#3: It's now possible to restrict access to the admin panel, managing albums and settings functions by user group

This commit is contained in:
Andy Heathershaw 2017-04-15 09:41:15 +01:00
parent 045935c554
commit 2ef01cc23c
19 changed files with 265 additions and 102 deletions

View File

@ -15,6 +15,18 @@ class Group extends Model
'name' 'name'
]; ];
public function adminPermissions()
{
return $this->belongsToMany(Permission::class, 'admin_group_permissions');
}
public function hasAdminPermission(Group $group, Permission $permission)
{
return $this->adminPermissions()->where([
'permission_id' => $permission->id
])->count() > 0;
}
public function users() public function users()
{ {
return $this->belongsToMany(User::class, 'user_groups'); return $this->belongsToMany(User::class, 'user_groups');

View File

@ -34,7 +34,7 @@ class AlbumController extends Controller
public function analyse($id, $queue_token) public function analyse($id, $queue_token)
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-albums');
$album = $this->loadAlbum($id); $album = $this->loadAlbum($id);
$photos = $album->photos() $photos = $album->photos()
@ -57,7 +57,7 @@ class AlbumController extends Controller
*/ */
public function create(Request $request) public function create(Request $request)
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-albums');
$albumSources = []; $albumSources = [];
foreach (Storage::where('is_active', true)->orderBy('name')->get() as $storage) foreach (Storage::where('is_active', true)->orderBy('name')->get() as $storage)
@ -81,7 +81,7 @@ class AlbumController extends Controller
public function delete($id) public function delete($id)
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-albums');
$album = $this->loadAlbum($id); $album = $this->loadAlbum($id);
@ -96,7 +96,7 @@ class AlbumController extends Controller
*/ */
public function destroy(Request $request, $id) public function destroy(Request $request, $id)
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-albums');
$album = $this->loadAlbum($id); $album = $this->loadAlbum($id);
@ -124,7 +124,7 @@ class AlbumController extends Controller
*/ */
public function edit($id) public function edit($id)
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-albums');
$album = $this->loadAlbum($id); $album = $this->loadAlbum($id);
@ -138,7 +138,7 @@ class AlbumController extends Controller
*/ */
public function index(Request $request) public function index(Request $request)
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-albums');
$albums = DbHelper::getAlbumsForCurrentUser(); $albums = DbHelper::getAlbumsForCurrentUser();
@ -150,7 +150,7 @@ class AlbumController extends Controller
public function setGroupPermissions(Request $request, $id) public function setGroupPermissions(Request $request, $id)
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-albums');
/** @var Album $album */ /** @var Album $album */
$album = $this->loadAlbum($id); $album = $this->loadAlbum($id);
@ -206,7 +206,7 @@ class AlbumController extends Controller
public function setUserPermissions(Request $request, $id) public function setUserPermissions(Request $request, $id)
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-albums');
/** @var Album $album */ /** @var Album $album */
$album = $this->loadAlbum($id); $album = $this->loadAlbum($id);
@ -287,7 +287,7 @@ class AlbumController extends Controller
*/ */
public function show(Request $request, $id) public function show(Request $request, $id)
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-albums');
$album = $this->loadAlbum($id); $album = $this->loadAlbum($id);
$photos = $album->photos() $photos = $album->photos()
@ -371,7 +371,7 @@ class AlbumController extends Controller
*/ */
public function store(Requests\StoreAlbumRequest $request) public function store(Requests\StoreAlbumRequest $request)
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-albums');
$album = new Album(); $album = new Album();
$album->fill($request->only(['name', 'description', 'storage_id'])); $album->fill($request->only(['name', 'description', 'storage_id']));
@ -395,7 +395,7 @@ class AlbumController extends Controller
*/ */
public function update(Requests\StoreAlbumRequest $request, $id) public function update(Requests\StoreAlbumRequest $request, $id)
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-albums');
$album = $this->loadAlbum($id); $album = $this->loadAlbum($id);
$album->fill($request->only(['name', 'description'])); $album->fill($request->only(['name', 'description']));

