1036 lines
36 KiB
PHP
1036 lines
36 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Http\Controllers\Helpers\Permissions;
|
|
|
|
use App\Enums\UserTypes;
|
|
use Hypervel\Http\Request;
|
|
use App\Models\User;
|
|
use Hypervel\Support\Facades\Auth;
|
|
use App\Enums\UserActions;
|
|
|
|
|
|
class UserPermissions
|
|
{
|
|
use Roles;
|
|
use PermissionsCheck;
|
|
public static function IsParentofTargetUser(string|int $hashkeyORId)
|
|
{
|
|
$currentUser = Auth::user();
|
|
if (!$currentUser) {
|
|
return false;
|
|
}
|
|
if (is_numeric($hashkeyORId)) {
|
|
$targetUser = User::find($hashkeyORId);
|
|
} else {
|
|
$targetUser = User::where('hashkey', $hashkeyORId)->first();
|
|
}
|
|
|
|
if (!$targetUser) {
|
|
return false;
|
|
}
|
|
return $targetUser->parentuid === $currentUser->id;
|
|
}
|
|
|
|
/**
|
|
* Check if the current user is an ancestor or part of the family of the target user.
|
|
* The family includes both ancestors (parents, grandparents, etc.) and descendants.
|
|
*
|
|
* @param string|int $hashkeyORId - Target user's hashkey or ID
|
|
* @return bool
|
|
*/
|
|
public static function isAncestorOrFamilyOfTargetUser(string|int $hashkeyORId): bool
|
|
{
|
|
$currentUser = Auth::user();
|
|
if (!$currentUser) {
|
|
return false;
|
|
}
|
|
|
|
if (is_numeric($hashkeyORId)) {
|
|
$targetUser = User::find($hashkeyORId);
|
|
} else {
|
|
$targetUser = User::where('hashkey', $hashkeyORId)->first();
|
|
}
|
|
|
|
if (!$targetUser) {
|
|
return false;
|
|
}
|
|
if ($currentUser->id === $targetUser->id) {
|
|
return true;
|
|
}
|
|
if ($targetUser->getAllDescendants()->contains($currentUser)) {
|
|
return true;
|
|
}
|
|
$parent = $targetUser->parent;
|
|
while ($parent) {
|
|
if ($parent->id === $currentUser->id) {
|
|
return true;
|
|
}
|
|
$parent = $parent->parent;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Check if the current user is an indirect parent of the target user.
|
|
* An indirect parent is someone who is an ancestor, but not a direct parent.
|
|
*
|
|
* @param string|int $hashkeyORId - Target user's hashkey or ID
|
|
* @return bool
|
|
*/
|
|
public static function isIndirectParentOfTargetUser(string|int $hashkeyORId): bool
|
|
{
|
|
$currentUser = Auth::user();
|
|
if (!$currentUser) {
|
|
return false;
|
|
}
|
|
|
|
if (is_numeric($hashkeyORId)) {
|
|
$targetUser = User::find($hashkeyORId);
|
|
} else {
|
|
$targetUser = User::where('hashkey', $hashkeyORId)->first();
|
|
}
|
|
|
|
if (!$targetUser) {
|
|
return false;
|
|
}
|
|
if ($currentUser->id === $targetUser->id) {
|
|
return false;
|
|
}
|
|
$descendants = $targetUser->getAllDescendants();
|
|
if ($descendants->contains($currentUser)) {
|
|
if ($targetUser->parentuid === $currentUser->id) {
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
private static function safeUserActionFromString(string $value): ?UserActions
|
|
{
|
|
foreach (UserActions::cases() as $case) {
|
|
if ($case->value === $value) {
|
|
return $case;
|
|
}
|
|
}
|
|
|
|
return null;
|
|
}
|
|
|
|
public static function isDescendantOfCurrentUser(string|int|User|null $hashkeyOrId): bool
|
|
{
|
|
if (!$hashkeyOrId) {
|
|
return false;
|
|
}
|
|
|
|
$currentUser = Auth::user();
|
|
if (!$currentUser) {
|
|
return false;
|
|
}
|
|
|
|
|
|
|
|
if ($hashkeyOrId instanceof User) {
|
|
$targetUser = $hashkeyOrId;
|
|
} else {
|
|
$targetUser = is_numeric($hashkeyOrId)
|
|
? User::find($hashkeyOrId)
|
|
: User::where('hashkey', $hashkeyOrId)->first();
|
|
}
|
|
|
|
|
|
|
|
if (!$targetUser || $currentUser->id === $targetUser->id) {
|
|
return false;
|
|
}
|
|
|
|
|
|
$descendants = $currentUser->getAllDescendants();
|
|
|
|
return $descendants->contains('id', $targetUser->id);
|
|
}
|
|
|
|
|
|
public static function isActionPermitted(string|int|UserTypes $hashkeyORId, UserActions $userActions)
|
|
{
|
|
|
|
$currentUser = Auth::user();
|
|
if (!Auth::check()) {
|
|
return false;
|
|
}
|
|
|
|
$currentUserType = $currentUser->acct_type;
