Policies: treat true as allow, and false as deny (#2534)

src/User/Access/AbstractPolicy.php

@@ -43,13 +43,13 @@ abstract class AbstractPolicy
      * @param User $user
      * @param string $ability
      * @param $instance
-     * @return bool|void
+     * @return string|void
      */
     public function checkAbility(User $actor, string $ability, $instance)
     { // If a specific method for this ability is defined,
         // call that and return any non-null results
         if (method_exists($this, $ability)) {
-            $result = call_user_func_array([$this, $ability], [$actor, $instance]);
+            $result = $this->sanitizeResult(call_user_func_array([$this, $ability], [$actor, $instance]));
 
             if (! is_null($result)) {
                 return $result;
@@ -58,7 +58,31 @@ abstract class AbstractPolicy
 
         // If a "total access" method is defined, try that.
         if (method_exists($this, 'can')) {
-            return call_user_func_array([$this, 'can'], [$actor, $ability, $instance]);
+            return $this->sanitizeResult(call_user_func_array([$this, 'can'], [$actor, $ability, $instance]));
         }
     }
+
+    /**
+     * Allows `true` to be used in place of `->allow()`, and `false` instead of `->deny()`
+     * This allows more concise and intuitive code, by returning boolean statements:.
+     *
+     * WITHOUT THIS:
+     * `return SOME_BOOLEAN_LOGIC ? $this->allow() : $this->deny();
+     *
+     * WITH THIS:
+     * `return SOME_BOOLEAN_LOGIC;
+     *
+     * @param mixed $result
+     * @return string|void
+     */
+    public function sanitizeResult($result)
+    {
+        if ($result === true) {
+            return $this->allow();
+        } elseif ($result === false) {
+            return $this->deny();
+        }
+
+        return $result;
+    }
 }