#3: Added more fine-grained permissions to the album permissions tab ready to implement
This commit is contained in:
parent
4b405c93c2
commit
5e9229da16
@ -417,7 +417,7 @@ class AlbumController extends Controller
|
||||
* @param $id
|
||||
* @return Album
|
||||
*/
|
||||
private function loadAlbum($id)
|
||||
private function loadAlbum($id, $permission = 'edit')
|
||||
{
|
||||
$album = Album::where('id', intval($id))->first();
|
||||
if (is_null($album))
|
||||
@ -425,7 +425,7 @@ class AlbumController extends Controller
|
||||
App::abort(404);
|
||||
return null;
|
||||
}
|
||||
else if (!Auth::user()->can('edit', $album))
|
||||
else if (!Auth::user()->can($permission, $album))
|
||||
{
|
||||
App::abort(403);
|
||||
return null;
|
||||
|
@ -27,12 +27,60 @@ class PermissionsSeeder extends Seeder
|
||||
'sort_order' => 20
|
||||
]);
|
||||
|
||||
// album:edit = controls if the album is visible and can be edited in the admin panel
|
||||
// album:edit = controls if the album can be edited in the admin panel
|
||||
DatabaseSeeder::createOrUpdate('permissions', [
|
||||
'section' => 'album',
|
||||
'description' => 'edit',
|
||||
'is_default' => true,
|
||||
'sort_order' => 10
|
||||
]);
|
||||
|
||||
// album:delete = controls if the album can be deleted from the admin panel
|
||||
DatabaseSeeder::createOrUpdate('permissions', [
|
||||
'section' => 'album',
|
||||
'description' => 'delete',
|
||||
'is_default' => true,
|
||||
'sort_order' => 20
|
||||
]);
|
||||
|
||||
// album:upload-photos = controls if photos can be uploaded into the album
|
||||
DatabaseSeeder::createOrUpdate('permissions', [
|
||||
'section' => 'album',
|
||||
'description' => 'upload-photos',
|
||||
'is_default' => true,
|
||||
'sort_order' => 30
|
||||
]);
|
||||
|
||||
// album:edit-own-photos = controls if existing photos, owned by the current user, in the album can be edited
|
||||
DatabaseSeeder::createOrUpdate('permissions', [
|
||||
'section' => 'album',
|
||||
'description' => 'edit-own-photos',
|
||||
'is_default' => true,
|
||||
'sort_order' => 40
|
||||
]);
|
||||
|
||||
// album:edit-other-photos = controls if existing photos, owned by other users, in the album can be edited
|
||||
DatabaseSeeder::createOrUpdate('permissions', [
|
||||
'section' => 'album',
|
||||
'description' => 'edit-other-photos',
|
||||
'is_default' => true,
|
||||
'sort_order' => 50
|
||||
]);
|
||||
|
||||
// album:delete-own-photos = controls if existing photos, owned by the current user, in the album can be deleted
|
||||
DatabaseSeeder::createOrUpdate('permissions', [
|
||||
'section' => 'album',
|
||||
'description' => 'delete-own-photos',
|
||||
'is_default' => true,
|
||||
'sort_order' => 60
|
||||
]);
|
||||
|
||||
// album:delete-other-photos = controls if existing photos, owned by other users, in the album can be deleted
|
||||
DatabaseSeeder::createOrUpdate('permissions', [
|
||||
'section' => 'album',
|
||||
'description' => 'delete-other-photos',
|
||||
'is_default' => true,
|
||||
'sort_order' => 70
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
@ -1,8 +1,14 @@
|
||||
<?php
|
||||
return [
|
||||
'album' => [
|
||||
'delete' => 'Delete this album',
|
||||
'delete-other-photos' => 'Delete photos owned by other users',
|
||||
'delete-own-photos' => 'Delete user\'s own photos',
|
||||
'edit' => 'Manage this album',
|
||||
'edit-other-photos' => 'Edit photos owned by other users',
|
||||
'edit-own-photos' => 'Edit user\'s own photos',
|
||||
'list' => 'See this album in listings',
|
||||
'upload-photos' => 'Upload photos into this album',
|
||||
'view' => 'Access this album'
|
||||
]
|
||||
];
|
@ -50,6 +50,8 @@
|
||||
<td class="text-right">
|
||||
@can('edit', $album)
|
||||
<a href="{{ route('albums.edit', ['id' => $album->id]) }}" class="btn btn-default">@lang('forms.edit_action')</a>
|
||||
@endcan
|
||||
@can('delete', $album)
|
||||
<a href="{{ route('albums.delete', ['id' => $album->id]) }}" class="btn btn-danger">@lang('forms.delete_action')</a>
|
||||
@endcan
|
||||
</td>
|
||||
|
@ -9,6 +9,9 @@
|
||||
<p style="margin-bottom: 20px;"><a class="select-all" href="#">Select All</a> · <a class="select-none" href="">Select None</a></p>
|
||||
|
||||
@foreach ($all_permissions as $permission)
|
||||
@if ($object_id == 'anonymous' && $permission->section == 'album' && $permission->description != 'list' && $permission->description != 'view')
|
||||
@continue
|
||||
@endif
|
||||
<div class="checkbox">
|
||||
<label for="permission|{{ $key_id }}|{{ $permission->id }}">
|
||||
<input id="permission|{{ $key_id }}|{{ $permission->id }}" name="permissions[{{ $object_id }}][]" value="{{ $permission->id }}" type="checkbox"{{ call_user_func($callback, $callback_object, $permission) ? ' checked="checked"' : '' }} /> {{ trans(sprintf('permissions.%s.%s', $permission->section, $permission->description)) }}
|
||||
|
Loading…
Reference in New Issue
Block a user