#3: It's now possible to restrict access to the admin panel, managing albums and settings functions by user group
This commit is contained in:
parent
045935c554
commit
2ef01cc23c
@ -15,6 +15,18 @@ class Group extends Model
|
||||
'name'
|
||||
];
|
||||
|
||||
public function adminPermissions()
|
||||
{
|
||||
return $this->belongsToMany(Permission::class, 'admin_group_permissions');
|
||||
}
|
||||
|
||||
public function hasAdminPermission(Group $group, Permission $permission)
|
||||
{
|
||||
return $this->adminPermissions()->where([
|
||||
'permission_id' => $permission->id
|
||||
])->count() > 0;
|
||||
}
|
||||
|
||||
public function users()
|
||||
{
|
||||
return $this->belongsToMany(User::class, 'user_groups');
|
||||
|
@ -34,7 +34,7 @@ class AlbumController extends Controller
|
||||
|
||||
public function analyse($id, $queue_token)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-albums');
|
||||
|
||||
$album = $this->loadAlbum($id);
|
||||
$photos = $album->photos()
|
||||
@ -57,7 +57,7 @@ class AlbumController extends Controller
|
||||
*/
|
||||
public function create(Request $request)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-albums');
|
||||
|
||||
$albumSources = [];
|
||||
foreach (Storage::where('is_active', true)->orderBy('name')->get() as $storage)
|
||||
@ -81,7 +81,7 @@ class AlbumController extends Controller
|
||||
|
||||
public function delete($id)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-albums');
|
||||
|
||||
$album = $this->loadAlbum($id);
|
||||
|
||||
@ -96,7 +96,7 @@ class AlbumController extends Controller
|
||||
*/
|
||||
public function destroy(Request $request, $id)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-albums');
|
||||
|
||||
$album = $this->loadAlbum($id);
|
||||
|
||||
@ -124,7 +124,7 @@ class AlbumController extends Controller
|
||||
*/
|
||||
public function edit($id)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-albums');
|
||||
|
||||
$album = $this->loadAlbum($id);
|
||||
|
||||
@ -138,7 +138,7 @@ class AlbumController extends Controller
|
||||
*/
|
||||
public function index(Request $request)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-albums');
|
||||
|
||||
$albums = DbHelper::getAlbumsForCurrentUser();
|
||||
|
||||
@ -150,7 +150,7 @@ class AlbumController extends Controller
|
||||
|
||||
public function setGroupPermissions(Request $request, $id)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-albums');
|
||||
|
||||
/** @var Album $album */
|
||||
$album = $this->loadAlbum($id);
|
||||
@ -206,7 +206,7 @@ class AlbumController extends Controller
|
||||
|
||||
public function setUserPermissions(Request $request, $id)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-albums');
|
||||
|
||||
/** @var Album $album */
|
||||
$album = $this->loadAlbum($id);
|
||||
@ -287,7 +287,7 @@ class AlbumController extends Controller
|
||||
*/
|
||||
public function show(Request $request, $id)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-albums');
|
||||
|
||||
$album = $this->loadAlbum($id);
|
||||
$photos = $album->photos()
|
||||
@ -371,7 +371,7 @@ class AlbumController extends Controller
|
||||
*/
|
||||
public function store(Requests\StoreAlbumRequest $request)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-albums');
|
||||
|
||||
$album = new Album();
|
||||
$album->fill($request->only(['name', 'description', 'storage_id']));
|
||||
@ -395,7 +395,7 @@ class AlbumController extends Controller
|
||||
*/
|
||||
public function update(Requests\StoreAlbumRequest $request, $id)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-albums');
|
||||
|
||||
$album = $this->loadAlbum($id);
|
||||
$album->fill($request->only(['name', 'description']));
|
||||
|
@ -55,6 +55,8 @@ class DefaultController extends Controller
|
||||
|
||||
public function saveSettings(SaveSettingsRequest $request)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel('admin:configure');
|
||||
|
||||
$passwordKeys = [
|
||||
'smtp_password'
|
||||
];
|
