#3: Implemented admin security for groups, users and storage locations
This commit is contained in:
Andy Heathershaw
parent
2ef01cc23c
commit
8473eb4a05
|
|
@ -27,7 +27,7 @@ class GroupController extends Controller
|
|||
*/
|
||||
public function create()
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-groups');
|
||||
|
||||
return Theme::render('admin.create_group');
|
||||
}
|
||||
|
|
@ -53,7 +53,7 @@ class GroupController extends Controller
|
|||
*/
|
||||
public function destroy(Request $request, $id)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-groups');
|
||||
|
||||
/** @var Group $group */
|
||||
$group = Group::where('id', intval($id))->first();
|
||||
|
|
@ -88,7 +88,7 @@ class GroupController extends Controller
|
|||
*/
|
||||
public function edit(Request $request, $id)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-groups');
|
||||
|
||||
$group = Group::where('id', intval($id))->first();
|
||||
if (is_null($group))
|
||||
|
|
@ -114,7 +114,7 @@ class GroupController extends Controller
|
|||
*/
|
||||
public function index(Request $request)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-groups');
|
||||
|
||||
$groups = Group::orderBy('name')
|
||||
->paginate(UserConfig::get('items_per_page'));
|
||||
|
|
@ -135,7 +135,7 @@ class GroupController extends Controller
|
|||
*/
|
||||
public function store(StoreGroupRequest $request)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-groups');
|
||||
|
||||
$group = new Group();
|
||||
$group->fill($request->only(['name']));
|
||||
|
|
@ -153,7 +153,7 @@ class GroupController extends Controller
|
|||
*/
|
||||
public function update(StoreGroupRequest $request, $id)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-groups');
|
||||
|
||||
/** @var Group $group */
|
||||
$group = Group::where('id', intval($id))->first();
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ class StorageController extends Controller
|
|||
*/
|
||||
public function index(Request $request)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-storage');
|
||||
|
||||
$storageLocations = Storage::orderBy('name')
|
||||
->paginate(UserConfig::get('items_per_page'));
|
||||
|
|
@ -53,7 +53,7 @@ class StorageController extends Controller
|
|||
*/
|
||||
public function create(Request $request)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-storage');
|
||||
|
||||
$filesystemDefaultLocation = sprintf('%s/storage/app/albums', dirname(dirname(dirname(dirname(__DIR__)))));
|
||||
|
||||
|
|
@ -72,7 +72,7 @@ class StorageController extends Controller
|
|||
*/
|
||||
public function store(Requests\StoreStorageRequest $request)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-storage');
|
||||
|
||||
$storage = new Storage();
|
||||
$storage->fill($request->only([
|
||||
|
|
@ -136,7 +136,7 @@ class StorageController extends Controller
|
|||
*/
|
||||
public function delete(Request $request, $id)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-storage');
|
||||
|
||||
$storage = Storage::where('id', intval($id))->first();
|
||||
if (is_null($storage))
|
||||
|
|
@ -169,7 +169,7 @@ class StorageController extends Controller
|
|||
*/
|
||||
public function edit(Request $request, $id)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-storage');
|
||||
|
||||
/** @var Storage $storage */
|
||||
$storage = Storage::where('id', intval($id))->first();
|
||||
|
|
@ -203,7 +203,7 @@ class StorageController extends Controller
|
|||
*/
|
||||
public function update(Requests\StoreStorageRequest $request, $id)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-storage');
|
||||
|
||||
$storage = Storage::where('id', intval($id))->first();
|
||||
if (is_null($storage))
|
||||
|
|
@ -258,7 +258,7 @@ class StorageController extends Controller
|
|||
*/
|
||||
public function destroy(Request $request, $id)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-storage');
|
||||
|
||||
$storage = Storage::where('id', intval($id))->first();
|
||||
if (is_null($storage))
