protected function getRoleConstraint(Model $authority, $allowed)
{
return function ($query) use($authority, $allowed) {
$permissions = Models::table('permissions');
$abilities = Models::table('abilities');
$roles = Models::table('roles');
$prefix = Models::prefix();
$query->from($roles)->join($permissions, $roles . '.id', '=', $permissions . '.entity_id')->whereRaw("{$prefix}{$permissions}.ability_id = {$prefix}{$abilities}.id")->where($permissions . ".forbidden", !$allowed)->where($permissions . ".entity_type", Models::role()->getMorphClass());
$query->where(function ($query) use($roles, $authority, $allowed) {
$query->whereExists($this->getAuthorityRoleConstraint($authority));
if ($allowed) {
$this->addRoleInheritCondition($query, $authority, $roles);
}
});
};
}