File: /home/xedaptot/ai.naniguide.com/app/Policies/EmailVerificationServerPolicy.php
<?php
namespace App\Policies;
use Illuminate\Auth\Access\HandlesAuthorization;
use App\Model\User;
use App\Model\EmailVerificationServer;
/**
* EmailVerificationServerPolicy — ownership + RBAC only.
*
* Plan-state checks (HAS_OWN_EMAIL_VERIFICATION_SERVER entitlement,
* MAX_EMAIL_VERIFICATION_SERVERS quota, HAS_ALL_EMAIL_VERIFICATION_SERVERS)
* belong to the Gate layer and are called at the controller boundary.
*/
class EmailVerificationServerPolicy
{
use HandlesAuthorization;
public function read(User $user, EmailVerificationServer $server, $role)
{
if (app_profile('email_verfication_server.disable') === true) {
return false;
}
switch ($role) {
case 'admin':
return $user->admin->getPermission('email_verification_server_read') != 'no';
case 'customer':
// Plan-state (entitlement) checked via Gate at controller.
return true;
}
return false;
}
public function readAll(User $user, EmailVerificationServer $server, $role)
{
if (app_profile('email_verfication_server.disable') === true) {
return false;
}
switch ($role) {
case 'admin':
return $user->admin->getPermission('email_verification_server_read') == 'all';
case 'customer':
return false;
}
return false;
}
public function create(User $user, EmailVerificationServer $server, $role)
{
if (app_profile('email_verfication_server.disable') === true) {
return false;
}
switch ($role) {
case 'admin':
return $user->admin->getPermission('email_verification_server_create') == 'yes';
case 'customer':
// RBAC granted. Plan-state (entitlement + quota) checked via Gate at controller.
return true;
}
return false;
}
public function update(User $user, EmailVerificationServer $server, $role)
{
if (app_profile('email_verfication_server.disable') === true) {
return false;
}
switch ($role) {
case 'admin':
$ability = $user->admin->getPermission('email_verification_server_update');
return $ability == 'all' || $ability == 'own';
case 'customer':
return $user->customer->id == $server->customer_id;
}
return false;
}
public function delete(User $user, EmailVerificationServer $server, $role)
{
if (app_profile('email_verfication_server.disable') === true) {
return false;
}
switch ($role) {
case 'admin':
$ability = $user->admin->getPermission('email_verification_server_delete');
return $ability == 'all' || $ability == 'own';
case 'customer':
return $user->customer->id == $server->customer_id;
}
return false;
}
public function disable(User $user, EmailVerificationServer $server, $role)
{
if (app_profile('email_verfication_server.disable') === true) {
return false;
}
switch ($role) {
case 'admin':
$ability = $user->admin->getPermission('email_verification_server_update');
$can = $ability == 'all' || $ability == 'own';
break;
case 'customer':
$can = $user->customer->id == $server->customer_id;
break;
default:
$can = false;
}
return $can && $server->status != EmailVerificationServer::STATUS_INACTIVE;
}
public function enable(User $user, EmailVerificationServer $server, $role)
{
if (app_profile('email_verfication_server.disable') === true) {
return false;
}
switch ($role) {
case 'admin':
$ability = $user->admin->getPermission('email_verification_server_update');
$can = $ability == 'all' || $ability == 'own';
break;
case 'customer':
$can = $user->customer->id == $server->customer_id;
break;
default:
$can = false;
}
return $can && $server->status != EmailVerificationServer::STATUS_ACTIVE;
}
}