|
|
if (!($currentUserType instanceof UserTypes)) {
|
|
$currentUserType = UserTypes::tryFrom($currentUserType) ?? UserTypes::PUBLIC;
|
|
}
|
|
|
|
$isDeniedRoles = self::isUserDeniedRoles($userActions);
|
|
|
|
if ($isDeniedRoles) {
|
|
return false;
|
|
}
|
|
|
|
//Started Changing this part, For actions that does not target a user
|
|
if (self::CheckifRoleDoesNotRequireaTargetUser($userActions)) {
|
|
$preliminary_permission = true;
|
|
} elseif (($hashkeyORId || $hashkeyORId === 0 || $hashkeyORId === '0') && !($hashkeyORId instanceof UserTypes)) {
|
|
$preliminary_permission = self::isUserPreliminaryPermissionAllowed($hashkeyORId);
|
|
} elseif ($hashkeyORId instanceof UserTypes) {
|
|
$preliminary_permission = self::isUserPreliminaryPermissionAllowed($hashkeyORId);
|
|
} else {
|
|
$preliminary_permission = false;
|
|
}
|
|
//end
|
|
|
|
if (!$preliminary_permission) {
|
|
return false;
|
|
}
|
|
$permissionString = $userActions->value;
|
|
|
|
// if (isset(self::$roles[$currentUserType]) && in_array($permissionString, self::$roles[$currentUserType])) {
|
|
// return true;
|
|
// } else {
|
|
// return false;
|
|
// }
|
|
|
|
$permissionEnum = self::safeUserActionFromString($permissionString);
|
|
|
|
$allowedThroughAdditionalRoles = self::isUserAllowedbyAdditionalRoles($userActions);
|
|
|
|
// if (isset(self::$roles[$currentUserType])) {
|
|
// file_put_contents('php://stderr', print_r($currentUserType, true) . "\n");
|
|
// }
|
|
$isPermissionAllowed = (isset(self::roles()[$currentUserType->value]) &&
|
|
in_array($permissionEnum, self::roles()[$currentUserType->value]));
|
|
|
|
if (
|
|
$permissionEnum && ($isPermissionAllowed ||
|
|
$allowedThroughAdditionalRoles)
|
|
) {
|
|
return true;
|
|
} else {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
|
|
/**
|
|
* Check if CurrentUser is Allowed to Modify Target User based on User type
|
|
* @param string|int $hashkeyORId
|
|
* @return bool
|
|
*/
|
|
private static function isUserPreliminaryPermissionAllowed(string|int|UserTypes $hashkeyORId)
|
|
{
|
|
$currentUser = Auth::user();
|
|
if (!$currentUser) {
|
|
return false;
|
|
}
|
|
|
|
if ($currentUser->acct_type === UserTypes::ULTIMATE) {
|
|
return true;
|
|
}
|
|
|
|
$currentUserType = $currentUser->acct_type;
|
|
if (!($currentUserType instanceof UserTypes)) {
|
|
$currentUserType = UserTypes::tryFrom($currentUserType) ?? UserTypes::PUBLIC;
|
|
}
|
|
$allowedUserTypes = UserTypeService::getAllowedUserTypes($currentUserType);
|
|
|
|
|
|
|
|
|
|
//Updated This Part
|
|
if ($hashkeyORId instanceof UserTypes) {
|
|
$isTypeAllowedtobeModified = in_array($hashkeyORId, $allowedUserTypes);
|
|
} else {
|
|
|
|
try {
|
|
if (is_string($hashkeyORId)) {
|
|
$TargetUser = User::where('hashkey', $hashkeyORId)->first();
|
|
$target_acct_type = $TargetUser->acct_type;
|
|
} else {
|
|
$TargetUser = User::where('id', $hashkeyORId)->first();
|
|
$target_acct_type = $TargetUser->acct_type;
|
|
}
|
|
$isTypeAllowedtobeModified = in_array($target_acct_type, $allowedUserTypes);
|
|
|
|
} catch (\Throwable $th) {
|
|
throw new \Exception('' . $th->getMessage());
|
|
}
|
|
|
|
}
|
|
//end
|
|
|
|
|
|
|
|
$IndirectParent = self::isDescendantOfCurrentUser($hashkeyORId);
|
|
$isSelf = $currentUser->hashkey === $hashkeyORId;
|
|
|
|
return ($IndirectParent || $isSelf) && $isTypeAllowedtobeModified;
|
|
|
|
|
|
}
|
|
|
|
|
|
/**
|
|
* Private function to check if Addional Roles is allowed way beyond the Roles of the User Type
|
|
* @param \App\Enums\UserActions $userActions
|
|
* @return bool
|
|
*/
|
|
// private static function isUserAllowedbyAdditionalRoles(UserActions $userActions): bool
|
|
// {
|
|
// $currentUser = User::findOrFail(Auth::id());
|
|
// if (!$currentUser) {
|
|
// return false;
|
|
// }
|
|
|
|
// $currentUserDeniedRoles = $currentUser->additional_roles ?? [];
|
|
// if (empty($currentUserDeniedRoles)) {
|
|
// return false;
|
|
// }
|
|
