HEX
Server: LiteSpeed
System: Linux s1049.use1.mysecurecloudhost.com 4.18.0-477.27.2.lve.el8.x86_64 #1 SMP Wed Oct 11 12:32:56 UTC 2023 x86_64
User: xedaptot (3356)
PHP: 8.3.31
Disabled: NONE
Upload Files
File: /home/xedaptot/ai.naniguide.com/app/Policies/EmailVerificationServerPolicy.php
<?php

namespace App\Policies;

use Illuminate\Auth\Access\HandlesAuthorization;
use App\Model\User;
use App\Model\EmailVerificationServer;

/**
 * EmailVerificationServerPolicy — ownership + RBAC only.
 *
 * Plan-state checks (HAS_OWN_EMAIL_VERIFICATION_SERVER entitlement,
 * MAX_EMAIL_VERIFICATION_SERVERS quota, HAS_ALL_EMAIL_VERIFICATION_SERVERS)
 * belong to the Gate layer and are called at the controller boundary.
 */
class EmailVerificationServerPolicy
{
    use HandlesAuthorization;

    public function read(User $user, EmailVerificationServer $server, $role)
    {
        if (app_profile('email_verfication_server.disable') === true) {
            return false;
        }

        switch ($role) {
            case 'admin':
                return $user->admin->getPermission('email_verification_server_read') != 'no';
            case 'customer':
                // Plan-state (entitlement) checked via Gate at controller.
                return true;
        }
        return false;
    }

    public function readAll(User $user, EmailVerificationServer $server, $role)
    {
        if (app_profile('email_verfication_server.disable') === true) {
            return false;
        }

        switch ($role) {
            case 'admin':
                return $user->admin->getPermission('email_verification_server_read') == 'all';
            case 'customer':
                return false;
        }
        return false;
    }

    public function create(User $user, EmailVerificationServer $server, $role)
    {
        if (app_profile('email_verfication_server.disable') === true) {
            return false;
        }

        switch ($role) {
            case 'admin':
                return $user->admin->getPermission('email_verification_server_create') == 'yes';
            case 'customer':
                // RBAC granted. Plan-state (entitlement + quota) checked via Gate at controller.
                return true;
        }
        return false;
    }

    public function update(User $user, EmailVerificationServer $server, $role)
    {
        if (app_profile('email_verfication_server.disable') === true) {
            return false;
        }

        switch ($role) {
            case 'admin':
                $ability = $user->admin->getPermission('email_verification_server_update');
                return $ability == 'all' || $ability == 'own';
            case 'customer':
                return $user->customer->id == $server->customer_id;
        }
        return false;
    }

    public function delete(User $user, EmailVerificationServer $server, $role)
    {
        if (app_profile('email_verfication_server.disable') === true) {
            return false;
        }

        switch ($role) {
            case 'admin':
                $ability = $user->admin->getPermission('email_verification_server_delete');
                return $ability == 'all' || $ability == 'own';
            case 'customer':
                return $user->customer->id == $server->customer_id;
        }
        return false;
    }

    public function disable(User $user, EmailVerificationServer $server, $role)
    {
        if (app_profile('email_verfication_server.disable') === true) {
            return false;
        }

        switch ($role) {
            case 'admin':
                $ability = $user->admin->getPermission('email_verification_server_update');
                $can = $ability == 'all' || $ability == 'own';
                break;
            case 'customer':
                $can = $user->customer->id == $server->customer_id;
                break;
            default:
                $can = false;
        }

        return $can && $server->status != EmailVerificationServer::STATUS_INACTIVE;
    }

    public function enable(User $user, EmailVerificationServer $server, $role)
    {
        if (app_profile('email_verfication_server.disable') === true) {
            return false;
        }

        switch ($role) {
            case 'admin':
                $ability = $user->admin->getPermission('email_verification_server_update');
                $can = $ability == 'all' || $ability == 'own';
                break;
            case 'customer':
                $can = $user->customer->id == $server->customer_id;
                break;
            default:
                $can = false;
        }

        return $can && $server->status != EmailVerificationServer::STATUS_ACTIVE;
    }
}