Merge remote-tracking branch 'origin/main'

1 files changed, 49 insertions, 0 deletions

diff --git a/app/Policies/FilePolicy.php b/app/Policies/FilePolicy.php
new file mode 100644
index 0000000..fe46f8b
--- /dev/null
+++ b/app/Policies/FilePolicy.php
@@ -0,0 +1,49 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\File;
+use App\Models\User;
+
+class FilePolicy
+{
+    /**
+     * Anyone can view listings.
+     */
+    public function viewAny(?User $user): bool
+    {
+        return true;
+    }
+
+    /**
+     * Anyone can view a single file.
+     */
+    public function view(?User $user, File $file): bool
+    {
+        return true;
+    }
+
+    /**
+     * Any authenticated user can create files.
+     */
+    public function create(User $user): bool
+    {
+        return true;
+    }
+
+    /**
+     * Only the owner or an admin can update.
+     */
+    public function update(User $user, File $file): bool
+    {
+        return $user->id === $file->user_id || $user->isAdmin();
+    }
+
+    /**
+     * Only the owner or an admin can delete.
+     */
+    public function delete(User $user, File $file): bool
+    {
+        return $user->id === $file->user_id || $user->isAdmin();
+    }
+}