// if (in_array($userActions->value, $currentUserDeniedRoles)) {
|
|
// return true;
|
|
// } else {
|
|
// return false;
|
|
// }
|
|
// //
|
|
// }
|
|
|
|
public static function isUserAllowedbyAdditionalRoles(UserActions $userActions): bool
|
|
{
|
|
$currentUser = Auth::user();
|
|
if (!$currentUser)
|
|
return false;
|
|
|
|
$additionalRoles = $currentUser->additional_roles ?? [];
|
|
if (empty($additionalRoles)) {
|
|
return false;
|
|
}
|
|
|
|
foreach ($additionalRoles as $role) {
|
|
if ($role instanceof UserActions) {
|
|
if ($role === $userActions) {
|
|
return true;
|
|
}
|
|
} elseif (is_string($role)) {
|
|
if ($role === $userActions->value) {
|
|
return true;
|
|
}
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Private function to check if A role is denied in the custom denied roles in user table
|
|
* <b><i>TAKES PRECEDENCE OVER ANYTHING</b></i>
|
|
* @param \App\Enums\UserActions $userActions
|
|
* @return bool
|
|
*/
|
|
public static function isUserDeniedRoles(UserActions $userActions)
|
|
{
|
|
$currentUser = User::findOrFail(Auth::id());
|
|
if (!$currentUser) {
|
|
return false;
|
|
}
|
|
|
|
if ($currentUser->acct_type === UserTypes::ULTIMATE) {
|
|
return false;
|
|
}
|
|
|
|
$currentUserAdditionalRoles = $currentUser->denied_roles ?? [];
|
|
if (empty($currentUserAdditionalRoles)) {
|
|
return false;
|
|
}
|
|
if (in_array($userActions->value, $currentUserAdditionalRoles)) {
|
|
return true;
|
|
} else {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
public static function getUserRoles(int $id)
|
|
{
|
|
try {
|
|
$currentUser = User::findOrFail($id);
|
|
} catch (\Throwable $th) {
|
|
return false;
|
|
}
|
|
|
|
$acct_type = $currentUser->acct_type;
|
|
|
|
$defaultuserRoles = self::roles()[$acct_type->value] ?? [];
|
|
// if (!$defaultuserRoles) {
|
|
// return false;
|
|
// }
|
|
$additionalRoles = $currentUser->additional_roles ?? [];
|
|
$deniedRoles = $currentUser->denied_roles ?? [];
|
|
$mergedRoles = array_merge($defaultuserRoles, $additionalRoles);
|
|
$uniqueRoles = [];
|
|
foreach ($mergedRoles as $role) {
|
|
$uniqueRoles[$role->value] = $role;
|
|
}
|
|
|
|
foreach ($deniedRoles as $denied) {
|
|
unset($uniqueRoles[$denied->value]);
|
|
}
|
|
|
|
return array_values($uniqueRoles);
|
|
|
|
}
|
|
|
|
|
|
public static function normalizeRole(UserActions|string $role): UserActions
|
|
{
|
|
if ($role instanceof UserActions) {
|
|
return $role;
|
|
}
|
|
|
|
// Try as backing value, e.g. "create_user"
|
|
if ($e = UserActions::tryFrom($role)) {
|
|
return $e;
|
|
}
|
|
|
|
// Try as CASE NAME, e.g. "CreateUser"
|
|
foreach (UserActions::cases() as $case) {
|
|
if ($case->name === $role) {
|
|
return $case;
|
|
}
|
|
}
|
|
|
|
// Try to convert PascalCase to snake_case and match: "CreateUser" -> "create_user"
|
|
$snake = strtolower(preg_replace('/(?<!^)[A-Z]/', '_$0', $role));
|
|
if ($e = UserActions::tryFrom($snake)) {
|
|
return $e;
|
|
}
|
|
|
|
throw new \InvalidArgumentException("Unknown role: {$role}");
|
|
}
|
|
|
|
/**
|
|
* Check if one user is an ancestor of another.
|
|
*/
|
|
public static function isAncestorOf(User|int|string $ancestor, User|int|string $descendant): bool
|
|
{
|
|
if (!$ancestor || !$descendant) return false;
|
|
|
|
$ancestorUser = $ancestor instanceof User ? $ancestor : (is_numeric($ancestor) ? User::find((int)$ancestor) : User::where('hashkey', $ancestor)->first());
|
|
$descendantUser = $descendant instanceof User ? $descendant : (is_numeric($descendant) ? User::find((int)$descendant) : User::where('hashkey', $descendant)->first());
|
|
|
|
if (!$ancestorUser || !$descendantUser) return false;
|
|
|
|
if ($ancestorUser->id === $descendantUser->id) return true;
|
|
|
|
$parent = $descendantUser->parent;
|
|
while ($parent) {
|
|
if ($parent->id === $ancestorUser->id) {
|
|
return true;
|
|
}
|
|
$parent = $parent->parent;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Check if a user is allowed to access a specific store.
