Skip to content

Commit

Permalink
Update ResourceForUser.php
Browse files Browse the repository at this point in the history
Fix when a User has the ability to "view" entries but is not restricted to only "view own entries".
  • Loading branch information
bajramemini authored Mar 8, 2019
1 parent 50e93a8 commit 684a9cb
Showing 1 changed file with 15 additions and 0 deletions.
15 changes: 15 additions & 0 deletions src/Nova/ResourceForUser.php
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,11 @@ public static function detailQuery(NovaRequest $request, $query)
return $query;
}

// User Can View all Entries and is not restricted to its own
if (!$user->hasPermissionTo('view own ' . parent::uriKey()) && $user->hasPermissionTo('view ' . parent::uriKey())) {
return $query;
}

return parent::detailQuery($request, $query->where('user_id', $user->id));
}

Expand Down Expand Up @@ -67,6 +72,11 @@ public static function relatableQuery(NovaRequest $request, $query)
return parent::relatableQuery($request, $query);
}

// User Can View all Entries and is not restricted to its own
if (!$user->hasPermissionTo('view own ' . parent::uriKey()) && $user->hasPermissionTo('view ' . parent::uriKey())) {
return parent::relatableQuery($request, $query);
}

return parent::relatableQuery($request, $query->where('user_id', $user->id));
}

Expand All @@ -86,6 +96,11 @@ public static function scoutQuery(NovaRequest $request, $query)
return $query;
}

// User Can View all Entries and is not restricted to its own
if (!$user->hasPermissionTo('view own ' . parent::uriKey()) && $user->hasPermissionTo('view ' . parent::uriKey())) {
return $query;
}

return $query->where('user_id', $user->id);
}
}

0 comments on commit 684a9cb

Please sign in to comment.