Added ticket permission to view every ticket

rexlManu · rexlManu · commit ac2f13c2b4e5 · 2020-11-18T13:59:29.000+01:00
diff --git a/config/config.php b/config/config.php
@@ -88,6 +88,10 @@
         'show-ticket' => 'can:tickets.show',
         'message-ticket' => 'can:tickets.message',
         'download-ticket' => 'can:tickets.download',
+        /*
+         * For administrate tickets
+         */
+        'all-ticket' => 'can:tickets.all',
     ],
 
     /*
diff --git a/src/Controllers/TicketController.php b/src/Controllers/TicketController.php
@@ -60,7 +60,12 @@ public function __construct()
      */
     public function index()
     {
-        $tickets = request()->user()->tickets()->orderBy('id', 'desc')->paginate(10);
+        if (\request()->user()->can(config('laravel-tickets.permissions.all-ticket'))) {
+            $tickets = Ticket::query();
+        } else {
+            $tickets = request()->user()->tickets();
+        }
+        $tickets = $tickets->orderBy('id', 'desc')->paginate(10);
 
         return request()->wantsJson() ?
             response()->json(compact('tickets')) :
@@ -166,7 +171,8 @@ public function store(Request $request)
      */
     public function show(Ticket $ticket)
     {
-        if (! $ticket->user()->get()->contains(\request()->user())) {
+        if (! $ticket->user()->get()->contains(\request()->user()) &&
+            ! request()->user()->can(config('laravel-tickets.permissions.all-ticket'))) {
             return abort(403);
         }
 
@@ -196,7 +202,8 @@ public function show(Ticket $ticket)
      */
     public function message(Request $request, Ticket $ticket)
     {
-        if (! $ticket->user()->get()->contains(\request()->user())) {
+        if (! $ticket->user()->get()->contains(\request()->user()) &&
+            ! request()->user()->can(config('laravel-tickets.permissions.all-ticket'))) {
             return abort(403);
         }
 
@@ -250,7 +257,8 @@ public function message(Request $request, Ticket $ticket)
      */
     public function close(Ticket $ticket)
     {
-        if (! $ticket->user()->get()->contains(\request()->user())) {
+        if (! $ticket->user()->get()->contains(\request()->user()) &&
+            ! request()->user()->can(config('laravel-tickets.permissions.all-ticket'))) {
             return abort(403);
         }
         if ($ticket->state === 'CLOSED') {
@@ -285,8 +293,8 @@ public function close(Ticket $ticket)
      */
     public function download(Ticket $ticket, TicketUpload $ticketUpload)
     {
-        if (! $ticket->user()->get()->contains(\request()->user()) ||
-            ! $ticket->messages()->get()->contains($ticketUpload->message()->first())) {
+        if (! $ticket->user()->get()->contains(\request()->user()) &&
+            ! request()->user()->can(config('laravel-tickets.permissions.all-ticket'))) {
             return abort(403);
         }
 

Original file line number	Diff line number	Diff line change
`@@ -60,7 +60,12 @@ public function __construct()`
`60`	`60`	`*/`
`61`	`61`	`public function index()`
`62`	`62`	`{`
`63`		`- $tickets = request()->user()->tickets()->orderBy('id', 'desc')->paginate(10);`
	`63`	`+ if (\request()->user()->can(config('laravel-tickets.permissions.all-ticket'))) {`
	`64`	`+ $tickets = Ticket::query();`
	`65`	`+ } else {`
	`66`	`+ $tickets = request()->user()->tickets();`
	`67`	`+ }`
	`68`	`+ $tickets = $tickets->orderBy('id', 'desc')->paginate(10);`
`64`	`69`
`65`	`70`	`return request()->wantsJson() ?`
`66`	`71`	`response()->json(compact('tickets')) :`
`@@ -166,7 +171,8 @@ public function store(Request $request)`
`166`	`171`	`*/`
`167`	`172`	`public function show(Ticket $ticket)`
`168`	`173`	`{`
`169`		`- if (! $ticket->user()->get()->contains(\request()->user())) {`
	`174`	`+ if (! $ticket->user()->get()->contains(\request()->user()) &&`
	`175`	`+ ! request()->user()->can(config('laravel-tickets.permissions.all-ticket'))) {`
`170`	`176`	`return abort(403);`
`171`	`177`	`}`
`172`	`178`
`@@ -196,7 +202,8 @@ public function show(Ticket $ticket)`
`196`	`202`	`*/`
`197`	`203`	`public function message(Request $request, Ticket $ticket)`
`198`	`204`	`{`
`199`		`- if (! $ticket->user()->get()->contains(\request()->user())) {`
	`205`	`+ if (! $ticket->user()->get()->contains(\request()->user()) &&`
	`206`	`+ ! request()->user()->can(config('laravel-tickets.permissions.all-ticket'))) {`
`200`	`207`	`return abort(403);`
`201`	`208`	`}`
`202`	`209`
`@@ -250,7 +257,8 @@ public function message(Request $request, Ticket $ticket)`
`250`	`257`	`*/`
`251`	`258`	`public function close(Ticket $ticket)`
`252`	`259`	`{`
`253`		`- if (! $ticket->user()->get()->contains(\request()->user())) {`
	`260`	`+ if (! $ticket->user()->get()->contains(\request()->user()) &&`
	`261`	`+ ! request()->user()->can(config('laravel-tickets.permissions.all-ticket'))) {`
`254`	`262`	`return abort(403);`
`255`	`263`	`}`
`256`	`264`	`if ($ticket->state === 'CLOSED') {`
`@@ -285,8 +293,8 @@ public function close(Ticket $ticket)`
`285`	`293`	`*/`
`286`	`294`	`public function download(Ticket $ticket, TicketUpload $ticketUpload)`
`287`	`295`	`{`
`288`		`- if (! $ticket->user()->get()->contains(\request()->user()) \|\|`
`289`		`- ! $ticket->messages()->get()->contains($ticketUpload->message()->first())) {`
	`296`	`+ if (! $ticket->user()->get()->contains(\request()->user()) &&`
	`297`	`+ ! request()->user()->can(config('laravel-tickets.permissions.all-ticket'))) {`
`290`	`298`	`return abort(403);`
`291`	`299`	`}`
`292`	`300`