|
|
*/
|
|
public static function isUserAllowedAccessToStore(User|int|string $user, \App\Models\Market\Store|int|string $store): bool
|
|
{
|
|
$userObj = $user instanceof User ? $user : (is_numeric($user) ? User::find((int)$user) : User::where('hashkey', $user)->first());
|
|
if (!$userObj) return false;
|
|
|
|
if ($userObj->acct_type === UserTypes::ULTIMATE) return true;
|
|
|
|
$storeObj = $store instanceof \App\Models\Market\Store ? $store : (is_numeric($store) ? \App\Models\Market\Store::find((int)$store) : \App\Models\Market\Store::where('hashkey', $store)->first());
|
|
if (!$storeObj) return false;
|
|
|
|
// Check if user owns or manages the store
|
|
if ($userObj->id === $storeObj->owner_id || $userObj->id === $storeObj->manager_id) return true;
|
|
|
|
// Check if user's parent is the owner/manager (for POS_TERMINAL/RIDER)
|
|
if ($userObj->parentuid === $storeObj->owner_id || $userObj->parentuid === $storeObj->manager_id) return true;
|
|
|
|
// check if user is an ancestor of the owner/manager
|
|
if (self::isAncestorOf($userObj, $storeObj->owner_id) || self::isAncestorOf($userObj, $storeObj->manager_id)) return true;
|
|
|
|
return false;
|
|
}
|
|
|
|
|
|
}
|
|
|
|
trait PermissionsCheck
|
|
{
|
|
|
|
/**
|
|
* Check if the user modification is allowed based on the provided hashkey or ID.
|
|
*
|
|
* @param string|int $hashkeyORId
|
|
* @return bool
|
|
*/
|
|
public static function isUserModificationAllowed(string|int $hashkeyORId): bool
|
|
{
|
|
return self::isActionPermitted($hashkeyORId, UserActions::ModifyUser);
|
|
}
|
|
|
|
/**
|
|
* Check if the user can be set to active based on the provided hashkey or ID.
|
|
*
|
|
* @param string|int $hashkeyORId
|
|
* @return bool
|
|
*/
|
|
public static function isUserSetActiveAllowed(string|int $hashkeyORId): bool
|
|
{
|
|
return self::isActionPermitted($hashkeyORId, UserActions::SetActiveUser);
|
|
}
|
|
|
|
/**
|
|
* Check if the user can be set to inactive based on the provided hashkey or ID.
|
|
*
|
|
* @param string|int $hashkeyORId
|
|
* @return bool
|
|
*/
|
|
public static function isUserSetInactiveAllowed(string|int $hashkeyORId): bool
|
|
{
|
|
return self::isActionPermitted($hashkeyORId, UserActions::SetInActiveUser);
|
|
}
|
|
|
|
/**
|
|
* Check if the user can be deleted based on the provided hashkey or ID.
|
|
*
|
|
* @param string|int $hashkeyORId
|
|
* @return bool
|
|
*/
|
|
public static function isUserDeletionAllowed(string|int $hashkeyORId): bool
|
|
{
|
|
return self::isActionPermitted($hashkeyORId, UserActions::DeleteUser);
|
|
}
|
|
|
|
public static function isUserExecChangeAllowed(string|int $hashkeyORId)
|
|
{
|
|
return self::isActionPermitted($hashkeyORId, UserActions::UpdateUserExec);
|
|
}
|
|
|
|
public static function isUserExecViewingAllowed(string|int $hashkeyORId)
|
|
{
|
|
return self::isActionPermitted($hashkeyORId, UserActions::ViewUserExec);
|
|
}
|
|
|
|
public static function isUserExecDeletionAllowed(string|int $hashkeyORId)
|
|
{
|
|
return self::isActionPermitted($hashkeyORId, UserActions::DeleteUserExec);
|
|
}
|
|
|
|
|
|
public static function isUserNotesViewingAllowed(string|int $hashkeyORId)
|
|
{
|
|
return self::isActionPermitted($hashkeyORId, UserActions::ViewUserNotes);
|
|
}
|
|
public static function isUserNotesUpdateAllowed(string|int $hashkeyORId)
|
|
{
|
|
return self::isActionPermitted($hashkeyORId, UserActions::SetUserNotes);
|
|
}
|
|
public static function isUserNotesDeletionAllowed(string|int $hashkeyORId)
|
|
{
|
|
return self::isActionPermitted($hashkeyORId, UserActions::DeleteUserNotes);
|
|
}
|
|
public static function isUserPasswordChangeAllowed(string|int $hashkeyORId)
|
|
{
|
|
return self::isActionPermitted($hashkeyORId, UserActions::ChangeUserPassword);
|
|
}
|
|
public static function isDirectCreditTransfertoUserAllowed(string|int $hashkeyORId)
