SkinbaseNova/app/Policies/PostPolicy.php

<?php

namespace App\Policies;

use App\Models\Post;
use App\Models\User;

class PostPolicy
{
    /** Any authenticated user can create posts */
    public function create(User $user): bool
    {
        return true;
    }

    /** Only the post author can update */
    public function update(User $user, Post $post): bool
    {
        return $user->id === $post->user_id;
    }

    /** Author or admin/moderator can delete */
    public function delete(User $user, Post $post): bool
    {
        return $user->id === $post->user_id
            || $user->isAdmin()
            || $user->isModerator();
    }

    /** Anyone can view public posts; followers-only requires following */
    public function view(?User $user, Post $post): bool
    {
        if ($post->visibility === Post::VISIBILITY_PUBLIC) {
            return true;
        }

        if (! $user) {
            return false;
        }

        if ($user->id === $post->user_id) {
            return true;
        }

        if ($post->visibility === Post::VISIBILITY_FOLLOWERS) {
            return $post->user->isFollowedBy($user->id);
        }

        return false;
    }

    /** Only the author can report their own posts */
    public function report(User $user, Post $post): bool
    {
        return $user->id !== $post->user_id;
    }

    /** Only the post owner can pin/unpin their own post */
    public function pin(User $user, Post $post): bool
    {
        return $user->id === $post->user_id;
    }

    /** Any authenticated user can save a post (own or others') */
    public function save(User $user, Post $post): bool
    {
        return $post->status === Post::STATUS_PUBLISHED;
    }

    /** Only post owner may highlight a comment */
    public function highlightComment(User $user, Post $post): bool
    {
        return $user->id === $post->user_id;
    }
}