jcergolj/laravellte

use Illuminate\Database\Eloquent\Model;

class Permission extends Model
{
    //
    public function roles()
    {
        return $this->belongsToMany(Role::class)
            ->withPivot('owner_restricted')
            ->using(PermissionRole::class);
    }
}

use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;

class CreatePermissionRoleTable extends Migration
{
    public function up()
    {
        Schema::create('permission_role', function (Blueprint $table) {
            $table->bigIncrements('id');
            $table->unsignedBigInteger('permission_id');
            $table->foreign('permission_id')->references('id')->on('permissions');
            $table->unsignedBigInteger('role_id');
            $table->foreign('role_id')->references('id')->on('roles');
            $table->boolean('owner_restricted')->nullable();
        });
    }
}

use App\Providers\AppServiceProvider;
use Illuminate\Foundation\Auth\User as Authenticatable;

class User extends Authenticatable
{
    //
    public function isModelOwner($permissionName, $model)
    {
        $ownerField = AppServiceProvider::OWNER_FIELD;

        $permission = $this->getPermission($permissionName);

        if ($permission === null) {
            return false;
        }

        if ($permission->pivot->owner_restricted === false) {
            return true;
        }

        return $model->$ownerField === $this->id;
    }
}