|
|
{
|
|
return self::isActionPermitted($hashkeyORId, UserActions::DirectUserCreditTransfer);
|
|
}
|
|
public static function isForceLogoutUserAllowed(string|int $hashkeyORId)
|
|
{
|
|
return self::isActionPermitted($hashkeyORId, UserActions::ForceLogoutUser);
|
|
}
|
|
|
|
public static function isUserAllowedtoViewAnotherUserRoles(string|int $hashkeyORId)
|
|
{
|
|
return self::isActionPermitted($hashkeyORId, UserActions::UserAllowedtoChangeAnotherUserRoles);
|
|
}
|
|
|
|
public static function isUserAllowedtoViewSelfRoles(string|int $hashkeyORId)
|
|
{
|
|
return self::isActionPermitted($hashkeyORId, UserActions::UserAllowedtoViewSelfRoles);
|
|
}
|
|
|
|
public static function isUserAllowedtoChangeAnotherUserRoles(string|int $hashkeyORId)
|
|
{
|
|
return self::isActionPermitted($hashkeyORId, UserActions::UserAllowedtoChangeAnotherUserRoles);
|
|
}
|
|
|
|
public function isUserAllowedtoChangeParent(string|int $hashkeyORId)
|
|
{
|
|
return self::isActionPermitted($hashkeyORId, UserActions::ChangeAnotherUsersParent);
|
|
}
|
|
|
|
}
|
|
|
|
|
|
trait Roles
|
|
{
|
|
|
|
public static $RoleswithNoTargetUser = [
|
|
UserActions::ViewAllUserTypes,
|
|
UserActions::ListAllUsersAsParentforUserCreation,
|
|
UserActions::CheckifMobileNumberExists,
|
|
UserActions::CheckifUsernameExists,
|
|
UserActions::ViewAllFiles,
|
|
UserActions::UploadAllFiles,
|
|
UserActions::DeleteAllFiles,
|
|
UserActions::ModifyAllFiles,
|
|
UserActions::DeleteAllStores,
|
|
UserActions::DeleteAllProducts,
|
|
UserActions::ViewAllFiles,
|
|
UserActions::ViewGlobalReports,
|
|
UserActions::AddProducttoAnyStore,
|
|
UserActions::CreateAnnouncement,
|
|
UserActions::ModifyAnnouncement,
|
|
UserActions::DeleteAnnouncement,
|
|
UserActions::ViewAllAnnouncements,
|
|
UserActions::ViewFarmers,
|
|
UserActions::VerifyFarmer,
|
|
UserActions::CreateOrganization,
|
|
UserActions::ViewOrganizations,
|
|
UserActions::ViewShipments,
|
|
UserActions::CreateShipment,
|
|
UserActions::UpdateShipmentStatus,
|
|
UserActions::CreateCourier,
|
|
UserActions::ViewCouriers,
|
|
UserActions::ViewGlobalTransactions,
|
|
UserActions::CreateGlobalTransaction,
|
|
UserActions::ViewAccountingReports,
|
|
UserActions::ManageAccounting,
|
|
UserActions::ViewProperties,
|
|
UserActions::ViewReferrals,
|
|
UserActions::ViewPosAccessKeys,
|
|
UserActions::CreatePosAccessKey,
|
|
UserActions::DeletePosAccessKey,
|
|
UserActions::TogglePosAccessKey,
|
|
UserActions::ViewPosReports,
|
|
UserActions::ViewCustomers,
|
|
UserActions::UltimateConsole,
|
|
UserActions::UltimateLogs,
|
|
UserActions::UltimateReports,
|
|
UserActions::UltimateMaintenance,
|
|
UserActions::UltimateQuery,
|
|
UserActions::UltimateBatch,
|
|
UserActions::UltimateGlobalMessage,
|
|
UserActions::UltimateFlush,
|
|
UserActions::ManageLandingPages,
|
|
UserActions::JoinCooperative,
|
|
UserActions::ManageQrphPaymentCode,
|
|
UserActions::ViewChapterOrgChart,
|
|
UserActions::ManageChapterMembers,
|
|
UserActions::ViewScopedMemberReports,
|
|
UserActions::AssignChapterOfficer,
|
|
];
|
|
|
|
public static function CheckifRoleDoesNotRequireaTargetUser(UserActions $userAction): bool
|
|
{
|
|
return in_array($userAction, self::$RoleswithNoTargetUser, true);
|
|
}
|
|
|
|
// public static array $roles = [
|
|
|
|
// UserTypes::ULTIMATE->value => UserActions::cases(),
|
|
// // [
|
|
// // UserActions::CreateUser,
|
|
// // UserActions::ChangeUserPassword,
|
|
// // UserActions::ModifyUser,
|
|
// // UserActions::DeleteUser,
|
|
// // UserActions::SetActiveUser,
|
|
// // UserActions::SetInActiveUser,
|
|
// // UserActions::DeveloperConsole,
|
|
// // UserActions::UltimateConsole,
|
|
// // UserActions::UltimateReports,
|
|
// // UserActions::UltimateLogs,
|
|
// // UserActions::UpdateSelfExec,
|
|
// // UserActions::UpdateUserExec,
|
|
// // UserActions::ViewUserExec,