View File

@ -55,6 +55,8 @@ class DefaultController extends Controller
public function saveSettings(SaveSettingsRequest $request) public function saveSettings(SaveSettingsRequest $request)
{ {
$this->authorizeAccessToAdminPanel('admin:configure');
$passwordKeys = [ $passwordKeys = [
'smtp_password' 'smtp_password'
]; ];
@ -137,7 +139,7 @@ class DefaultController extends Controller
public function settings(Request $request) public function settings(Request $request)
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel('admin:configure');
// Load the current configuration // Load the current configuration
$config = array_merge(UserConfig::defaults(), UserConfig::getAll()); $config = array_merge(UserConfig::defaults(), UserConfig::getAll());
@ -162,6 +164,8 @@ class DefaultController extends Controller
public function testMailSettings(SaveSettingsRequest $request) public function testMailSettings(SaveSettingsRequest $request)
{ {
$this->authorizeAccessToAdminPanel('admin:configure');
try try
{ {
$validKeys = [ $validKeys = [

View File

@ -7,6 +7,7 @@ use App\Facade\UserConfig;
use App\Group; use App\Group;
use App\Http\Controllers\Controller; use App\Http\Controllers\Controller;
use App\Http\Requests\StoreGroupRequest; use App\Http\Requests\StoreGroupRequest;
use App\Permission;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Support\Facades\App; use Illuminate\Support\Facades\App;
use Illuminate\Support\Facades\View; use Illuminate\Support\Facades\View;
@ -26,14 +27,14 @@ class GroupController extends Controller
*/ */
public function create() public function create()
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
return Theme::render('admin.create_group'); return Theme::render('admin.create_group');
} }
public function delete($id) public function delete($id)
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
$group = Group::where('id', intval($id))->first(); $group = Group::where('id', intval($id))->first();
if (is_null($group)) if (is_null($group))
@ -52,7 +53,7 @@ class GroupController extends Controller
*/ */
public function destroy(Request $request, $id) public function destroy(Request $request, $id)
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
/** @var Group $group */ /** @var Group $group */
$group = Group::where('id', intval($id))->first(); $group = Group::where('id', intval($id))->first();
@ -87,7 +88,7 @@ class GroupController extends Controller
*/ */
public function edit(Request $request, $id) public function edit(Request $request, $id)
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
$group = Group::where('id', intval($id))->first(); $group = Group::where('id', intval($id))->first();
if (is_null($group)) if (is_null($group))
@ -100,7 +101,10 @@ class GroupController extends Controller
$request->session()->flash('_old_input', $group->toArray()); $request->session()->flash('_old_input', $group->toArray());
} }
return Theme::render('admin.edit_group', ['group' => $group]); return Theme::render('admin.edit_group', [
'all_permissions' => Permission::where('section', 'admin')->get(),
'group' => $group
]);
} }
/** /**
@ -110,7 +114,7 @@ class GroupController extends Controller
*/ */
public function index(Request $request) public function index(Request $request)
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
$groups = Group::orderBy('name') $groups = Group::orderBy('name')
->paginate(UserConfig::get('items_per_page')); ->paginate(UserConfig::get('items_per_page'));
@ -131,7 +135,7 @@ class GroupController extends Controller
*/ */
public function store(StoreGroupRequest $request) public function store(StoreGroupRequest $request)
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
$group = new Group(); $group = new Group();
$group->fill($request->only(['name'])); $group->fill($request->only(['name']));
@ -149,8 +153,9 @@ class GroupController extends Controller
*/ */
public function update(StoreGroupRequest $request, $id) public function update(StoreGroupRequest $request, $id)
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
/** @var Group $group */
$group = Group::where('id', intval($id))->first(); $group = Group::where('id', intval($id))->first();
if (is_null($group)) if (is_null($group))
{ {
@ -158,6 +163,21 @@ class GroupController extends Controller
} }
$group->fill($request->only(['name'])); $group->fill($request->only(['name']));
// Update the admin permissions
$group->adminPermissions()->detach();
$permissions = $request->get('permissions');
if (is_array($permissions) && array_key_exists($id, $permissions))
{
foreach ($permissions[$id] as $permissionID)
{
$group->adminPermissions()->attach($permissionID, [
'created_at' => new \DateTime(),
'updated_at' => new \DateTime()
]);
}
}
$group->save(); $group->save();
return redirect(route('groups.index')); return redirect(route('groups.index'));

