#3: Added more fine-grained permissions to the album permissions tab ready to implement

This commit is contained in:
Andy Heathershaw 2017-03-21 22:18:29 +00:00
parent 4b405c93c2
commit 5e9229da16
5 changed files with 62 additions and 3 deletions

View File

@ -417,7 +417,7 @@ class AlbumController extends Controller
* @param $id
* @return Album
*/
private function loadAlbum($id)
private function loadAlbum($id, $permission = 'edit')
{
$album = Album::where('id', intval($id))->first();
if (is_null($album))
@ -425,7 +425,7 @@ class AlbumController extends Controller
App::abort(404);
return null;
}
else if (!Auth::user()->can('edit', $album))
else if (!Auth::user()->can($permission, $album))
{
App::abort(403);
return null;

View File

@ -27,12 +27,60 @@ class PermissionsSeeder extends Seeder
'sort_order' => 20
]);
// album:edit = controls if the album is visible and can be edited in the admin panel
// album:edit = controls if the album can be edited in the admin panel
DatabaseSeeder::createOrUpdate('permissions', [
'section' => 'album',
'description' => 'edit',
'is_default' => true,
'sort_order' => 10
]);
// album:delete = controls if the album can be deleted from the admin panel
DatabaseSeeder::createOrUpdate('permissions', [
'section' => 'album',
'description' => 'delete',
'is_default' => true,
'sort_order' => 20
]);
// album:upload-photos = controls if photos can be uploaded into the album
DatabaseSeeder::createOrUpdate('permissions', [
'section' => 'album',
'description' => 'upload-photos',
'is_default' => true,
'sort_order' => 30
]);
// album:edit-own-photos = controls if existing photos, owned by the current user, in the album can be edited
DatabaseSeeder::createOrUpdate('permissions', [
'section' => 'album',
'description' => 'edit-own-photos',
'is_default' => true,
'sort_order' => 40
]);
// album:edit-other-photos = controls if existing photos, owned by other users, in the album can be edited
DatabaseSeeder::createOrUpdate('permissions', [
'section' => 'album',
'description' => 'edit-other-photos',
'is_default' => true,
'sort_order' => 50
]);
// album:delete-own-photos = controls if existing photos, owned by the current user, in the album can be deleted
DatabaseSeeder::createOrUpdate('permissions', [
'section' => 'album',
'description' => 'delete-own-photos',
'is_default' => true,
'sort_order' => 60
]);
// album:delete-other-photos = controls if existing photos, owned by other users, in the album can be deleted
DatabaseSeeder::createOrUpdate('permissions', [
'section' => 'album',
'description' => 'delete-other-photos',
'is_default' => true,
'sort_order' => 70
]);
}
}

View File

@ -1,8 +1,14 @@
<?php
return [
'album' => [
'delete' => 'Delete this album',
'delete-other-photos' => 'Delete photos owned by other users',
'delete-own-photos' => 'Delete user\'s own photos',
'edit' => 'Manage this album',
'edit-other-photos' => 'Edit photos owned by other users',
'edit-own-photos' => 'Edit user\'s own photos',
'list' => 'See this album in listings',
'upload-photos' => 'Upload photos into this album',
'view' => 'Access this album'
]
];

View File

@ -50,6 +50,8 @@
<td class="text-right">
@can('edit', $album)
<a href="{{ route('albums.edit', ['id' => $album->id]) }}" class="btn btn-default">@lang('forms.edit_action')</a>
@endcan
@can('delete', $album)
<a href="{{ route('albums.delete', ['id' => $album->id]) }}" class="btn btn-danger">@lang('forms.delete_action')</a>
@endcan
</td>

View File

@ -9,6 +9,9 @@
<p style="margin-bottom: 20px;"><a class="select-all" href="#">Select All</a> &middot; <a class="select-none" href="">Select None</a></p>
@foreach ($all_permissions as $permission)
@if ($object_id == 'anonymous' && $permission->section == 'album' && $permission->description != 'list' && $permission->description != 'view')
@continue
@endif
<div class="checkbox">
<label for="permission|{{ $key_id }}|{{ $permission->id }}">
<input id="permission|{{ $key_id }}|{{ $permission->id }}" name="permissions[{{ $object_id }}][]" value="{{ $permission->id }}" type="checkbox"{{ call_user_func($callback, $callback_object, $permission) ? ' checked="checked"' : '' }} /> {{ trans(sprintf('permissions.%s.%s', $permission->section, $permission->description)) }}