42 lines
1.0 KiB
PHP
42 lines
1.0 KiB
PHP
<?php
|
|
|
|
namespace App\Policies;
|
|
|
|
use App\Models\User;
|
|
use App\Models\Patient;
|
|
|
|
class PatientPolicy
|
|
{
|
|
public function viewAny(User $user): bool
|
|
{
|
|
return in_array($user->role, ['admin', 'manager', 'receptionist', 'therapist']);
|
|
}
|
|
|
|
public function view(User $user, Patient $patient): bool
|
|
{
|
|
if (in_array($user->role, ['admin', 'manager', 'receptionist'])) {
|
|
return true;
|
|
}
|
|
// Therapists can only see their own patients
|
|
if ($user->role === 'therapist') {
|
|
return $patient->appointments()->where('user_id', $user->id)->exists();
|
|
}
|
|
return false;
|
|
}
|
|
|
|
public function create(User $user): bool
|
|
{
|
|
return in_array($user->role, ['admin', 'manager', 'receptionist']);
|
|
}
|
|
|
|
public function update(User $user, Patient $patient): bool
|
|
{
|
|
return in_array($user->role, ['admin', 'manager', 'receptionist']);
|
|
}
|
|
|
|
public function delete(User $user, Patient $patient): bool
|
|
{
|
|
return in_array($user->role, ['admin', 'manager']);
|
|
}
|
|
}
|