aheathershaw/blue-twilight
1
0
Fork 0
Code Issues 32 Pull Requests Releases 15 Wiki Activity

#3: Added more fine-grained permissions to the album permissions tab ready to implement

Browse Source
This commit is contained in:
Andy Heathershaw 2017-03-21 22:18:29 +00:00
parent 4b405c93c2
commit 5e9229da16
5 changed files with 62 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Http/Controllers/Admin/AlbumController.php
View File

@ -417,7 +417,7 @@ class AlbumController extends Controller
* @param $id * @param $id
* @return Album * @return Album
*/ */
private function loadAlbum($id) private function loadAlbum($id, $permission = 'edit')
{ {
$album = Album::where('id', intval($id))->first(); $album = Album::where('id', intval($id))->first();
if (is_null($album)) if (is_null($album))
@ -425,7 +425,7 @@ class AlbumController extends Controller
App::abort(404); App::abort(404);
return null; return null;
} }
else if (!Auth::user()->can('edit', $album)) else if (!Auth::user()->can($permission, $album))
{ {
App::abort(403); App::abort(403);
return null; return null;

50
database/seeds/PermissionsSeeder.php
View File

@ -27,12 +27,60 @@ class PermissionsSeeder extends Seeder
'sort_order' => 20 'sort_order' => 20
]); ]);
// album:edit = controls if the album is visible and can be edited in the admin panel // album:edit = controls if the album can be edited in the admin panel
DatabaseSeeder::createOrUpdate('permissions', [ DatabaseSeeder::createOrUpdate('permissions', [
'section' => 'album', 'section' => 'album',
'description' => 'edit', 'description' => 'edit',
'is_default' => true, 'is_default' => true,
'sort_order' => 10 'sort_order' => 10
]); ]);
// album:delete = controls if the album can be deleted from the admin panel
DatabaseSeeder::createOrUpdate('permissions', [
'section' => 'album',
'description' => 'delete',
'is_default' => true,
'sort_order' => 20
]);
// album:upload-photos = controls if photos can be uploaded into the album
DatabaseSeeder::createOrUpdate('permissions', [
'section' => 'album',
'description' => 'upload-photos',
'is_default' => true,
'sort_order' => 30
]);
// album:edit-own-photos = controls if existing photos, owned by the current user, in the album can be edited
DatabaseSeeder::createOrUpdate('permissions', [
'section' => 'album',
'description' => 'edit-own-photos',
'is_default' => true,
'sort_order' => 40
]);
// album:edit-other-photos = controls if existing photos, owned by other users, in the album can be edited
DatabaseSeeder::createOrUpdate('permissions', [
'section' => 'album',
'description' => 'edit-other-photos',
'is_default' => true,
'sort_order' => 50
]);
// album:delete-own-photos = controls if existing photos, owned by the current user, in the album can be deleted
DatabaseSeeder::createOrUpdate('permissions', [
'section' => 'album',
'description' => 'delete-own-photos',
'is_default' => true,
'sort_order' => 60
]);
// album:delete-other-photos = controls if existing photos, owned by other users, in the album can be deleted
DatabaseSeeder::createOrUpdate('permissions', [
'section' => 'album',
'description' => 'delete-other-photos',
'is_default' => true,
'sort_order' => 70
]);
} }
} }

6
resources/lang/en/permissions.php
View File

@ -1,8 +1,14 @@
<?php <?php
return [ return [
'album' => [ 'album' => [
'delete' => 'Delete this album',
'delete-other-photos' => 'Delete photos owned by other users',
'delete-own-photos' => 'Delete user\'s own photos',
'edit' => 'Manage this album', 'edit' => 'Manage this album',
'edit-other-photos' => 'Edit photos owned by other users',
'edit-own-photos' => 'Edit user\'s own photos',
'list' => 'See this album in listings', 'list' => 'See this album in listings',
'upload-photos' => 'Upload photos into this album',
'view' => 'Access this album' 'view' => 'Access this album'
] ]
]; ];

2
resources/views/themes/base/admin/list_albums.blade.php
View File

@ -50,6 +50,8 @@
<td class="text-right"> <td class="text-right">
@can('edit', $album) @can('edit', $album)
<a href="{{ route('albums.edit', ['id' => $album->id]) }}" class="btn btn-default">@lang('forms.edit_action')</a> <a href="{{ route('albums.edit', ['id' => $album->id]) }}" class="btn btn-default">@lang('forms.edit_action')</a>
@endcan
@can('delete', $album)
<a href="{{ route('albums.delete', ['id' => $album->id]) }}" class="btn btn-danger">@lang('forms.delete_action')</a> <a href="{{ route('albums.delete', ['id' => $album->id]) }}" class="btn btn-danger">@lang('forms.delete_action')</a>
@endcan @endcan
</td> </td>

3
resources/views/themes/base/partials/album_permissions.blade.php
View File

@ -9,6 +9,9 @@
<p style="margin-bottom: 20px;"><a class="select-all" href="#">Select All</a> &middot; <a class="select-none" href="">Select None</a></p> <p style="margin-bottom: 20px;"><a class="select-all" href="#">Select All</a> &middot; <a class="select-none" href="">Select None</a></p>
@foreach ($all_permissions as $permission) @foreach ($all_permissions as $permission)
@if ($object_id == 'anonymous' && $permission->section == 'album' && $permission->description != 'list' && $permission->description != 'view')
@continue
@endif
<div class="checkbox"> <div class="checkbox">
<label for="permission|{{ $key_id }}|{{ $permission->id }}"> <label for="permission|{{ $key_id }}|{{ $permission->id }}">
<input id="permission|{{ $key_id }}|{{ $permission->id }}" name="permissions[{{ $object_id }}][]" value="{{ $permission->id }}" type="checkbox"{{ call_user_func($callback, $callback_object, $permission) ? ' checked="checked"' : '' }} /> {{ trans(sprintf('permissions.%s.%s', $permission->section, $permission->description)) }} <input id="permission|{{ $key_id }}|{{ $permission->id }}" name="permissions[{{ $object_id }}][]" value="{{ $permission->id }}" type="checkbox"{{ call_user_func($callback, $callback_object, $permission) ? ' checked="checked"' : '' }} /> {{ trans(sprintf('permissions.%s.%s', $permission->section, $permission->description)) }}