View File

@ -34,7 +34,7 @@ class PhotoController extends Controller
public function analyse($photoId, $queue_token) public function analyse($photoId, $queue_token)
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
/** @var Photo $photo */ /** @var Photo $photo */
$photo = Photo::where('id', intval($photoId))->first(); $photo = Photo::where('id', intval($photoId))->first();
@ -93,7 +93,7 @@ class PhotoController extends Controller
*/ */
public function destroy(Request $request, $id) public function destroy(Request $request, $id)
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
/** @var Photo $photo */ /** @var Photo $photo */
$photo = Photo::where('id', intval($id))->first(); $photo = Photo::where('id', intval($id))->first();
@ -111,7 +111,7 @@ class PhotoController extends Controller
public function flip($photoId, $horizontal, $vertical) public function flip($photoId, $horizontal, $vertical)
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
settype($horizontal, 'boolean'); settype($horizontal, 'boolean');
settype($vertical, 'boolean'); settype($vertical, 'boolean');
@ -129,7 +129,7 @@ class PhotoController extends Controller
public function move(Request $request, $photoId) public function move(Request $request, $photoId)
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
$photo = Photo::where('id', intval($photoId))->first(); $photo = Photo::where('id', intval($photoId))->first();
if (is_null($photo)) if (is_null($photo))
@ -160,7 +160,7 @@ class PhotoController extends Controller
public function regenerateThumbnails($photoId) public function regenerateThumbnails($photoId)
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
/** @var Photo $photo */ /** @var Photo $photo */
$photo = Photo::where('id', intval($photoId))->first(); $photo = Photo::where('id', intval($photoId))->first();
@ -190,7 +190,7 @@ class PhotoController extends Controller
public function rotate($photoId, $angle) public function rotate($photoId, $angle)
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
$photo = Photo::where('id', intval($photoId))->first(); $photo = Photo::where('id', intval($photoId))->first();
if (is_null($photo)) if (is_null($photo))
@ -217,7 +217,7 @@ class PhotoController extends Controller
*/ */
public function store(Request $request) public function store(Request $request)
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
$photoFiles = $request->files->get('photo'); $photoFiles = $request->files->get('photo');
@ -276,7 +276,7 @@ class PhotoController extends Controller
public function storeBulk(Request $request) public function storeBulk(Request $request)
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
// Load the linked album // Load the linked album
$album = $this->loadAlbum($request->get('album_id')); $album = $this->loadAlbum($request->get('album_id'));
@ -404,7 +404,7 @@ class PhotoController extends Controller
public function updateBulk(UpdatePhotosBulkRequest $request, $albumId) public function updateBulk(UpdatePhotosBulkRequest $request, $albumId)
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
/** @var Album $album */ /** @var Album $album */
$album = Album::where('id', intval($albumId))->first(); $album = Album::where('id', intval($albumId))->first();

