public function isAuthorized()
{
$action = $this->request->param('action');
$role = Session::getUserRole();
$resource = "files";
// only for admins
Permission::allow('admin', $resource, ['*']);
// only for normal users
Permission::allow('user', $resource, ['index', 'create']);
Permission::allow('user', $resource, ['delete'], 'owner');
$fileId = $this->request->data("file_id");
if (!empty($fileId)) {
$fileId = Encryption::decryptIdWithDash($fileId);
}
$config = ["user_id" => Session::getUserId(), "table" => "files", "id" => $fileId];
return Permission::check($role, $resource, $action, $config);
}