|
|
// // UserActions::ViewSelfExec,
|
|
// // UserActions::SetUserNotes,
|
|
// // UserActions::DeleteUserNotes,
|
|
// // UserActions::ViewUserNotes,
|
|
// // UserActions::SetSelfNotes,
|
|
// // UserActions::DeleteSelfNotes,
|
|
// // UserActions::ViewGlobalReports,
|
|
// // UserActions::ModifyGlobalReports,
|
|
// // UserActions::DeleteGlobalReports,
|
|
// // UserActions::DeleteUserExec,
|
|
// // UserActions::DirectUserCreditTransfer,
|
|
// // ],
|
|
|
|
// UserTypes::SUPER_OPERATOR->value => [
|
|
// UserActions::CreateUser,
|
|
// UserActions::ModifyUser,
|
|
// UserActions::SetActiveUser,
|
|
// UserActions::SetInActiveUser,
|
|
// UserActions::DeveloperConsole,
|
|
// UserActions::ViewGlobalReports,
|
|
// ],
|
|
|
|
// UserTypes::OPERATOR->value => [
|
|
// UserActions::CreateUser,
|
|
// UserActions::ModifyUser,
|
|
// UserActions::SetActiveUser,
|
|
// UserActions::SetInActiveUser,
|
|
// ],
|
|
|
|
// ];
|
|
|
|
public static function roles()
|
|
{
|
|
return [
|
|
|
|
UserTypes::ULTIMATE->value => UserActions::cases(),
|
|
|
|
// UserTypes::ULTIMATE->value =>
|
|
// [
|
|
// UserActions::CreateUser,
|
|
// UserActions::ChangeUserPassword,
|
|
// UserActions::ModifyUser,
|
|
// UserActions::DeleteUser,
|
|
// UserActions::SetActiveUser,
|
|
// UserActions::SetInActiveUser,
|
|
// UserActions::DeveloperConsole,
|
|
// UserActions::UltimateConsole,
|
|
// UserActions::UltimateReports,
|
|
// UserActions::UltimateLogs,
|
|
// UserActions::UpdateSelfExec,
|
|
// UserActions::UpdateUserExec,
|
|
// UserActions::ViewUserExec,
|
|
// UserActions::ViewSelfExec,
|
|
// UserActions::SetUserNotes,
|
|
// UserActions::DeleteUserNotes,
|
|
// UserActions::ViewUserNotes,
|
|
// UserActions::SetSelfNotes,
|
|
// UserActions::DeleteSelfNotes,
|
|
// UserActions::ViewGlobalReports,
|
|
// UserActions::ModifyGlobalReports,
|
|
// UserActions::DeleteGlobalReports,
|
|
// UserActions::DeleteUserExec,
|
|
// UserActions::DirectUserCreditTransfer,
|
|
// UserActions::UserAllowedtoViewOtherUserRoles,
|
|
// UserActions::UserAllowedtoViewAllRoles,
|
|
// UserActions::UserAllowedtoChangeAnotherUserRoles,
|
|
// UserActions::ChangeAnotherUsersParent,
|
|
// UserActions::ViewAllUserTypes,
|
|
// UserActions::ListAllUsersAsParentforUserCreation,
|
|
// UserActions::CheckifMobileNumberExists,
|
|
// UserActions::CheckifUsernameExists,
|
|
// ],
|
|
|
|
UserTypes::SUPER_OPERATOR->value => [
|
|
UserActions::CreateUserOperator,
|
|
UserActions::CreateUserCoordinator,
|
|
UserActions::CreateUserSupplierOverseer,
|
|
UserActions::CreateUserWholesaleBuyer,
|
|
UserActions::CreateUserSupplier,
|
|
UserActions::CreateUserStoreOwner,
|
|
UserActions::CreateUserStoreManager,
|
|
UserActions::CreateUserUser,
|
|
UserActions::CreateUserRider,
|
|
UserActions::CreateUserPOSTerminal,
|
|
UserActions::ModifyUser,
|
|
UserActions::SetActiveUser,
|
|
UserActions::SetInActiveUser,
|
|
UserActions::DeveloperConsole,
|
|
UserActions::ViewGlobalReports,
|
|
UserActions::ViewFarmers,
|
|
UserActions::ViewOrganizations,
|
|
UserActions::ViewShipments,
|
|
UserActions::CreateShipment,
|
|
UserActions::UpdateShipmentStatus,
|
|
UserActions::ViewCouriers,
|
|
UserActions::ViewGlobalTransactions,
|
|
UserActions::ViewAccountingReports,
|
|
UserActions::ManageAccounting,
|
|
UserActions::ViewProperties,
|
|
UserActions::ViewReferrals,
|
|
UserActions::ViewPosAccessKeys,
|
|
UserActions::ViewPosReports,
|
|
UserActions::ViewCustomers,
|
|
UserActions::ViewAllUserTypes,
|
|
UserActions::ListAllUsersAsParentforUserCreation,
|
|
UserActions::CheckifMobileNumberExists,
|
|
UserActions::CheckifUsernameExists,
|
|
UserActions::ManageLandingPages,
|
|
UserActions::JoinCooperative,
|
|
UserActions::ViewAllStores,
|
|
UserActions::CreateStoreGlobal,
|
|
UserActions::ModifyAllStores,
|
|
UserActions::ViewAllProducts,