View File

@ -34,7 +34,7 @@ class StorageController extends Controller
*/ */
public function index(Request $request) public function index(Request $request)
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
$storageLocations = Storage::orderBy('name') $storageLocations = Storage::orderBy('name')
->paginate(UserConfig::get('items_per_page')); ->paginate(UserConfig::get('items_per_page'));
@ -53,7 +53,7 @@ class StorageController extends Controller
*/ */
public function create(Request $request) public function create(Request $request)
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
$filesystemDefaultLocation = sprintf('%s/storage/app/albums', dirname(dirname(dirname(dirname(__DIR__))))); $filesystemDefaultLocation = sprintf('%s/storage/app/albums', dirname(dirname(dirname(dirname(__DIR__)))));
@ -72,7 +72,7 @@ class StorageController extends Controller
*/ */
public function store(Requests\StoreStorageRequest $request) public function store(Requests\StoreStorageRequest $request)
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
$storage = new Storage(); $storage = new Storage();
$storage->fill($request->only([ $storage->fill($request->only([
@ -136,7 +136,7 @@ class StorageController extends Controller
*/ */
public function delete(Request $request, $id) public function delete(Request $request, $id)
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
$storage = Storage::where('id', intval($id))->first(); $storage = Storage::where('id', intval($id))->first();
if (is_null($storage)) if (is_null($storage))
@ -169,7 +169,7 @@ class StorageController extends Controller
*/ */
public function edit(Request $request, $id) public function edit(Request $request, $id)
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
/** @var Storage $storage */ /** @var Storage $storage */
$storage = Storage::where('id', intval($id))->first(); $storage = Storage::where('id', intval($id))->first();
@ -203,7 +203,7 @@ class StorageController extends Controller
*/ */
public function update(Requests\StoreStorageRequest $request, $id) public function update(Requests\StoreStorageRequest $request, $id)
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
$storage = Storage::where('id', intval($id))->first(); $storage = Storage::where('id', intval($id))->first();
if (is_null($storage)) if (is_null($storage))
@ -258,7 +258,7 @@ class StorageController extends Controller
*/ */
public function destroy(Request $request, $id) public function destroy(Request $request, $id)
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
$storage = Storage::where('id', intval($id))->first(); $storage = Storage::where('id', intval($id))->first();
if (is_null($storage)) if (is_null($storage))

View File

@ -24,7 +24,7 @@ class UserController extends Controller
public function delete(Request $request, $id) public function delete(Request $request, $id)
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
$user = User::where('id', intval($id))->first(); $user = User::where('id', intval($id))->first();
if (is_null($user)) if (is_null($user))
@ -48,7 +48,7 @@ class UserController extends Controller
*/ */
public function index(Request $request) public function index(Request $request)
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
$users = User::orderBy('name') $users = User::orderBy('name')
->paginate(UserConfig::get('items_per_page')); ->paginate(UserConfig::get('items_per_page'));
@ -68,7 +68,7 @@ class UserController extends Controller
*/ */
public function create() public function create()
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
return Theme::render('admin.create_user'); return Theme::render('admin.create_user');
} }
@ -81,7 +81,7 @@ class UserController extends Controller
*/ */
public function store(Requests\StoreUserRequest $request) public function store(Requests\StoreUserRequest $request)
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
$user = new User(); $user = new User();
$user->fill($request->only(['name', 'email', 'password'])); $user->fill($request->only(['name', 'email', 'password']));
@ -113,7 +113,7 @@ class UserController extends Controller
*/ */
public function edit(Request $request, $id) public function edit(Request $request, $id)
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
$user = User::where('id', intval($id))->first(); $user = User::where('id', intval($id))->first();
if (is_null($user)) if (is_null($user))
@ -145,7 +145,7 @@ class UserController extends Controller
*/ */
public function update(Requests\StoreUserRequest $request, $id) public function update(Requests\StoreUserRequest $request, $id)
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
$user = User::where('id', intval($id))->first(); $user = User::where('id', intval($id))->first();
if (is_null($user)) if (is_null($user))
@ -214,7 +214,7 @@ class UserController extends Controller
*/ */
public function destroy(Request $request, $id) public function destroy(Request $request, $id)
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
/** @var User $user */ /** @var User $user */
$user = User::where('id', intval($id))->first(); $user = User::where('id', intval($id))->first();
@ -255,7 +255,7 @@ class UserController extends Controller
*/ */
public function searchJson(Request $request) public function searchJson(Request $request)
{ {
$this->authorize('admin-access'); $this->authorizeAccessToAdminPanel();
$limit = intval($request->get('n')); $limit = intval($request->get('n'));
if ($limit == 0) if ($limit == 0)

