Added read permission test to the custom map model (#16030)

* Added read permission test to the custom map model

* Formatting fixes

* Moved permission check logic into SQL to avoid errors accessing undefined properties

* Update custom map permission code to avoid unneeded SQL query

app/Models/CustomMap.php

@@ -29,6 +29,7 @@ use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Relations\HasMany;
 use Illuminate\Database\Eloquent\Relations\HasOne;
+use Permissions;
 
 class CustomMap extends BaseModel
 {
@@ -80,9 +81,23 @@ class CustomMap extends BaseModel
         return $config;
     }
 
-    public function hasAccess(): bool
+    public function hasReadAccess(User $user): bool
     {
-        return false; // TODO calculate based on device access
+        $device_ids = $this->nodes()->whereNotNull('device_id')->pluck('device_id');
+
+        // Restricted users can only view maps that have at least one device
+        if (count($device_ids) === 0) {
+            return false;
+        }
+
+        // Deny access if we don't have permission on any device
+        foreach ($device_ids as $device_id) {
+            if (! Permissions::canAccessDevice($device_id, $user)) {
+                return false;
+            }
+        }
+
+        return true;
     }
 
     public function scopeHasAccess($query, User $user)

app/Policies/CustomMapPolicy.php

@@ -29,7 +29,7 @@ class CustomMapPolicy
      */
     public function view(User $user, CustomMap $customMap): bool
     {
-        return $user->hasGlobalRead() || $customMap->hasAccess();
+        return $user->hasGlobalRead() || $customMap->hasReadAccess($user);
     }
 
     /**
@@ -45,7 +45,7 @@ class CustomMapPolicy
      */
     public function update(User $user, CustomMap $customMap): bool
     {
-        return $user->hasGlobalRead() || $customMap->hasAccess();
+        return false;
     }
 
     /**