||||
@ -137,7 +139,7 @@ class DefaultController extends Controller
|
||||
|
||||
public function settings(Request $request)
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel('admin:configure');
|
||||
|
||||
// Load the current configuration
|
||||
$config = array_merge(UserConfig::defaults(), UserConfig::getAll());
|
||||
@ -162,6 +164,8 @@ class DefaultController extends Controller
|
||||
|
||||
public function testMailSettings(SaveSettingsRequest $request)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel('admin:configure');
|
||||
|
||||
try
|
||||
{
|
||||
$validKeys = [
|
||||
|
@ -7,6 +7,7 @@ use App\Facade\UserConfig;
|
||||
use App\Group;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\StoreGroupRequest;
|
||||
use App\Permission;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\App;
|
||||
use Illuminate\Support\Facades\View;
|
||||
@ -26,14 +27,14 @@ class GroupController extends Controller
|
||||
*/
|
||||
public function create()
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
return Theme::render('admin.create_group');
|
||||
}
|
||||
|
||||
public function delete($id)
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
$group = Group::where('id', intval($id))->first();
|
||||
if (is_null($group))
|
||||
@ -52,7 +53,7 @@ class GroupController extends Controller
|
||||
*/
|
||||
public function destroy(Request $request, $id)
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
/** @var Group $group */
|
||||
$group = Group::where('id', intval($id))->first();
|
||||
@ -87,7 +88,7 @@ class GroupController extends Controller
|
||||
*/
|
||||
public function edit(Request $request, $id)
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
$group = Group::where('id', intval($id))->first();
|
||||
if (is_null($group))
|
||||
@ -100,7 +101,10 @@ class GroupController extends Controller
|
||||
$request->session()->flash('_old_input', $group->toArray());
|
||||
}
|
||||
|
||||
return Theme::render('admin.edit_group', ['group' => $group]);
|
||||
return Theme::render('admin.edit_group', [
|
||||
'all_permissions' => Permission::where('section', 'admin')->get(),
|
||||
'group' => $group
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -110,7 +114,7 @@ class GroupController extends Controller
|
||||
*/
|
||||
public function index(Request $request)
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
$groups = Group::orderBy('name')
|
||||
->paginate(UserConfig::get('items_per_page'));
|
||||
@ -131,7 +135,7 @@ class GroupController extends Controller
|
||||
*/
|
||||
public function store(StoreGroupRequest $request)
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
$group = new Group();
|
||||
$group->fill($request->only(['name']));
|
||||
@ -149,8 +153,9 @@ class GroupController extends Controller
|
||||
*/
|
||||
public function update(StoreGroupRequest $request, $id)
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
/** @var Group $group */
|
||||
$group = Group::where('id', intval($id))->first();
|
||||
if (is_null($group))
|
||||
{
|
||||
@ -158,6 +163,21 @@ class GroupController extends Controller
|
||||
}
|
||||
|
||||
$group->fill($request->only(['name']));
|
||||
|
||||
// Update the admin permissions
|
||||
$group->adminPermissions()->detach();
|
||||
$permissions = $request->get('permissions');
|
||||
if (is_array($permissions) && array_key_exists($id, $permissions))
|
||||
{
|
||||
foreach ($permissions[$id] as $permissionID)
|
||||
{
|
||||
$group->adminPermissions()->attach($permissionID, [
|
||||
'created_at' => new \DateTime(),
|
||||
'updated_at' => new \DateTime()
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
||||
$group->save();
|
||||
|
||||
return redirect(route('groups.index'));
|
||||
|
@ -34,7 +34,7 @@ class PhotoController extends Controller
|
||||
|
||||
public function analyse($photoId, $queue_token)
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
/** @var Photo $photo */
|
||||
$photo = Photo::where('id', intval($photoId))->first();
|
||||
