#3: Implemented more fine-grained permissions into the admin portal

This commit is contained in:
Andy Heathershaw 2017-03-21 22:10:36 +00:00
parent fd19c9db55
commit 4b405c93c2
6 changed files with 24 additions and 28 deletions

View File

@ -425,6 +425,11 @@ class AlbumController extends Controller
App::abort(404); App::abort(404);
return null; return null;
} }
else if (!Auth::user()->can('edit', $album))
{
App::abort(403);
return null;
}
return $album; return $album;
} }

View File

@ -44,7 +44,6 @@ class GlobalConfiguration
// When running migrations, CLI tasks or the installer, don't need to add things to the view // When running migrations, CLI tasks or the installer, don't need to add things to the view
if (php_sapi_name() != 'cli') if (php_sapi_name() != 'cli')
{ {
$this->addLicenseInfoToView();
$this->addThemeInfoToView(); $this->addThemeInfoToView();
$this->addAlbumsToView(); $this->addAlbumsToView();
} }
@ -61,21 +60,6 @@ class GlobalConfiguration
View::share('albums', $albums); View::share('albums', $albums);
} }
private function addLicenseInfoToView()
{
$licenseName = null;
$licenseNo = null;
if (function_exists('sg_get_const'))
{
$licenseName = sg_get_const('lic_name');
$licenseNo = sg_get_const('lic_num');
}
View::share('license_name', strlen($licenseName) == 0 ? '**UNLICENSED**' : $licenseName);
View::share('license_no', strlen($licenseNo) == 0 ? '0' : $licenseNo);
}
private function addThemeInfoToView() private function addThemeInfoToView()
{ {
$themeInfo = Theme::info(); $themeInfo = Theme::info();

View File

@ -5,6 +5,7 @@ namespace App\Providers;
use App\Album; use App\Album;
use App\Facade\UserConfig; use App\Facade\UserConfig;
use App\Photo; use App\Photo;
use App\Policies\AlbumPolicy;
use Illuminate\Support\Facades\Gate; use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider; use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
@ -16,7 +17,7 @@ class AuthServiceProvider extends ServiceProvider
* @var array * @var array
*/ */
protected $policies = [ protected $policies = [
'App\Model' => 'App\Policies\ModelPolicy', Album::class => AlbumPolicy::class
]; ];
/** /**
@ -28,10 +29,6 @@ class AuthServiceProvider extends ServiceProvider
{ {
$this->registerPolicies(); $this->registerPolicies();
Gate::define('album.view', function ($user, Album $album)
{
return (!$album->is_private || $album->user_id == $user->id);
});
Gate::define('admin-access', function ($user) Gate::define('admin-access', function ($user)
{ {
return $user->is_admin; return $user->is_admin;

View File

@ -11,10 +11,10 @@ class PermissionsSeeder extends Seeder
*/ */
public function run() public function run()
{ {
// album:list-gallery = controls if the album is visible in the gallery // album:list = controls if the album is visible in listings
DatabaseSeeder::createOrUpdate('permissions', [ DatabaseSeeder::createOrUpdate('permissions', [
'section' => 'album', 'section' => 'album',
'description' => 'list-gallery', 'description' => 'list',
'is_default' => true, 'is_default' => true,
'sort_order' => 0 'sort_order' => 0
]); ]);

View File

@ -1,7 +1,8 @@
<?php <?php
return [ return [
'album' => [ 'album' => [
'list-gallery' => 'See this album in the gallery index', 'edit' => 'Manage this album',
'view' => 'Access this gallery' 'list' => 'See this album in listings',
'view' => 'Access this album'
] ]
]; ];

View File

@ -36,13 +36,22 @@
@foreach ($albums as $album) @foreach ($albums as $album)
<tr> <tr>
<td> <td>
<span style="font-size: 1.3em;"><a href="{{ route('albums.show', ['id' => $album->id]) }}">{{ $album->name }}</a>@if ($album->is_private) <i class="fa fa-fw fa-lock"></i>@endif</span><br/> <span style="font-size: 1.3em;">
@can('edit', $album)
<a href="{{ route('albums.show', ['id' => $album->id]) }}">{{ $album->name }}</a>
@endcan
@cannot('edit', $album)
{{ $album->name }} <i class="fa fa-fw fa-lock"></i>
@endcannot
</span><br/>
<p>{{ $album->description }}</p> <p>{{ $album->description }}</p>
<p style="margin-bottom: 0;"><b>{{ $album->photos_count }}</b> {{ trans_choice('admin.stats_widget.photos', $album->photos_count) }}</p> <p style="margin-bottom: 0;"><b>{{ $album->photos_count }}</b> {{ trans_choice('admin.stats_widget.photos', $album->photos_count) }}</p>
</td> </td>
<td class="text-right"> <td class="text-right">
@can('edit', $album)
<a href="{{ route('albums.edit', ['id' => $album->id]) }}" class="btn btn-default">@lang('forms.edit_action')</a> <a href="{{ route('albums.edit', ['id' => $album->id]) }}" class="btn btn-default">@lang('forms.edit_action')</a>
<a href="{{ route('albums.delete', ['id' => $album->id]) }}" class="btn btn-danger">@lang('forms.delete_action')</a> <a href="{{ route('albums.delete', ['id' => $album->id]) }}" class="btn btn-danger">@lang('forms.delete_action')</a>
@endcan
</td> </td>
</tr> </tr>
@endforeach @endforeach