our website at | ||
| https://www.canyongbs.com or contact us via email at legal@canyongbs.com. | ||
| </COPYRIGHT> | ||
| */ | ||
|
|
||
| use App\Models\User; | ||
| use Illuminate\Support\Arr; | ||
| use Filament\Facades\Filament; | ||
|
|
||
| use function Pest\Laravel\actingAs; | ||
| use function PHPUnit\Framework\assertCount; | ||
|
|
||
| test('there is only the Dashboard item for unlicensed users', function () { | ||
| actingAs(User::factory()->create()); | ||
|
|
||
| $navigation = Filament::getNavigation(); | ||
|
|
||
| assertCount(1, $navigation); | ||
| assertCount(1, Arr::first($navigation)->getItems()); | ||
| }); |