@ -93,7 +93,7 @@ class PhotoController extends Controller
|
||||
*/
|
||||
public function destroy(Request $request, $id)
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
/** @var Photo $photo */
|
||||
$photo = Photo::where('id', intval($id))->first();
|
||||
@ -111,7 +111,7 @@ class PhotoController extends Controller
|
||||
|
||||
public function flip($photoId, $horizontal, $vertical)
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
settype($horizontal, 'boolean');
|
||||
settype($vertical, 'boolean');
|
||||
@ -129,7 +129,7 @@ class PhotoController extends Controller
|
||||
|
||||
public function move(Request $request, $photoId)
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
$photo = Photo::where('id', intval($photoId))->first();
|
||||
if (is_null($photo))
|
||||
@ -160,7 +160,7 @@ class PhotoController extends Controller
|
||||
|
||||
public function regenerateThumbnails($photoId)
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
/** @var Photo $photo */
|
||||
$photo = Photo::where('id', intval($photoId))->first();
|
||||
@ -190,7 +190,7 @@ class PhotoController extends Controller
|
||||
|
||||
public function rotate($photoId, $angle)
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
$photo = Photo::where('id', intval($photoId))->first();
|
||||
if (is_null($photo))
|
||||
@ -217,7 +217,7 @@ class PhotoController extends Controller
|
||||
*/
|
||||
public function store(Request $request)
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
$photoFiles = $request->files->get('photo');
|
||||
|
||||
@ -276,7 +276,7 @@ class PhotoController extends Controller
|
||||
|
||||
public function storeBulk(Request $request)
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
// Load the linked album
|
||||
$album = $this->loadAlbum($request->get('album_id'));
|
||||
@ -404,7 +404,7 @@ class PhotoController extends Controller
|
||||
|
||||
public function updateBulk(UpdatePhotosBulkRequest $request, $albumId)
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
/** @var Album $album */
|
||||
$album = Album::where('id', intval($albumId))->first();
|
||||
|
@ -34,7 +34,7 @@ class StorageController extends Controller
|
||||
*/
|
||||
public function index(Request $request)
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
$storageLocations = Storage::orderBy('name')
|
||||
->paginate(UserConfig::get('items_per_page'));
|
||||
@ -53,7 +53,7 @@ class StorageController extends Controller
|
||||
*/
|
||||
public function create(Request $request)
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
$filesystemDefaultLocation = sprintf('%s/storage/app/albums', dirname(dirname(dirname(dirname(__DIR__)))));
|
||||
|
||||
@ -72,7 +72,7 @@ class StorageController extends Controller
|
||||
*/
|
||||
public function store(Requests\StoreStorageRequest $request)
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
$storage = new Storage();
|
||||
$storage->fill($request->only([
|
||||
@ -136,7 +136,7 @@ class StorageController extends Controller
|
||||
*/
|
||||
public function delete(Request $request, $id)
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
$storage = Storage::where('id', intval($id))->first();
|
||||
if (is_null($storage))
|
||||
@ -169,7 +169,7 @@ class StorageController extends Controller
|
||||
*/
|
||||
public function edit(Request $request, $id)
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
/** @var Storage $storage */
|
||||
$storage = Storage::where('id', intval($id))->first();
|
||||
@ -203,7 +203,7 @@ class StorageController extends Controller
|
||||
*/
|
||||
public function update(Requests\StoreStorageRequest $request, $id)
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
$storage = Storage::where('id', intval($id))->first();
|
||||
if (is_null($storage))
|
||||
@ -258,7 +258,7 @@ class StorageController extends Controller
|
||||
*/
|
||||
public function destroy(Request $request, $id)
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
$storage = Storage::where('id', intval($id))->first();