|
|
UserActions::CreateProductGlobal,
|
|
UserActions::ModifyAllProducts,
|
|
UserActions::AddProducttoAnyStore,
|
|
UserActions::RemoveProductfromAnyStore,
|
|
UserActions::CreatePosAccessKey,
|
|
UserActions::DeletePosAccessKey,
|
|
UserActions::TogglePosAccessKey,
|
|
UserActions::SearchStockPhotos,
|
|
UserActions::DownloadStockPhoto,
|
|
],
|
|
|
|
UserTypes::OPERATOR->value => [
|
|
UserActions::CreateUserCoordinator,
|
|
UserActions::CreateUserSupplier,
|
|
UserActions::CreateUserStoreOwner,
|
|
UserActions::CreateUserRider,
|
|
UserActions::CreateUserPOSTerminal,
|
|
UserActions::ModifyUser,
|
|
UserActions::SetActiveUser,
|
|
UserActions::SetInActiveUser,
|
|
UserActions::ViewShipments,
|
|
UserActions::CreateShipment,
|
|
UserActions::UpdateShipmentStatus,
|
|
UserActions::ViewPosReports,
|
|
UserActions::ViewCustomers,
|
|
UserActions::ViewUserInfo,
|
|
UserActions::ManageUserInfo,
|
|
UserActions::JoinCooperative,
|
|
UserActions::ViewOrganizations,
|
|
UserActions::ViewFarmers,
|
|
UserActions::ViewAllUserTypes,
|
|
UserActions::ListAllUsersAsParentforUserCreation,
|
|
UserActions::CheckifMobileNumberExists,
|
|
UserActions::CheckifUsernameExists,
|
|
UserActions::ManageLandingPages,
|
|
UserActions::ViewAllStores,
|
|
UserActions::CreateStoreGlobal,
|
|
UserActions::ModifyAllStores,
|
|
UserActions::ViewAllProducts,
|
|
UserActions::CreateProductGlobal,
|
|
UserActions::ModifyAllProducts,
|
|
UserActions::AddProducttoAnyStore,
|
|
UserActions::RemoveProductfromAnyStore,
|
|
UserActions::ViewPosAccessKeys,
|
|
UserActions::CreatePosAccessKey,
|
|
UserActions::DeletePosAccessKey,
|
|
UserActions::TogglePosAccessKey,
|
|
UserActions::ViewAccountingReports,
|
|
UserActions::ManageAccounting,
|
|
UserActions::ViewProperties,
|
|
UserActions::ViewReferrals,
|
|
UserActions::SearchStockPhotos,
|
|
UserActions::DownloadStockPhoto,
|
|
],
|
|
|
|
UserTypes::USER->value => [
|
|
UserActions::JoinCooperative,
|
|
UserActions::ViewUserInfo,
|
|
UserActions::ManageUserInfo,
|
|
],
|
|
|
|
UserTypes::COOP_MEMBER->value => [
|
|
UserActions::JoinCooperative,
|
|
UserActions::ViewUserInfo,
|
|
UserActions::ManageUserInfo,
|
|
UserActions::ViewChapterOrgChart,
|
|
],
|
|
|
|
UserTypes::COOP_OFFICER->value => [
|
|
UserActions::JoinCooperative,
|
|
UserActions::ViewUserInfo,
|
|
UserActions::ManageUserInfo,
|
|
UserActions::ViewOrganizations,
|
|
UserActions::ViewChapterOrgChart,
|
|
UserActions::ManageChapterMembers,
|
|
UserActions::ViewScopedMemberReports,
|
|
UserActions::AssignChapterOfficer,
|
|
UserActions::ViewAccountingReports,
|
|
UserActions::CheckifMobileNumberExists,
|
|
UserActions::CheckifUsernameExists,
|
|
],
|
|
|
|
UserTypes::COORDINATOR->value => [
|
|
UserActions::ViewOrganizations,
|
|
UserActions::ViewFarmers,
|
|
UserActions::ViewShipments,
|
|
UserActions::JoinCooperative,
|
|
UserActions::ViewAccountingReports,
|
|
UserActions::CreateUserSupplier,
|
|
UserActions::CreateUserStoreManager,
|
|
UserActions::CreateUserRider,
|
|
UserActions::ViewAllUserTypes,
|
|
UserActions::ListAllUsersAsParentforUserCreation,
|
|
UserActions::CheckifMobileNumberExists,
|
|
UserActions::CheckifUsernameExists,
|
|
UserActions::ManageLandingPages,
|
|
],
|
|
|
|
UserTypes::STORE_OWNER->value => [
|
|
UserActions::CreateUserStoreManager,
|
|
UserActions::CreateUserRider,
|
|
UserActions::CreateUserPOSTerminal,
|
|
UserActions::ViewUserInfo,
|
|
UserActions::ManageUserInfo,
|
|
UserActions::ViewShipments,
|
|
UserActions::ViewPosReports,
|
|
UserActions::ViewPosAccessKeys,
|
|
UserActions::CreatePosAccessKey,
|
|
UserActions::DeletePosAccessKey,
|
|
UserActions::TogglePosAccessKey,
|
|
UserActions::JoinCooperative,
|
|
UserActions::ViewAccountingReports,
|
|
UserActions::ManageAccounting,
|
|
UserActions::ViewGlobalReports,
|
|
UserActions::ViewGlobalTransactions,
|
|