View File

@ -8,6 +8,7 @@ use Illuminate\Http\Request;
use Illuminate\Routing\Controller as BaseController; use Illuminate\Routing\Controller as BaseController;
use Illuminate\Foundation\Validation\ValidatesRequests; use Illuminate\Foundation\Validation\ValidatesRequests;
use Illuminate\Foundation\Auth\Access\AuthorizesRequests; use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
use Illuminate\Support\Facades\App;
use Illuminate\Support\Facades\Artisan; use Illuminate\Support\Facades\Artisan;
use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\DB; use Illuminate\Support\Facades\DB;
@ -16,13 +17,13 @@ class Controller extends BaseController
{ {
use AuthorizesRequests, DispatchesJobs, ValidatesRequests; use AuthorizesRequests, DispatchesJobs, ValidatesRequests;
protected function authorizeAccessToAdminPanel() protected function authorizeAccessToAdminPanel($additionalPermission = null)
{ {
// A user can access the admin panel if they are either an administrator, or are allowed to create albums $this->authorizeForUser($this->getUser(), 'admin:access');
// Further checks within the admin panel determine what a user can do within the panel
if (!Auth::user()->can('admin-access') && !Auth::user()->can('admin-create-albums')) if (!is_null($additionalPermission))
{ {
App::abort(403); $this->authorizeForUser($this->getUser(), $additionalPermission);
} }
} }

View File

@ -4,13 +4,22 @@ namespace App\Providers;
use App\Album; use App\Album;
use App\Facade\UserConfig; use App\Facade\UserConfig;
use App\Group;
use App\Permission;
use App\Photo; use App\Photo;
use App\Policies\AlbumPolicy; use App\Policies\AlbumPolicy;
use App\User;
use function GuzzleHttp\Psr7\mimetype_from_extension;
use Illuminate\Support\Facades\Gate; use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider; use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
class AuthServiceProvider extends ServiceProvider class AuthServiceProvider extends ServiceProvider
{ {
/**
* @var Permission[]
*/
private $permissions;
/** /**
* The policy mappings for the application. * The policy mappings for the application.
* *
@ -29,14 +38,19 @@ class AuthServiceProvider extends ServiceProvider
{ {
$this->registerPolicies(); $this->registerPolicies();
Gate::define('admin-access', function ($user) Gate::define('admin:access', function ($user)
{ {
return $user->is_admin; return $this->userHasAdminPermission($user, 'access');
}); });
Gate::define('admin-create-albums', function ($user) Gate::define('admin:configure', function ($user)
{ {
return $user->can_create_albums; return $this->userHasAdminPermission($user, 'configure');
}); });
Gate::define('admin:manage-albums', function ($user)
{
return $this->userHasAdminPermission($user, 'manage-albums');
});
Gate::define('photo.download_original', function ($user, Photo $photo) Gate::define('photo.download_original', function ($user, Photo $photo)
{ {
if (!UserConfig::get('restrict_original_download')) if (!UserConfig::get('restrict_original_download'))
@ -47,4 +61,41 @@ class AuthServiceProvider extends ServiceProvider
return ($user->id == $photo->user_id); return ($user->id == $photo->user_id);
}); });
} }
private function userHasAdminPermission(User $user, $permissionDescription)
{
if ($user->is_admin)
{
return true;
}
/** @var Group $group */
foreach ($user->groups as $group)
{
if ($group->hasAdminPermission($group, $this->getAdminPermission($permissionDescription)))
{
return true;
}
}
return false;
}
private function getAdminPermission($description)
{
if (is_null($this->permissions))
{
$this->permissions = Permission::where('section', 'admin')->get();
}
foreach ($this->permissions as $permission)
{
if (strtolower($permission->description) == strtolower($description))
{
return $permission;
}
}
return null;
}
} }