|
||||
if (is_null($storage))
|
||||
|
@ -24,7 +24,7 @@ class UserController extends Controller
|
||||
|
||||
public function delete(Request $request, $id)
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
$user = User::where('id', intval($id))->first();
|
||||
if (is_null($user))
|
||||
@ -48,7 +48,7 @@ class UserController extends Controller
|
||||
*/
|
||||
public function index(Request $request)
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
$users = User::orderBy('name')
|
||||
->paginate(UserConfig::get('items_per_page'));
|
||||
@ -68,7 +68,7 @@ class UserController extends Controller
|
||||
*/
|
||||
public function create()
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
return Theme::render('admin.create_user');
|
||||
}
|
||||
@ -81,7 +81,7 @@ class UserController extends Controller
|
||||
*/
|
||||
public function store(Requests\StoreUserRequest $request)
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
$user = new User();
|
||||
$user->fill($request->only(['name', 'email', 'password']));
|
||||
@ -113,7 +113,7 @@ class UserController extends Controller
|
||||
*/
|
||||
public function edit(Request $request, $id)
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
$user = User::where('id', intval($id))->first();
|
||||
if (is_null($user))
|
||||
@ -145,7 +145,7 @@ class UserController extends Controller
|
||||
*/
|
||||
public function update(Requests\StoreUserRequest $request, $id)
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
$user = User::where('id', intval($id))->first();
|
||||
if (is_null($user))
|
||||
@ -214,7 +214,7 @@ class UserController extends Controller
|
||||
*/
|
||||
public function destroy(Request $request, $id)
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
/** @var User $user */
|
||||
$user = User::where('id', intval($id))->first();
|
||||
@ -255,7 +255,7 @@ class UserController extends Controller
|
||||
*/
|
||||
public function searchJson(Request $request)
|
||||
{
|
||||
$this->authorize('admin-access');
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
|
||||
$limit = intval($request->get('n'));
|
||||
if ($limit == 0)
|
||||
|
@ -8,6 +8,7 @@ use Illuminate\Http\Request;
|
||||
use Illuminate\Routing\Controller as BaseController;
|
||||
use Illuminate\Foundation\Validation\ValidatesRequests;
|
||||
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
|
||||
use Illuminate\Support\Facades\App;
|
||||
use Illuminate\Support\Facades\Artisan;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
@ -16,13 +17,13 @@ class Controller extends BaseController
|
||||
{
|
||||
use AuthorizesRequests, DispatchesJobs, ValidatesRequests;
|
||||
|
||||
protected function authorizeAccessToAdminPanel()
|
||||
protected function authorizeAccessToAdminPanel($additionalPermission = null)
|
||||
{
|
||||
// A user can access the admin panel if they are either an administrator, or are allowed to create albums
|
||||
// Further checks within the admin panel determine what a user can do within the panel
|
||||
if (!Auth::user()->can('admin-access') && !Auth::user()->can('admin-create-albums'))
|
||||
$this->authorizeForUser($this->getUser(), 'admin:access');
|
||||
|
||||
if (!is_null($additionalPermission))
|
||||
{
|
||||
App::abort(403);
|
||||
$this->authorizeForUser($this->getUser(), $additionalPermission);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -4,13 +4,22 @@ namespace App\Providers;
|
||||
|
||||
use App\Album;
|
||||
use App\Facade\UserConfig;
|
||||
use App\Group;
|
||||
use App\Permission;
|
||||
use App\Photo;
|
||||
use App\Policies\AlbumPolicy;
|
||||
use App\User;
|
||||
use function GuzzleHttp\Psr7\mimetype_from_extension;
|
||||
use Illuminate\Support\Facades\Gate;
|
||||
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
|
||||
|
||||
class AuthServiceProvider extends ServiceProvider
|
||||
{
|
||||
/**
|
||||
* @var Permission[]
|
||||
*/
|
||||
private $permissions;
|
||||
|
||||
/**
|
||||
* The policy mappings for the application.
