From 5c4f861bad2a566da00eb5334c4ccdaf1367e9d3 Mon Sep 17 00:00:00 2001
From: Mohammad Alavi <mohammad.alavi1990@gmail.com>
Date: Sat, 22 Jan 2022 19:40:43 +0330
Subject: [PATCH] skip check if role has access to all routes (e.g. admin)

---
 .../AppSection/Authorization/Traits/IsResourceOwnerTrait.php  | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/app/Containers/AppSection/Authorization/Traits/IsResourceOwnerTrait.php b/app/Containers/AppSection/Authorization/Traits/IsResourceOwnerTrait.php
index 9adbca1d8..f9ea14bfc 100644
--- a/app/Containers/AppSection/Authorization/Traits/IsResourceOwnerTrait.php
+++ b/app/Containers/AppSection/Authorization/Traits/IsResourceOwnerTrait.php
@@ -10,6 +10,10 @@ trait IsResourceOwnerTrait
      */
     public function isResourceOwner(): bool
     {
+        if ($this->user()->hasAnyRole(config('apiato.requests.allow-roles-to-access-all-routes'))) {
+            return true;
+        }
+
         return hash_equals((string)$this->user()->getKey(), (string)$this->id);
     }
 }