perm.php

<?php

namespace App\Criteria;

use App\User;
use Auth;

/**
 * Глобальный скоуп сужающий
 * выборку до данных пользователя (where user_id = ${CURRENT_USER_ID}).
 *
 * @package namespace App\Criteria;
 */
class PermissionsCriteria implements CriteriaInterface
{
    /**
     * Apply criteria in query repository
     *
     * @param                     $model
     * @param RepositoryInterface $repository
     *
     * @return mixed
     */
    public function apply($model, RepositoryInterface $repository)
    {
        $column = $model instanceof User ? 'id' : 'user_id';

        if (null === ($user = Auth::user())) {
            return $model;
        }

        if ($user->inRole('admin') || $user->inRole('user')) {
            return $model;
        }

        if ($user->inRole('agent')) {
            $query = "{$column} in (select id from users where agent_id = ? union select ? order by 1)";
            return $model->whereRaw($query, [Auth::id(), Auth::id()]);
        }

        // остальные роли
        return $model->where($column, Auth::id());
    }
}