|
||||
*
|
||||
@ -29,14 +38,19 @@ class AuthServiceProvider extends ServiceProvider
|
||||
{
|
||||
$this->registerPolicies();
|
||||
|
||||
Gate::define('admin-access', function ($user)
|
||||
Gate::define('admin:access', function ($user)
|
||||
{
|
||||
return $user->is_admin;
|
||||
return $this->userHasAdminPermission($user, 'access');
|
||||
});
|
||||
Gate::define('admin-create-albums', function ($user)
|
||||
Gate::define('admin:configure', function ($user)
|
||||
{
|
||||
return $user->can_create_albums;
|
||||
return $this->userHasAdminPermission($user, 'configure');
|
||||
});
|
||||
Gate::define('admin:manage-albums', function ($user)
|
||||
{
|
||||
return $this->userHasAdminPermission($user, 'manage-albums');
|
||||
});
|
||||
|
||||
Gate::define('photo.download_original', function ($user, Photo $photo)
|
||||
{
|
||||
if (!UserConfig::get('restrict_original_download'))
|
||||
@ -47,4 +61,41 @@ class AuthServiceProvider extends ServiceProvider
|
||||
return ($user->id == $photo->user_id);
|
||||
});
|
||||
}
|
||||
|
||||
private function userHasAdminPermission(User $user, $permissionDescription)
|
||||
{
|
||||
if ($user->is_admin)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
/** @var Group $group */
|
||||
foreach ($user->groups as $group)
|
||||
{
|
||||
if ($group->hasAdminPermission($group, $this->getAdminPermission($permissionDescription)))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
private function getAdminPermission($description)
|
||||
{
|
||||
if (is_null($this->permissions))
|
||||
{
|
||||
$this->permissions = Permission::where('section', 'admin')->get();
|
||||
}
|
||||
|
||||
foreach ($this->permissions as $permission)
|
||||
{
|
||||
if (strtolower($permission->description) == strtolower($description))
|
||||
{
|
||||
return $permission;
|
||||
}
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
@ -1,32 +0,0 @@
|
||||
<?php
|
||||
|
||||
use Illuminate\Support\Facades\Schema;
|
||||
use Illuminate\Database\Schema\Blueprint;
|
||||
use Illuminate\Database\Migrations\Migration;
|
||||
|
||||
class AddUserUploadFlag extends Migration
|
||||
{
|
||||
/**
|
||||
* Run the migrations.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function up()
|
||||
{
|
||||
Schema::table('users', function (Blueprint $table) {
|
||||
$table->boolean('can_create_albums')->default(0);
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Reverse the migrations.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function down()
|
||||
{
|
||||
Schema::table('users', function (Blueprint $table) {
|
||||
$table->dropColumn('can_create_albums');
|
||||
});
|
||||
}
|
||||
}
|
@ -0,0 +1,40 @@
|
||||
<?php
|
||||
|
||||
use Illuminate\Support\Facades\Schema;
|
||||
use Illuminate\Database\Schema\Blueprint;
|
||||
use Illuminate\Database\Migrations\Migration;
|
||||
|
||||
class CreateAdminGroupPermissionsTable extends Migration
|
||||
{
|
||||
/**
|
||||
* Run the migrations.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function up()
|
||||
{
|
||||
Schema::create('admin_group_permissions', function ($table) {
|
||||
$table->unsignedInteger('group_id');
|
||||
$table->unsignedInteger('permission_id');
|
||||
|
||||
$table->foreign('group_id')
|
||||
->references('id')->on('groups')
|
||||
->onDelete('cascade');
|
||||
$table->foreign('permission_id')
|
||||
->references('id')->on('permissions')
|
||||
->onDelete('no action');
|
||||
|
||||
$table->timestamps();
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Reverse the migrations.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function down()
