diff --git a/app/Http/Livewire/StudentFeedback.php b/app/Http/Livewire/StudentFeedback.php index f98f9cbe..927bbe86 100644 --- a/app/Http/Livewire/StudentFeedback.php +++ b/app/Http/Livewire/StudentFeedback.php @@ -24,7 +24,7 @@ public function getFeedbackProperty() public function add() { - $this->authorize('create', StudentFeedbackEntry::class); + $this->authorize('create', [StudentFeedbackEntry::class, $this->student]); $feedback = $this->student->feedback()->create([ 'data' => $this->new_feedback + ['submitted_by' => auth()->user()->id ?? 'system'], diff --git a/app/Policies/StudentFeedbackPolicy.php b/app/Policies/StudentFeedbackPolicy.php index c4a335d9..75f032c7 100644 --- a/app/Policies/StudentFeedbackPolicy.php +++ b/app/Policies/StudentFeedbackPolicy.php @@ -2,6 +2,7 @@ namespace App\Policies; +use App\Student; use App\StudentFeedback; use App\User; use Illuminate\Auth\Access\HandlesAuthorization; @@ -55,9 +56,11 @@ public function view(User $user, StudentFeedback $studentFeedback) * @param \App\User $user * @return mixed */ - public function create(User $user) + public function create(User $user, Student $student) { - return $user->userOrDelegatorhasRole(['faculty', 'students_admin']); + $assoc_profile_can_add_feedback = $student->isAssociatedToUserProfiles($user); + + return $user->userOrDelegatorhasRole(['faculty', 'students_admin']) || $assoc_profile_can_add_feedback; } /** diff --git a/app/Policies/StudentPolicy.php b/app/Policies/StudentPolicy.php index e2fb8529..dcc4ff12 100644 --- a/app/Policies/StudentPolicy.php +++ b/app/Policies/StudentPolicy.php @@ -2,6 +2,7 @@ namespace App\Policies; +use App\Profile; use App\Student; use App\User; use Illuminate\Auth\Access\HandlesAuthorization; @@ -35,6 +36,17 @@ public function viewAny(User $user) return $user->userOrDelegatorhasRole(['faculty', 'students_admin']); } + /** + * Determine whether the student can be viewed by the associated profile's user. + * + * @param \App\User $user + * @return \Illuminate\Auth\Access\Response|bool + */ + public function viewForAssociatedProfile(User $user, Student $student) + { + return $student->isAssociatedToUserProfiles($user); + } + /** * Determine whether the user can view the student. * @@ -44,7 +56,7 @@ public function viewAny(User $user) */ public function view(User $user, Student $student) { - return $this->viewAny($user) || $user->owns($student, true); + return $this->viewAny($user) || $user->owns($student, true) || $this->viewForAssociatedProfile($user, $student); } /** diff --git a/app/Student.php b/app/Student.php index fbecf415..cfb8c37e 100644 --- a/app/Student.php +++ b/app/Student.php @@ -188,6 +188,16 @@ public function tagTypes(): array ->all(); } + /** + * Determine whether the profile(s) of a given user is associated to the student. + */ + public function isAssociatedToUserProfiles(User $user) + { + $profile_ids = $user->profiles()->pluck('id'); + + return $this->faculty()->whereKey($profile_ids)->exists(); + } + //////////////////////////////////// // Mutators and Virtual Attributes// //////////////////////////////////// diff --git a/resources/views/livewire/student-feedback.blade.php b/resources/views/livewire/student-feedback.blade.php index fbacf620..5504c469 100644 --- a/resources/views/livewire/student-feedback.blade.php +++ b/resources/views/livewire/student-feedback.blade.php @@ -1,6 +1,6 @@
{{-- Feedback form --}} - @can('create', App\StudentFeedback::class) + @can('create', [App\StudentFeedback::class, $student])