From 22fa7fdee6b214c0d8d3fc240016ae7c0ea8cb6d Mon Sep 17 00:00:00 2001
From: Alex Toff <me@alextoff.uk>
Date: Sun, 1 Dec 2024 16:07:03 +0000
Subject: [PATCH] revert auth gate back

---
 app/Providers/AuthServiceProvider.php | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php
index 9b3b70610..f5cabfa7b 100644
--- a/app/Providers/AuthServiceProvider.php
+++ b/app/Providers/AuthServiceProvider.php
@@ -28,6 +28,7 @@
 use Illuminate\Contracts\Foundation\Application;
 use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
 use Illuminate\Support\Facades\Gate;
+use Spatie\Permission\Exceptions\PermissionDoesNotExist;
 use Spatie\Permission\Models\Role;
 use Spatie\Permission\PermissionRegistrar;
 
@@ -82,11 +83,18 @@ public function boot()
             $permissionLoader->registerPermissions($gate);
         });
 
-        if (config()->get('app.env') != 'production') {
-            // Allow for a global superadmin role on non-production environments
-            Gate::before(function ($user, $abilityOrPermission) {
-                return $user->hasRole('privacc') ?? null;
-            });
-        }
+        // TODO: Remove 'use-permission' across codebase - use user()->can instead
+        Gate::define('use-permission', function ($user, $permission) {
+            // Superadmin override
+            if ($user->hasRole('privacc') && config()->get('app.env') != 'production') {
+                return true;
+            }
+
+            try {
+                return auth()->user()->hasPermissionTo($permission);
+            } catch (PermissionDoesNotExist $e) {
+                return false;
+            }
+        });
     }
 }