#3: Implemented more fine-grained permissions into the admin portal

2017-03-21 22:10:36 +00:00 · 2017-03-21 22:10:36 +00:00 · 4b405c93c2
parent fd19c9db55
commit 4b405c93c2
6 changed files with 24 additions and 28 deletions
--- a/app/Http/Controllers/Admin/AlbumController.php
+++ b/app/Http/Controllers/Admin/AlbumController.php
@ -425,6 +425,11 @@ class AlbumController extends Controller
            App::abort(404);
            return null;
        }
+        else if (!Auth::user()->can('edit', $album))
+        {
+            App::abort(403);
+            return null;
+        }

        return $album;
    }
--- a/app/Http/Middleware/GlobalConfiguration.php
+++ b/app/Http/Middleware/GlobalConfiguration.php
@ -44,7 +44,6 @@ class GlobalConfiguration
        // When running migrations, CLI tasks or the installer, don't need to add things to the view
        if (php_sapi_name() != 'cli')
        {
-            $this->addLicenseInfoToView();
            $this->addThemeInfoToView();
            $this->addAlbumsToView();
        }
@ -61,21 +60,6 @@ class GlobalConfiguration
        View::share('albums', $albums);
    }

-    private function addLicenseInfoToView()
-    {
-        $licenseName = null;
-        $licenseNo = null;
-
-        if (function_exists('sg_get_const'))
-        {
-            $licenseName = sg_get_const('lic_name');
-            $licenseNo = sg_get_const('lic_num');
-        }
-
-        View::share('license_name', strlen($licenseName) == 0 ? '**UNLICENSED**' : $licenseName);
-        View::share('license_no', strlen($licenseNo) == 0 ? '0' : $licenseNo);
-    }
-
    private function addThemeInfoToView()
    {
        $themeInfo = Theme::info();
--- a/app/Providers/AuthServiceProvider.php
+++ b/app/Providers/AuthServiceProvider.php
@ -5,6 +5,7 @@ namespace App\Providers;
 use App\Album;
 use App\Facade\UserConfig;
 use App\Photo;
+use App\Policies\AlbumPolicy;
 use Illuminate\Support\Facades\Gate;
 use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;

@ -16,7 +17,7 @@ class AuthServiceProvider extends ServiceProvider
     * @var array
     */
    protected $policies = [
-        'App\Model' => 'App\Policies\ModelPolicy',
+        Album::class => AlbumPolicy::class
    ];

    /**
@ -28,10 +29,6 @@ class AuthServiceProvider extends ServiceProvider
    {
        $this->registerPolicies();

-        Gate::define('album.view', function ($user, Album $album)
-        {
-            return (!$album->is_private || $album->user_id == $user->id);
-        });
        Gate::define('admin-access', function ($user)
        {
            return $user->is_admin;
--- a/database/seeds/PermissionsSeeder.php
+++ b/database/seeds/PermissionsSeeder.php
@ -11,10 +11,10 @@ class PermissionsSeeder extends Seeder
     */
    public function run()
    {
-        // album:list-gallery = controls if the album is visible in the gallery
+        // album:list = controls if the album is visible in listings
        DatabaseSeeder::createOrUpdate('permissions', [
            'section' => 'album',
-            'description' => 'list-gallery',
+            'description' => 'list',
            'is_default' => true,
            'sort_order' => 0
        ]);
--- a/resources/lang/en/permissions.php
+++ b/resources/lang/en/permissions.php
@ -1,7 +1,8 @@
 <?php
 return [
    'album' => [
-        'list-gallery' => 'See this album in the gallery index',
-        'view' => 'Access this gallery'
+        'edit' => 'Manage this album',
+        'list' => 'See this album in listings',
+        'view' => 'Access this album'
    ]
 ];
--- a/resources/views/themes/base/admin/list_albums.blade.php
+++ b/resources/views/themes/base/admin/list_albums.blade.php
@ -36,13 +36,22 @@
                            @foreach ($albums as $album)
                            <tr>
                                <td>
-                                    <span style="font-size: 1.3em;"><a href="{{ route('albums.show', ['id' => $album->id]) }}">{{ $album->name }}</a>@if ($album->is_private) <i class="fa fa-fw fa-lock"></i>@endif</span><br/>
+                                    <span style="font-size: 1.3em;">
+                                        @can('edit', $album)
+                                            <a href="{{ route('albums.show', ['id' => $album->id]) }}">{{ $album->name }}</a>
+                                        @endcan
+                                        @cannot('edit', $album)
+                                            {{ $album->name }} <i class="fa fa-fw fa-lock"></i>
+                                        @endcannot
+                                    </span><br/>
                                    <p>{{ $album->description }}</p>
                                    <p style="margin-bottom: 0;"><b>{{ $album->photos_count }}</b> {{ trans_choice('admin.stats_widget.photos', $album->photos_count) }}</p>
                                </td>
                                <td class="text-right">
-                                    <a href="{{ route('albums.edit', ['id' => $album->id]) }}" class="btn btn-default">@lang('forms.edit_action')</a>
-                                    <a href="{{ route('albums.delete', ['id' => $album->id]) }}" class="btn btn-danger">@lang('forms.delete_action')</a>
+                                    @can('edit', $album)
+                                        <a href="{{ route('albums.edit', ['id' => $album->id]) }}" class="btn btn-default">@lang('forms.edit_action')</a>
+                                        <a href="{{ route('albums.delete', ['id' => $album->id]) }}" class="btn btn-danger">@lang('forms.delete_action')</a>
+                                    @endcan
                                </td>
                            </tr>
                            @endforeach