mandant-crm/backend/app/Modules/History/Policies/HistoryEntryPolicy.php

26 lines
777 B
PHP
Raw Permalink Normal View History

<?php
namespace App\Modules\History\Policies;
use App\Models\User;
use App\Modules\History\Models\HistoryEntry;
class HistoryEntryPolicy
{
public function viewAny(User $user): bool { return true; }
public function create(User $user): bool { return true; }
// Only the entry's author may edit their own note; auto-generated change
// entries are read-only audit records and cannot be edited by anyone.
public function update(User $user, HistoryEntry $entry): bool
{
return ! $entry->isFieldChange() && $user->id === $entry->author_id;
}
// Only admins may delete Verlauf entries (manual notes and change entries alike).
public function delete(User $user, HistoryEntry $entry): bool
{
return $user->isAdmin();
}
}