Basic permissions in-place, but still needs clean-up

uberbrady · Mar 2, 2022 · 2fe8356 · 2fe8356
1 parent 541907b
commit 2fe8356
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 2 deletions.
diff --git a/app/Models/Company.php b/app/Models/Company.php
@@ -61,7 +61,7 @@ final class Company extends SnipeModel
      */
     protected $fillable = ['name'];
 
-    private static function isFullMultipleCompanySupportEnabled()
+    public static function isFullMultipleCompanySupportEnabled()
     {
         $settings = Setting::getSettings();
 

diff --git a/app/Policies/SnipePermissionsPolicy.php b/app/Policies/SnipePermissionsPolicy.php
@@ -39,13 +39,27 @@ public function before(User $user, $ability, $item)
         if ($item instanceof \App\Models\SnipeModel && ! Company::isCurrentUserHasAccess($item)) { // Question: what if $item is a _class_, not an actual object? Isn't that possible? e.g. for @can('create',Statuslabel::class)
             return false;
         }
+        \Log::debug("okay, we're still in the before() method, but the \$item is *not* an instance of SnipeModel. User: ".$user->username." Ability: $ability, Item's class is: ".gettype($item));
         // If an admin, they can do all asset related tasks.
         if ($user->hasAccess('admin')) { //*THIS* I kinda think is the thing I'm looking for?
             \Log::info("Yes, we have Admin. Is full company support enabled? ".(Company::isFullMultipleCompanySupportEnabled() ? " yes ": " no ")." what is the item? ".print_r($item,true)." ");
-            if (Company::isFullMultipleCompanySupportEnabled() && is_null($item->company_id) && $ability != 'view' ) {
+            // if(gettype($item) == "string") { //means that $item is a Class Name.
+            //     $real_item = new $item();
+            // } elseif(gettype($item) == "object") { //otherwise, we're dealing directly with an instance.
+            //     $real_item = $item;
+            // } else {
+            //     \Log::error("WEIRD TYPE BEING CHECKED FOR!!!");
+            //     dd("We're totally toast.");
+            // }
+            \Log::debug("Is multi-company enabled? ".Company::isFullMultipleCompanySupportEnabled()." does the company method exists? ". method_exists($item, 'company')." and is this a wird \$ability? :$ability");
+
+            if (Company::isFullMultipleCompanySupportEnabled() && !method_exists($item, 'company') && !in_array($ability, ['view', 'index', 'viewRequestable'] )) {
                 //I suspect that is_null($item->company_id) will *ALWAYS* be true, because we probably caught any SnipeModel things (which have $company_id) above.
+                // \Log::info("This looks like you're going to try and do a create, update, or delete on something that *doesn't* have a company_id. So I think you are boned. False for you.");
+                \Log::info("then you're boned, this is something that isn't 'companied' so you can't make 'em.");
                 return false; //Admin users *CANNOT* make any changes to cross-company things.
             }
+            \Log::info("you're good, go ahead then.");
             return true;
         }
     }