HEX
Server: LiteSpeed
System: Linux s1049.use1.mysecurecloudhost.com 4.18.0-477.27.2.lve.el8.x86_64 #1 SMP Wed Oct 11 12:32:56 UTC 2023 x86_64
User: xedaptot (3356)
PHP: 8.3.31
Disabled: NONE
Upload Files
File: /home/xedaptot/be.naniguide.com/app/Policies/MailListPolicy.php
<?php

namespace Acelle\Policies;

use Illuminate\Auth\Access\HandlesAuthorization;
use Acelle\Model\User;
use Acelle\Model\MailList;

class MailListPolicy
{
    use HandlesAuthorization;

    public function list(User $user)
    {
        // RBAC check
        if (!$user->hasPermission('list.full_access') && !$user->hasPermission('list.read_only')) {
            return false;
        }

        return true;
    }

    public function read(User $user, MailList $item)
    {
        // RBAC check
        if (!$user->hasPermission('list.full_access') && !$user->hasPermission('list.read_only')) {
            return false;
        }

        $customer = $user->customer;
        return $item->customer_id == $customer->id;
    }

    public function create(User $user)
    {
        // RBAC check
        if (!$user->hasPermission('list.full_access')) {
            return false;
        }

        // init
        $customer = $user->customer;
        $max = get_tmp_quota($customer, 'list_max');
        $isUnlimited = $max == -1; // -1 means unlimited
        $notReachMax = $max > $customer->local()->lists()->count();

        // check max lists: unlimited or is not reach max
        $can = $isUnlimited || $notReachMax;

        // config/limit.php
        $limit = app_profile('list.limit');
        if (!is_null($limit)) {
            $listsCount = $user->customer->local()->listsCount();
            $can = $can && ($listsCount < $limit);
        } else {
            // ignore limit because it is null
        }

        return $can;
    }

    public function update(User $user, MailList $item)
    {
        // RBAC check
        if (!$user->hasPermission('list.full_access')) {
            return false;
        }

        $customer = $user->customer;
        return $item->customer_id == $customer->id;
    }

    public function delete(User $user, MailList $item)
    {
        // RBAC check
        if (!$user->hasPermission('list.full_access')) {
            return false;
        }

        $customer = $user->customer;
        return $item->customer_id == $customer->id;
    }

    public function addMoreSubscribers(User $user, MailList $mailList, $numberOfSubscribers = 1)
    {
        // RBAC check
        if (!$user->hasPermission('list.full_access')) {
            return false;
        }

        $max = get_tmp_quota($user->customer, 'subscriber_max');
        $maxPerList = get_tmp_quota($user->customer, 'subscriber_per_list_max');
        return $user->customer->id == $mailList->customer_id &&
            ($max >= $user->customer->local()->subscribersCount() + $numberOfSubscribers || $max == -1) &&
            ($maxPerList >= $mailList->subscribersCount() + $numberOfSubscribers || $maxPerList == -1);
    }

    public function import(User $user, MailList $item)
    {
        // RBAC check
        if (!$user->hasPermission('list.full_access')) {
            return false;
        }

        $customer = $user->customer;
        $can = get_tmp_quota($customer, 'list_import');

        return ($can == 'yes' && $item->customer_id == $customer->id);
    }

    public function export(User $user, MailList $item)
    {
        // RBAC check
        if (!$user->hasPermission('list.full_access')) {
            return false;
        }

        $customer = $user->customer;
        $can = get_tmp_quota($customer, 'list_export');

        return ($can == 'yes' && $item->customer_id == $customer->id);
    }
}