feat: add download role

docchula · Oct 12, 2024 · 1671814 · 1671814
1 parent 3ed62d9
commit 1671814
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -18,7 +18,11 @@ Successor of [docchula/smcu-document-number](https://github.com/docchula/smcu-do
 ## Required maintenance
 
 - Update personnel index (union committee member) yearly.
-- Grant administrative privileges to the union's executive committee members (set roles to ADMIN in _users_ database table).
+- Grant administrative privileges to the union's executive committee members and authorized faculty members: by setting _roles_ in _users_ database
+  table
+    - `admin`: Union executive committee members (read/write access except for faculty functions)
+    - `faculty`: Associate/Assistant Dean (read/write access to project closure and activity transcript)
+    - `download`: Student Affairs supporting staff (read access to document drafts)
 - Update union department list in case of establishment of new club (see _departments_ table).
 - Delete or edit document/project information as requested (if any).
 

diff --git a/app/Http/Controllers/DocumentController.php b/app/Http/Controllers/DocumentController.php
@@ -80,7 +80,7 @@ public function show(Request $request, Document $document): Response {
         return Inertia::render('DocumentShow', [
             'item' => $document,
             'can' => [
-                'download-document' => $isAuthorized,
+                'download-document' => $isAuthorized or $request->user()->can('download-action'),
                 'update-document' => $isAuthorized and ($document->created_at->diffInDays() <= 14),
             ],
             'has_attachment' => $isAuthorized && !empty($document->attachment_path),

diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php
@@ -35,6 +35,10 @@ public function boot()
             // Role: Associate/Assistant Dean for Student Affairs
             return in_array('faculty', explode(',', $user->roles));
         });
+        Gate::define('download-action', function (User $user) {
+            // Role: Student Affairs supporting staff
+            return in_array('download', explode(',', $user->roles));
+        });
         Gate::define('update-document', function (User $user, Document $document) {
             return is_null($document->id) OR ($document->user_id === $user->id) OR $user->can('admin-action');
         });