#3: Implemented more fine-grained permissions into the admin portal
This commit is contained in:
parent
fd19c9db55
commit
4b405c93c2
@ -425,6 +425,11 @@ class AlbumController extends Controller
|
||||
App::abort(404);
|
||||
return null;
|
||||
}
|
||||
else if (!Auth::user()->can('edit', $album))
|
||||
{
|
||||
App::abort(403);
|
||||
return null;
|
||||
}
|
||||
|
||||
return $album;
|
||||
}
|
||||
|
@ -44,7 +44,6 @@ class GlobalConfiguration
|
||||
// When running migrations, CLI tasks or the installer, don't need to add things to the view
|
||||
if (php_sapi_name() != 'cli')
|
||||
{
|
||||
$this->addLicenseInfoToView();
|
||||
$this->addThemeInfoToView();
|
||||
$this->addAlbumsToView();
|
||||
}
|
||||
@ -61,21 +60,6 @@ class GlobalConfiguration
|
||||
View::share('albums', $albums);
|
||||
}
|
||||
|
||||
private function addLicenseInfoToView()
|
||||
{
|
||||
$licenseName = null;
|
||||
$licenseNo = null;
|
||||
|
||||
if (function_exists('sg_get_const'))
|
||||
{
|
||||
$licenseName = sg_get_const('lic_name');
|
||||
$licenseNo = sg_get_const('lic_num');
|
||||
}
|
||||
|
||||
View::share('license_name', strlen($licenseName) == 0 ? '**UNLICENSED**' : $licenseName);
|
||||
View::share('license_no', strlen($licenseNo) == 0 ? '0' : $licenseNo);
|
||||
}
|
||||
|
||||
private function addThemeInfoToView()
|
||||
{
|
||||
$themeInfo = Theme::info();
|
||||
|
@ -5,6 +5,7 @@ namespace App\Providers;
|
||||
use App\Album;
|
||||
use App\Facade\UserConfig;
|
||||
use App\Photo;
|
||||
use App\Policies\AlbumPolicy;
|
||||
use Illuminate\Support\Facades\Gate;
|
||||
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
|
||||
|
||||
@ -16,7 +17,7 @@ class AuthServiceProvider extends ServiceProvider
|
||||
* @var array
|
||||
*/
|
||||
protected $policies = [
|
||||
'App\Model' => 'App\Policies\ModelPolicy',
|
||||
Album::class => AlbumPolicy::class
|
||||
];
|
||||
|
||||
/**
|
||||
@ -28,10 +29,6 @@ class AuthServiceProvider extends ServiceProvider
|
||||
{
|
||||
$this->registerPolicies();
|
||||
|
||||
Gate::define('album.view', function ($user, Album $album)
|
||||
{
|
||||
return (!$album->is_private || $album->user_id == $user->id);
|
||||
});
|
||||
Gate::define('admin-access', function ($user)
|
||||
{
|
||||
return $user->is_admin;
|
||||
|
@ -11,10 +11,10 @@ class PermissionsSeeder extends Seeder
|
||||
*/
|
||||
public function run()
|
||||
{
|
||||
// album:list-gallery = controls if the album is visible in the gallery
|
||||
// album:list = controls if the album is visible in listings
|
||||
DatabaseSeeder::createOrUpdate('permissions', [
|
||||
'section' => 'album',
|
||||
'description' => 'list-gallery',
|
||||
'description' => 'list',
|
||||
'is_default' => true,
|
||||
'sort_order' => 0
|
||||
]);
|
||||
|
@ -1,7 +1,8 @@
|
||||
<?php
|
||||
return [
|
||||
'album' => [
|
||||
'list-gallery' => 'See this album in the gallery index',
|
||||
'view' => 'Access this gallery'
|
||||
'edit' => 'Manage this album',
|
||||
'list' => 'See this album in listings',
|
||||
'view' => 'Access this album'
|
||||
]
|
||||
];
|
@ -36,13 +36,22 @@
|
||||
@foreach ($albums as $album)
|
||||
<tr>
|
||||
<td>
|
||||
<span style="font-size: 1.3em;"><a href="{{ route('albums.show', ['id' => $album->id]) }}">{{ $album->name }}</a>@if ($album->is_private) <i class="fa fa-fw fa-lock"></i>@endif</span><br/>
|
||||
<span style="font-size: 1.3em;">
|
||||
@can('edit', $album)
|
||||
<a href="{{ route('albums.show', ['id' => $album->id]) }}">{{ $album->name }}</a>
|
||||
@endcan
|
||||
@cannot('edit', $album)
|
||||
{{ $album->name }} <i class="fa fa-fw fa-lock"></i>
|
||||
@endcannot
|
||||
</span><br/>
|
||||
<p>{{ $album->description }}</p>
|
||||
<p style="margin-bottom: 0;"><b>{{ $album->photos_count }}</b> {{ trans_choice('admin.stats_widget.photos', $album->photos_count) }}</p>
|
||||
</td>
|
||||
<td class="text-right">
|
||||
@can('edit', $album)
|
||||
<a href="{{ route('albums.edit', ['id' => $album->id]) }}" class="btn btn-default">@lang('forms.edit_action')</a>
|
||||
<a href="{{ route('albums.delete', ['id' => $album->id]) }}" class="btn btn-danger">@lang('forms.delete_action')</a>
|
||||
@endcan
|
||||
</td>
|
||||
</tr>
|
||||
@endforeach
|
||||
|
Loading…
Reference in New Issue
Block a user