View File

@ -1,32 +0,0 @@
<?php
use Illuminate\Support\Facades\Schema;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migrations\Migration;
class AddUserUploadFlag extends Migration
{
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
Schema::table('users', function (Blueprint $table) {
$table->boolean('can_create_albums')->default(0);
});
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
Schema::table('users', function (Blueprint $table) {
$table->dropColumn('can_create_albums');
});
}
}

View File

@ -0,0 +1,40 @@
<?php
use Illuminate\Support\Facades\Schema;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migrations\Migration;
class CreateAdminGroupPermissionsTable extends Migration
{
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
Schema::create('admin_group_permissions', function ($table) {
$table->unsignedInteger('group_id');
$table->unsignedInteger('permission_id');
$table->foreign('group_id')
->references('id')->on('groups')
->onDelete('cascade');
$table->foreign('permission_id')
->references('id')->on('permissions')
->onDelete('no action');
$table->timestamps();
});
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
Schema::dropIfExists('admin_group_permissions');
}
}

View File

@ -10,6 +10,39 @@ class PermissionsSeeder extends Seeder
* @return void * @return void
*/ */
public function run() public function run()
{
$this->seedAlbumPermissions();
$this->seedAdminPermissions();
}
private function seedAdminPermissions()
{
// admin:access = controls if the admin panel is accessible
DatabaseSeeder::createOrUpdate('permissions', [
'section' => 'admin',
'description' => 'access',
'is_default' => false,
'sort_order' => 0
]);
// admin:configure = controls if the system is configurable
DatabaseSeeder::createOrUpdate('permissions', [
'section' => 'admin',
'description' => 'configure',
'is_default' => false,
'sort_order' => 0
]);
// admin:manage-albums = controls if albums can be managed
DatabaseSeeder::createOrUpdate('permissions', [
'section' => 'admin',
'description' => 'manage-albums',
'is_default' => false,
'sort_order' => 0
]);
}
private function seedAlbumPermissions()
{ {
// album:list = controls if the album is visible in listings // album:list = controls if the album is visible in listings
DatabaseSeeder::createOrUpdate('permissions', [ DatabaseSeeder::createOrUpdate('permissions', [

View File

@ -76,6 +76,7 @@ return [
'group_details_tab' => 'Details', 'group_details_tab' => 'Details',
'group_no_users_message' => 'This group has no users assigned to it. Assign users to this group by using the Groups tab on the Edit User page.', 'group_no_users_message' => 'This group has no users assigned to it. Assign users to this group by using the Groups tab on the Edit User page.',
'group_number_users' => '{0} No users|{1} 1 user|[2,Inf] :count users', 'group_number_users' => '{0} No users|{1} 1 user|[2,Inf] :count users',
'group_permissions_tab' => 'Permissions',
'group_users_message' => 'The users shown below are linked to this group. To remove a user, click the user\'s name and untick the ":group_name" group from the Groups tab.', 'group_users_message' => 'The users shown below are linked to this group. To remove a user, click the user\'s name and untick the ":group_name" group from the Groups tab.',
'group_users_tab' => 'Users', 'group_users_tab' => 'Users',
'inactive_storage_legend' => 'Inactive storage location that cannot be used for new albums.', 'inactive_storage_legend' => 'Inactive storage location that cannot be used for new albums.',

View File

@ -1,5 +1,10 @@
<?php <?php
return [ return [
'admin' => [
'access' => 'Access the administration panel',
'configure' => 'Configure the application',
'manage-albums' => 'Manage photo albums'
],
'album' => [ 'album' => [
'delete' => 'Delete this album', 'delete' => 'Delete this album',
'delete-other-photos' => 'Delete photos owned by other users', 'delete-other-photos' => 'Delete photos owned by other users',

