LinkAce/app/Policies/ApiTokenPolicy.php

<?php

namespace App\Policies;

use App\Enums\Role;
use App\Models\User;
use Illuminate\Auth\Access\HandlesAuthorization;
use Laravel\Sanctum\PersonalAccessToken;

class ApiTokenPolicy
{
    use HandlesAuthorization;

    public function viewAny(User $user): bool
    {
        return true;
    }

    public function view(User $user, PersonalAccessToken $personalAccessToken): bool
    {
        return true;
    }

    public function create(User $user): bool
    {
        return true;
    }

    public function update(User $user, PersonalAccessToken $personalAccessToken): bool
    {
        return false;
    }

    public function delete(User $user, PersonalAccessToken $personalAccessToken): bool
    {
        return $personalAccessToken->tokenable->is($user) || $user->hasRole(Role::ADMIN);
    }

    public function restore(User $user, PersonalAccessToken $personalAccessToken): bool
    {
        return false;
    }

    public function forceDelete(User $user, PersonalAccessToken $personalAccessToken): bool
    {
        return false;
    }
}
Add api token handling for users (#165) 2022-07-20 00:05:46 +02:00			`<?php`

			`namespace App\Policies;`

WIP: system-wide api tokens (#165) This is a ton of work. A new system user is generated while running the migrations. System tokes are bound to that user. Api calls need to be properly authorized, which feels really hacky at the moment. I only implemented link api tests for now. 2022-09-29 10:10:58 +02:00			`use App\Enums\Role;`
Add api token handling for users (#165) 2022-07-20 00:05:46 +02:00			`use App\Models\User;`
			`use Illuminate\Auth\Access\HandlesAuthorization;`
			`use Laravel\Sanctum\PersonalAccessToken;`

			`class ApiTokenPolicy`
			`{`
			`use HandlesAuthorization;`

			`public function viewAny(User $user): bool`
			`{`
			`return true;`
			`}`

			`public function view(User $user, PersonalAccessToken $personalAccessToken): bool`
			`{`
			`return true;`
			`}`

			`public function create(User $user): bool`
			`{`
			`return true;`
			`}`

			`public function update(User $user, PersonalAccessToken $personalAccessToken): bool`
			`{`
			`return false;`
			`}`

			`public function delete(User $user, PersonalAccessToken $personalAccessToken): bool`
			`{`
WIP: system-wide api tokens (#165) This is a ton of work. A new system user is generated while running the migrations. System tokes are bound to that user. Api calls need to be properly authorized, which feels really hacky at the moment. I only implemented link api tests for now. 2022-09-29 10:10:58 +02:00			`return $personalAccessToken->tokenable->is($user) \|\| $user->hasRole(Role::ADMIN);`
Add api token handling for users (#165) 2022-07-20 00:05:46 +02:00			`}`

			`public function restore(User $user, PersonalAccessToken $personalAccessToken): bool`
			`{`
			`return false;`
			`}`

			`public function forceDelete(User $user, PersonalAccessToken $personalAccessToken): bool`
			`{`
			`return false;`
			`}`
			`}`