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ class UserController extends Controller
|
|||
|
||||
public function delete(Request $request, $id)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-users');
|
||||
|
||||
$user = User::where('id', intval($id))->first();
|
||||
if (is_null($user))
|
||||
|
|
@ -48,7 +48,7 @@ class UserController extends Controller
|
|||
*/
|
||||
public function index(Request $request)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-users');
|
||||
|
||||
$users = User::orderBy('name')
|
||||
->paginate(UserConfig::get('items_per_page'));
|
||||
|
|
@ -68,7 +68,7 @@ class UserController extends Controller
|
|||
*/
|
||||
public function create()
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-users');
|
||||
|
||||
return Theme::render('admin.create_user');
|
||||
}
|
||||
|
|
@ -81,7 +81,7 @@ class UserController extends Controller
|
|||
*/
|
||||
public function store(Requests\StoreUserRequest $request)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-users');
|
||||
|
||||
$user = new User();
|
||||
$user->fill($request->only(['name', 'email', 'password']));
|
||||
|
|
@ -113,7 +113,7 @@ class UserController extends Controller
|
|||
*/
|
||||
public function edit(Request $request, $id)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-users');
|
||||
|
||||
$user = User::where('id', intval($id))->first();
|
||||
if (is_null($user))
|
||||
|
|
@ -145,7 +145,7 @@ class UserController extends Controller
|
|||
*/
|
||||
public function update(Requests\StoreUserRequest $request, $id)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-users');
|
||||
|
||||
$user = User::where('id', intval($id))->first();
|
||||
if (is_null($user))
|
||||
|
|
@ -214,7 +214,7 @@ class UserController extends Controller
|
|||
*/
|
||||
public function destroy(Request $request, $id)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-users');
|
||||
|
||||
/** @var User $user */
|
||||
$user = User::where('id', intval($id))->first();
|
||||
|
|
@ -255,7 +255,7 @@ class UserController extends Controller
|
|||
*/
|
||||
public function searchJson(Request $request)
|
||||
{
|
||||
$this->authorizeAccessToAdminPanel();
|
||||
$this->authorizeAccessToAdminPanel('admin:manage-users');
|
||||
|
||||
$limit = intval($request->get('n'));
|
||||
if ($limit == 0)
|
||||
|
|
|
|||
|
|
@ -50,6 +50,18 @@ class AuthServiceProvider extends ServiceProvider
|
|||
{
|
||||
return $this->userHasAdminPermission($user, 'manage-albums');
|
||||
});
|
||||
Gate::define('admin:manage-groups', function ($user)
|
||||
{
|
||||
return $this->userHasAdminPermission($user, 'manage-groups');
|
||||
});
|
||||
Gate::define('admin:manage-storage', function ($user)
|
||||
{
|
||||
return $this->userHasAdminPermission($user, 'manage-storage');
|
||||
});
|
||||
Gate::define('admin:manage-users', function ($user)
|
||||
{
|
||||
return $this->userHasAdminPermission($user, 'manage-users');
|
||||
});
|
||||
|
||||
Gate::define('photo.download_original', function ($user, Photo $photo)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -40,6 +40,30 @@ class PermissionsSeeder extends Seeder
|
|||
'is_default' => false,
|
||||
'sort_order' => 0
|
||||
]);
|
||||
|
||||
// admin:manage-groups = controls if groups can be managed
|
||||
DatabaseSeeder::createOrUpdate('permissions', [
|
||||
'section' => 'admin',
|
||||
'description' => 'manage-groups',
|
||||
'is_default' => false,
|
||||
'sort_order' => 0
|
||||
]);
|
||||
|
||||
// admin:manage-storage = controls if storages can be managed
|
||||
DatabaseSeeder::createOrUpdate('permissions', [
|
||||
'section' => 'admin',
|
||||
'description' => 'manage-storage',
|
||||
'is_default' => false,
|
||||
'sort_order' => 0
|
||||
]);
|
||||
|
||||
// admin:manage-users = controls if users can be managed
|
||||
DatabaseSeeder::createOrUpdate('permissions', [
|
||||
'section' => 'admin',
|
||||
'description' => 'manage-users',
|
||||
'is_default' => false,
|
||||
