bert.hausmans
1cb7674d52
- Update API: events, users, policies, routes, resources, migrations - Remove deprecated models/resources (customers, setlists, invitations, etc.) - Refresh admin app and docs; remove apps/band Made-with: Cursor
41 lines
915 B
PHP
41 lines
915 B
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Policies;
|
|
|
|
use App\Models\Organisation;
|
|
use App\Models\User;
|
|
|
|
final class OrganisationPolicy
|
|
{
|
|
public function viewAny(User $user): bool
|
|
{
|
|
// All authenticated users can list their organisations
|
|
return true;
|
|
}
|
|
|
|
public function view(User $user, Organisation $organisation): bool
|
|
{
|
|
return $user->hasRole('super_admin')
|
|
|| $organisation->users()->where('user_id', $user->id)->exists();
|
|
}
|
|
|
|
public function create(User $user): bool
|
|
{
|
|
return $user->hasRole('super_admin');
|
|
}
|
|
|
|
public function update(User $user, Organisation $organisation): bool
|
|
{
|
|
if ($user->hasRole('super_admin')) {
|
|
return true;
|
|
}
|
|
|
|
return $organisation->users()
|
|
->where('user_id', $user->id)
|
|
->wherePivot('role', 'org_admin')
|
|
->exists();
|
|
}
|
|
}
|