View File

@ -24,6 +24,7 @@
<ul class="nav nav-tabs" role="tablist"> <ul class="nav nav-tabs" role="tablist">
@include(Theme::viewName('partials.tab'), ['active_tab' => 'details', 'tab_name' => 'details', 'tab_icon' => 'info-circle', 'tab_text' => trans('admin.group_details_tab')]) @include(Theme::viewName('partials.tab'), ['active_tab' => 'details', 'tab_name' => 'details', 'tab_icon' => 'info-circle', 'tab_text' => trans('admin.group_details_tab')])
@include(Theme::viewName('partials.tab'), ['active_tab' => 'details', 'tab_name' => 'users', 'tab_icon' => 'users', 'tab_text' => trans('admin.group_users_tab')]) @include(Theme::viewName('partials.tab'), ['active_tab' => 'details', 'tab_name' => 'users', 'tab_icon' => 'users', 'tab_text' => trans('admin.group_users_tab')])
@include(Theme::viewName('partials.tab'), ['active_tab' => 'details', 'tab_name' => 'permissions', 'tab_icon' => 'lock', 'tab_text' => trans('admin.group_permissions_tab')])
</ul> </ul>
{{-- Tab panes --}} {{-- Tab panes --}}
@ -42,11 +43,6 @@
</div> </div>
@endif @endif
</div> </div>
<div class="text-right">
<a href="{{ route('groups.index') }}" class="btn btn-link">@lang('forms.cancel_action')</a>
<button class="btn btn-success" type="submit"><i class="fa fa-fw fa-check"></i> @lang('forms.save_action')</button>
</div>
</div> </div>
</div> </div>
</div> </div>
@ -65,8 +61,35 @@
<div><a class="btn btn-secondary" href="{{ route('users.index') }}">@lang('admin.users_title')</a></div> <div><a class="btn btn-secondary" href="{{ route('users.index') }}">@lang('admin.users_title')</a></div>
@endif @endif
</div> </div>
{{-- Permissions --}}
<div role="tabpanel" class="tab-pane" id="permissions-tab">
@php
$callback = [$group, 'hasAdminPermission'];
$callback_object = $group;
$key_id = 'group_' . $group->id;
$object_id = $group->id
@endphp
@include(Theme::viewName('partials.permission_checkbox'), [
'permission' => Theme::getPermission($all_permissions, 'admin', 'access')
])
@include(Theme::viewName('partials.permission_checkbox'), [
'permission' => Theme::getPermission($all_permissions, 'admin', 'configure')
])
@include(Theme::viewName('partials.permission_checkbox'), [
'permission' => Theme::getPermission($all_permissions, 'admin', 'manage-albums')
])
</div>
</div> </div>
</div> </div>
<div class="text-right mt-3">
<a href="{{ route('groups.index') }}" class="btn btn-link">@lang('forms.cancel_action')</a>
<button class="btn btn-success" type="submit"><i class="fa fa-fw fa-check"></i> @lang('forms.save_action')</button>
</div>
</form> </form>
</div> </div>
</div> </div>

View File

@ -1,6 +1,8 @@
<div class="card admin-sidebar-card"> @can('admin:manage-albums')
<div class="card-header">@lang('admin.actions_widget.panel_header')</div> <div class="card admin-sidebar-card">
<div class="card-block"> <div class="card-header">@lang('admin.actions_widget.panel_header')</div>
<a class="btn btn-link" href="{{ route('albums.create') }}"><i class="fa fa-fw fa-plus"></i> @lang('admin.actions_widget.create_album_link')</a> <div class="card-block">
<a class="btn btn-link" href="{{ route('albums.create') }}"><i class="fa fa-fw fa-plus"></i> @lang('admin.actions_widget.create_album_link')</a>
</div>
</div> </div>
</div> @endcan