'sort_order' => 0
|
||||
]);
|
||||
}
|
||||
|
||||
private function seedAlbumPermissions()
|
||||
|
|
|
|||
|
|
@ -3,7 +3,10 @@ return [
|
|||
'admin' => [
|
||||
'access' => 'Access the administration panel',
|
||||
'configure' => 'Configure the application',
|
||||
'manage-albums' => 'Manage photo albums'
|
||||
'manage-albums' => 'Manage photo albums',
|
||||
'manage-groups' => 'Manage user groups',
|
||||
'manage-storage' => 'Manage storage locations',
|
||||
'manage-users' => 'Manage users'
|
||||
],
|
||||
'album' => [
|
||||
'delete' => 'Delete this album',
|
||||
|
|
|
|||
|
|
@ -82,6 +82,18 @@
|
|||
@include(Theme::viewName('partials.permission_checkbox'), [
|
||||
'permission' => Theme::getPermission($all_permissions, 'admin', 'manage-albums')
|
||||
])
|
||||
|
||||
@include(Theme::viewName('partials.permission_checkbox'), [
|
||||
'permission' => Theme::getPermission($all_permissions, 'admin', 'manage-users')
|
||||
])
|
||||
|
||||
@include(Theme::viewName('partials.permission_checkbox'), [
|
||||
'permission' => Theme::getPermission($all_permissions, 'admin', 'manage-groups')
|
||||
])
|
||||
|
||||
@include(Theme::viewName('partials.permission_checkbox'), [
|
||||
'permission' => Theme::getPermission($all_permissions, 'admin', 'manage-storage')
|
||||
])
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -1,16 +1,30 @@
|
|||
<div class="card admin-sidebar-card">
|
||||
<div class="card-header">@lang('admin.manage_widget.panel_header')</div>
|
||||
<div class="card-block">
|
||||
@can('admin:manage-albums')
|
||||
<a class="btn btn-link" href="{{ route('albums.index') }}"><i class="fa fa-fw fa-picture-o"></i> @lang('navigation.breadcrumb.albums')</a>
|
||||
@endcan
|
||||
@php
|
||||
$canConfigure = Auth::user()->can('admin:configure');
|
||||
$canManageAlbums = Auth::user()->can('admin:manage-albums');
|
||||
$canManageGroups = Auth::user()->can('admin:manage-groups');
|
||||
$canManageStorage = Auth::user()->can('admin:manage-storage');
|
||||
$canManageUsers = Auth::user()->can('admin:manage-users');
|
||||
@endphp
|
||||
|
||||
<a class="btn btn-link" href="{{ route('users.index') }}"><i class="fa fa-fw fa-user"></i> @lang('navigation.breadcrumb.users')</a>
|
||||
<a class="btn btn-link" href="{{ route('groups.index') }}"><i class="fa fa-fw fa-users"></i> @lang('navigation.breadcrumb.groups')</a>
|
||||
<a class="btn btn-link" href="{{ route('storage.index') }}"><i class="fa fa-fw fa-folder"></i> @lang('navigation.breadcrumb.storage')</a>
|
||||
|
||||
@can('admin:configure')
|
||||
<a class="btn btn-link" href="{{ route('admin.settings') }}"><i class="fa fa-fw fa-cog"></i> @lang('navigation.breadcrumb.settings')</a>
|
||||
@endcan
|
||||
@if ($canConfigure || $canManageAlbums || $canManageGroups || $canManageStorage || $canManageUsers)
|
||||
<div class="card admin-sidebar-card">
|
||||
<div class="card-header">@lang('admin.manage_widget.panel_header')</div>
|
||||
<div class="card-block">
|
||||
@if ($canManageAlbums)
|
||||
<a class="btn btn-link" href="{{ route('albums.index') }}"><i class="fa fa-fw fa-picture-o"></i> @lang('navigation.breadcrumb.albums')</a>
|
||||
@endif
|
||||
@if ($canManageUsers)
|
||||
<a class="btn btn-link" href="{{ route('users.index') }}"><i class="fa fa-fw fa-user"></i> @lang('navigation.breadcrumb.users')</a>
|
||||
@endif
|
||||
@if ($canManageGroups)
|
||||
<a class="btn btn-link" href="{{ route('groups.index') }}"><i class="fa fa-fw fa-users"></i> @lang('navigation.breadcrumb.groups')</a>
|
||||
@endif
|
||||
@if ($canManageStorage)
|
||||
<a class="btn btn-link" href="{{ route('storage.index') }}"><i class="fa fa-fw fa-folder"></i> @lang('navigation.breadcrumb.storage')</a>
|
||||
@endif
|
||||
@if ($canConfigure)
|
||||
<a class="btn btn-link" href="{{ route('admin.settings') }}"><i class="fa fa-fw fa-cog"></i> @lang('navigation.breadcrumb.settings')</a>
|
||||
@endif
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
@endif
|
||||
Loading…
Reference in New Issue