> */ private array $permissionCache = []; public function clear(): void { $this->permissionCache = []; } public function has(Organization $organization, string $permission): bool { /** @var User|null $user */ $user = Auth::user(); if ($user === null) { return false; } return $this->userHas($organization, $user, $permission); } public function userHas(Organization $organization, User $user, string $permission): bool { if (! isset($this->permissionCache[$user->getKey().'|'.$organization->getKey()])) { if (! $user->belongsToTeam($organization)) { return false; } $permissions = $this->getPermissionsByUser($organization, $user); $this->permissionCache[$user->getKey().'|'.$organization->getKey()] = $permissions; } else { $permissions = $this->permissionCache[$user->getKey().'|'.$organization->getKey()]; } return in_array($permission, $permissions, true); } /** * @return array */ private function getPermissionsByUser(Organization $organization, User $user): array { if (! $user->belongsToTeam($organization)) { return []; } $role = $organization->users ->where('id', $user->getKey()) ->first() ?->membership ?->role; if ($role === null) { return []; } /** @var Role|null $roleObj */ $roleObj = Jetstream::findRole($role); $permissions = $roleObj->permissions ?? []; // If the organization allows employees to manage tasks and the user is an employee, // add the task management permissions for accessible projects if ($role === \App\Enums\Role::Employee->value && $organization->employees_can_manage_tasks) { $permissions = array_merge($permissions, [ 'tasks:create', 'tasks:update', 'tasks:delete', ]); } return $permissions; } /** * @return array */ public function getPermissions(Organization $organization): array { /** @var User|null $user */ $user = Auth::user(); if ($user === null) { return []; } return $this->getPermissionsByUser($organization, $user); } }