|
||||
{
|
||||
Schema::dropIfExists('admin_group_permissions');
|
||||
}
|
||||
}
|
@ -10,6 +10,39 @@ class PermissionsSeeder extends Seeder
|
||||
* @return void
|
||||
*/
|
||||
public function run()
|
||||
{
|
||||
$this->seedAlbumPermissions();
|
||||
$this->seedAdminPermissions();
|
||||
}
|
||||
|
||||
private function seedAdminPermissions()
|
||||
{
|
||||
// admin:access = controls if the admin panel is accessible
|
||||
DatabaseSeeder::createOrUpdate('permissions', [
|
||||
'section' => 'admin',
|
||||
'description' => 'access',
|
||||
'is_default' => false,
|
||||
'sort_order' => 0
|
||||
]);
|
||||
|
||||
// admin:configure = controls if the system is configurable
|
||||
DatabaseSeeder::createOrUpdate('permissions', [
|
||||
'section' => 'admin',
|
||||
'description' => 'configure',
|
||||
'is_default' => false,
|
||||
'sort_order' => 0
|
||||
]);
|
||||
|
||||
// admin:manage-albums = controls if albums can be managed
|
||||
DatabaseSeeder::createOrUpdate('permissions', [
|
||||
'section' => 'admin',
|
||||
'description' => 'manage-albums',
|
||||
'is_default' => false,
|
||||
'sort_order' => 0
|
||||
]);
|
||||
}
|
||||
|
||||
private function seedAlbumPermissions()
|
||||
{
|
||||
// album:list = controls if the album is visible in listings
|
||||
DatabaseSeeder::createOrUpdate('permissions', [
|
||||
|
@ -76,6 +76,7 @@ return [
|
||||
'group_details_tab' => 'Details',
|
||||
'group_no_users_message' => 'This group has no users assigned to it. Assign users to this group by using the Groups tab on the Edit User page.',
|
||||
'group_number_users' => '{0} No users|{1} 1 user|[2,Inf] :count users',
|
||||
'group_permissions_tab' => 'Permissions',
|
||||
'group_users_message' => 'The users shown below are linked to this group. To remove a user, click the user\'s name and untick the ":group_name" group from the Groups tab.',
|
||||
'group_users_tab' => 'Users',
|
||||
'inactive_storage_legend' => 'Inactive storage location that cannot be used for new albums.',
|
||||
|
@ -1,5 +1,10 @@
|
||||
<?php
|
||||
return [
|
||||
'admin' => [
|
||||
'access' => 'Access the administration panel',
|
||||
'configure' => 'Configure the application',
|
||||
'manage-albums' => 'Manage photo albums'
|
||||
],
|
||||
'album' => [
|
||||
'delete' => 'Delete this album',
|
||||
'delete-other-photos' => 'Delete photos owned by other users',
|
||||
|
@ -24,6 +24,7 @@
|
||||
<ul class="nav nav-tabs" role="tablist">
|
||||
@include(Theme::viewName('partials.tab'), ['active_tab' => 'details', 'tab_name' => 'details', 'tab_icon' => 'info-circle', 'tab_text' => trans('admin.group_details_tab')])
|
||||
@include(Theme::viewName('partials.tab'), ['active_tab' => 'details', 'tab_name' => 'users', 'tab_icon' => 'users', 'tab_text' => trans('admin.group_users_tab')])
|
||||
@include(Theme::viewName('partials.tab'), ['active_tab' => 'details', 'tab_name' => 'permissions', 'tab_icon' => 'lock', 'tab_text' => trans('admin.group_permissions_tab')])
|
||||
</ul>
|
||||
|
||||
{{-- Tab panes --}}
|
||||
@ -42,11 +43,6 @@
|
||||
</div>
|
||||
@endif
|
||||
</div>
|
||||
|
||||
<div class="text-right">
|
||||
<a href="{{ route('groups.index') }}" class="btn btn-link">@lang('forms.cancel_action')</a>
|
||||
<button class="btn btn-success" type="submit"><i class="fa fa-fw fa-check"></i> @lang('forms.save_action')</button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
@ -65,8 +61,35 @@
|
||||
<div><a class="btn btn-secondary" href="{{ route('users.index') }}">@lang('admin.users_title')</a></div>
|
||||
@endif
|
||||
</div>
|
||||
|
||||