UserActions::SearchStockPhotos,
|
|
UserActions::DownloadStockPhoto,
|
|
],
|
|
|
|
UserTypes::STORE_MANAGER->value => [
|
|
UserActions::CreateUserRider,
|
|
UserActions::CreateUserPOSTerminal,
|
|
UserActions::ViewUserInfo,
|
|
UserActions::ManageUserInfo,
|
|
UserActions::ViewShipments,
|
|
UserActions::ViewPosReports,
|
|
UserActions::ViewPosAccessKeys,
|
|
UserActions::CreatePosAccessKey,
|
|
UserActions::DeletePosAccessKey,
|
|
UserActions::TogglePosAccessKey,
|
|
UserActions::JoinCooperative,
|
|
UserActions::ViewAccountingReports,
|
|
UserActions::ManageAccounting,
|
|
UserActions::ViewGlobalReports,
|
|
UserActions::ViewGlobalTransactions,
|
|
UserActions::CreateProductForOwnStore,
|
|
UserActions::AddProducttoOwnStore,
|
|
UserActions::SearchStockPhotos,
|
|
UserActions::DownloadStockPhoto,
|
|
],
|
|
|
|
UserTypes::SUPPLIER_OVERSEER->value => [
|
|
UserActions::CreateUserSupplier,
|
|
UserActions::CreateUserWholesaleBuyer,
|
|
UserActions::CreateUserRider,
|
|
UserActions::ViewUserInfo,
|
|
UserActions::ManageUserInfo,
|
|
],
|
|
|
|
UserTypes::SUPPLIER->value => [
|
|
UserActions::CreateUserRider,
|
|
UserActions::ViewUserInfo,
|
|
UserActions::ManageUserInfo,
|
|
UserActions::JoinCooperative,
|
|
],
|
|
|
|
UserTypes::RIDER->value => [
|
|
UserActions::ViewShipments,
|
|
UserActions::UpdateShipmentStatus,
|
|
UserActions::ViewUserInfo,
|
|
UserActions::ManageUserInfo,
|
|
],
|
|
|
|
UserTypes::POS_TERMINAL->value => [
|
|
UserActions::ViewPosReports,
|
|
UserActions::ViewCustomers,
|
|
UserActions::ViewUserInfo,
|
|
UserActions::ManageUserInfo,
|
|
UserActions::ViewShipments,
|
|
],
|
|
|
|
UserTypes::AUDIT->value => [
|
|
UserActions::ViewGlobalReports,
|
|
UserActions::ViewAllStores,
|
|
UserActions::ViewAllProducts,
|
|
UserActions::ViewAllAnnouncements,
|
|
UserActions::ViewFarmers,
|
|
UserActions::ViewOrganizations,
|
|
UserActions::ViewShipments,
|
|
UserActions::ViewCouriers,
|
|
UserActions::ViewGlobalTransactions,
|
|
UserActions::ViewAccountingReports,
|
|
UserActions::ViewProperties,
|
|
UserActions::ViewReferrals,
|
|
UserActions::ViewPosAccessKeys,
|
|
UserActions::ViewPosReports,
|
|
UserActions::ViewCustomers,
|
|
UserActions::ViewAllUserTypes,
|
|
UserActions::CheckifMobileNumberExists,
|
|
UserActions::CheckifUsernameExists,
|
|
],
|
|
|
|
];
|
|
}
|
|
}
|
|
|
|
class UserTypeService
|
|
{
|
|
public static function getAllowedUserTypes(UserTypes $currentUserType): array
|
|
{
|
|
return match ($currentUserType) {
|
|
UserTypes::ULTIMATE => UserTypes::cases(),
|
|
|
|
UserTypes::SUPER_OPERATOR => [
|
|
UserTypes::OPERATOR,
|
|
UserTypes::COORDINATOR,
|
|
UserTypes::COOP_OFFICER,
|
|
UserTypes::COOP_MEMBER,
|
|
UserTypes::ANY_USER,
|
|
UserTypes::SUPPLIER,
|
|
UserTypes::STORE_OWNER,
|
|
UserTypes::STORE_MANAGER,
|
|
UserTypes::SUPPLIER_OVERSEER,
|
|
UserTypes::WHOLESALE_BUYER,
|
|
UserTypes::RIDER,
|
|
UserTypes::POS_TERMINAL,
|
|
],
|
|
|
|
UserTypes::OPERATOR => [
|
|
UserTypes::COORDINATOR,
|
|
UserTypes::COOP_OFFICER,
|
|
UserTypes::COOP_MEMBER,
|
|
UserTypes::SUPPLIER,
|
|
UserTypes::STORE_OWNER,
|
|
UserTypes::RIDER,
|
|
UserTypes::POS_TERMINAL,
|
|
],
|
|
|
|
UserTypes::COORDINATOR => [
|
|
UserTypes::COOP_OFFICER,
|
|
UserTypes::COOP_MEMBER,
|
|
UserTypes::SUPPLIER,
|
|
UserTypes::STORE_MANAGER,
|
|
UserTypes::RIDER,
|
|
],
|
|
|
|
UserTypes::COOP_OFFICER => [
|
|
UserTypes::COOP_MEMBER,
|
|
],
|
|
|
|
UserTypes::STORE_OWNER => [
|
|
UserTypes::STORE_MANAGER,
|
|
UserTypes::RIDER,
|
|
UserTypes::POS_TERMINAL,
|
|
],
|
|
|
|
UserTypes::STORE_MANAGER => [
|
|
UserTypes::RIDER,
|
|
UserTypes::POS_TERMINAL,
|
|
],
|
|
|
|
UserTypes::SUPPLIER => [
|
|
UserTypes::RIDER,
|
|
],
|
|
|
|
UserTypes::SUPPLIER_OVERSEER => [
|
|
UserTypes::SUPPLIER,
|
|
UserTypes::WHOLESALE_BUYER,
|
|
UserTypes::RIDER,
|
|
],
|
|
|
|
default => [],
|
|
};
|
|
}
|
|
}
|