View File

@ -1,12 +1,15 @@
<div class="card admin-sidebar-card"> <div class="card admin-sidebar-card">
<div class="card-header">@lang('admin.manage_widget.panel_header')</div> <div class="card-header">@lang('admin.manage_widget.panel_header')</div>
<div class="card-block"> <div class="card-block">
<a class="btn btn-link" href="{{ route('albums.index') }}"><i class="fa fa-fw fa-picture-o"></i> @lang('navigation.breadcrumb.albums')</a> @can('admin:manage-albums')
<a class="btn btn-link" href="{{ route('albums.index') }}"><i class="fa fa-fw fa-picture-o"></i> @lang('navigation.breadcrumb.albums')</a>
@endcan
@can('admin-access') <a class="btn btn-link" href="{{ route('users.index') }}"><i class="fa fa-fw fa-user"></i> @lang('navigation.breadcrumb.users')</a>
<a class="btn btn-link" href="{{ route('users.index') }}"><i class="fa fa-fw fa-user"></i> @lang('navigation.breadcrumb.users')</a> <a class="btn btn-link" href="{{ route('groups.index') }}"><i class="fa fa-fw fa-users"></i> @lang('navigation.breadcrumb.groups')</a>
<a class="btn btn-link" href="{{ route('groups.index') }}"><i class="fa fa-fw fa-users"></i> @lang('navigation.breadcrumb.groups')</a> <a class="btn btn-link" href="{{ route('storage.index') }}"><i class="fa fa-fw fa-folder"></i> @lang('navigation.breadcrumb.storage')</a>
<a class="btn btn-link" href="{{ route('storage.index') }}"><i class="fa fa-fw fa-folder"></i> @lang('navigation.breadcrumb.storage')</a>
@can('admin:configure')
<a class="btn btn-link" href="{{ route('admin.settings') }}"><i class="fa fa-fw fa-cog"></i> @lang('navigation.breadcrumb.settings')</a> <a class="btn btn-link" href="{{ route('admin.settings') }}"><i class="fa fa-fw fa-cog"></i> @lang('navigation.breadcrumb.settings')</a>
@endcan @endcan
</div> </div>

View File

@ -3,7 +3,7 @@
<div class="card-block"> <div class="card-block">
<b>{{ $album_count }}</b> {{ trans_choice('admin.stats_widget.albums', $album_count) }}<br/> <b>{{ $album_count }}</b> {{ trans_choice('admin.stats_widget.albums', $album_count) }}<br/>
<b>{{ $photo_count }}</b> {{ trans_choice('admin.stats_widget.photos', $photo_count) }} <b>{{ $photo_count }}</b> {{ trans_choice('admin.stats_widget.photos', $photo_count) }}
@can('admin-access') @can('admin:access')
<br/> <br/>
<b>{{ $user_count }}</b> {{ trans_choice('admin.stats_widget.users', $user_count) }} / <b>{{ $group_count }}</b> {{ trans_choice('admin.stats_widget.groups', $group_count) }} <b>{{ $user_count }}</b> {{ trans_choice('admin.stats_widget.users', $user_count) }} / <b>{{ $group_count }}</b> {{ trans_choice('admin.stats_widget.groups', $group_count) }}
@endcan @endcan

View File

@ -19,7 +19,7 @@
</li> </li>
@endif @endif
@if (!Auth::guest() && (Auth::user()->can('admin-access') || Auth::user()->can('admin-create-albums'))) @if (!Auth::guest() && (Auth::user()->can('admin:access')))
<li class="nav-item"> <li class="nav-item">
<a class="nav-link" href="{{ route('admin') }}"><i class="fa fa-fw fa-cog"></i> @lang('navigation.navbar.admin')</a> <a class="nav-link" href="{{ route('admin') }}"><i class="fa fa-fw fa-cog"></i> @lang('navigation.navbar.admin')</a>
</li> </li>