{{-- Permissions --}}
|
||||
<div role="tabpanel" class="tab-pane" id="permissions-tab">
|
||||
@php
|
||||
$callback = [$group, 'hasAdminPermission'];
|
||||
$callback_object = $group;
|
||||
$key_id = 'group_' . $group->id;
|
||||
$object_id = $group->id
|
||||
@endphp
|
||||
|
||||
@include(Theme::viewName('partials.permission_checkbox'), [
|
||||
'permission' => Theme::getPermission($all_permissions, 'admin', 'access')
|
||||
])
|
||||
|
||||
@include(Theme::viewName('partials.permission_checkbox'), [
|
||||
'permission' => Theme::getPermission($all_permissions, 'admin', 'configure')
|
||||
])
|
||||
|
||||
@include(Theme::viewName('partials.permission_checkbox'), [
|
||||
'permission' => Theme::getPermission($all_permissions, 'admin', 'manage-albums')
|
||||
])
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="text-right mt-3">
|
||||
<a href="{{ route('groups.index') }}" class="btn btn-link">@lang('forms.cancel_action')</a>
|
||||
<button class="btn btn-success" type="submit"><i class="fa fa-fw fa-check"></i> @lang('forms.save_action')</button>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -1,6 +1,8 @@
|
||||
<div class="card admin-sidebar-card">
|
||||
@can('admin:manage-albums')
|
||||
<div class="card admin-sidebar-card">
|
||||
<div class="card-header">@lang('admin.actions_widget.panel_header')</div>
|
||||
<div class="card-block">
|
||||
<a class="btn btn-link" href="{{ route('albums.create') }}"><i class="fa fa-fw fa-plus"></i> @lang('admin.actions_widget.create_album_link')</a>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
@endcan
|
@ -1,12 +1,15 @@
|
||||
<div class="card admin-sidebar-card">
|
||||
<div class="card-header">@lang('admin.manage_widget.panel_header')</div>
|
||||
<div class="card-block">
|
||||
@can('admin:manage-albums')
|
||||
<a class="btn btn-link" href="{{ route('albums.index') }}"><i class="fa fa-fw fa-picture-o"></i> @lang('navigation.breadcrumb.albums')</a>
|
||||
@endcan
|
||||
|
||||
@can('admin-access')
|
||||
<a class="btn btn-link" href="{{ route('users.index') }}"><i class="fa fa-fw fa-user"></i> @lang('navigation.breadcrumb.users')</a>
|
||||
<a class="btn btn-link" href="{{ route('groups.index') }}"><i class="fa fa-fw fa-users"></i> @lang('navigation.breadcrumb.groups')</a>
|
||||
<a class="btn btn-link" href="{{ route('storage.index') }}"><i class="fa fa-fw fa-folder"></i> @lang('navigation.breadcrumb.storage')</a>
|
||||
|
||||
@can('admin:configure')
|
||||
<a class="btn btn-link" href="{{ route('admin.settings') }}"><i class="fa fa-fw fa-cog"></i> @lang('navigation.breadcrumb.settings')</a>
|
||||
@endcan
|
||||
</div>
|
||||
|
@ -3,7 +3,7 @@
|
||||
<div class="card-block">
|
||||
<b>{{ $album_count }}</b> {{ trans_choice('admin.stats_widget.albums', $album_count) }}<br/>
|
||||
<b>{{ $photo_count }}</b> {{ trans_choice('admin.stats_widget.photos', $photo_count) }}
|
||||
@can('admin-access')
|
||||
@can('admin:access')
|
||||
<br/>
|
||||
<b>{{ $user_count }}</b> {{ trans_choice('admin.stats_widget.users', $user_count) }} / <b>{{ $group_count }}</b> {{ trans_choice('admin.stats_widget.groups', $group_count) }}
|
||||
@endcan
|
||||
|
@ -19,7 +19,7 @@
|
||||
</li>
|
||||
@endif
|
||||
|
||||
@if (!Auth::guest() && (Auth::user()->can('admin-access') || Auth::user()->can('admin-create-albums')))
|
||||
@if (!Auth::guest() && (Auth::user()->can('admin:access')))
|
||||
<li class="nav-item">
|
||||
<a class="nav-link" href="{{ route('admin') }}"><i class="fa fa-fw fa-cog"></i> @lang('navigation.navbar.admin')</a>
|
||||
</li>
|
||||
|
Loading…
Reference in New Issue
Block a user