diff --git a/app/Http/Controllers/Admin/GroupController.php b/app/Http/Controllers/Admin/GroupController.php index 70fc14c..70a237f 100644 --- a/app/Http/Controllers/Admin/GroupController.php +++ b/app/Http/Controllers/Admin/GroupController.php @@ -27,7 +27,7 @@ class GroupController extends Controller */ public function create() { - $this->authorizeAccessToAdminPanel(); + $this->authorizeAccessToAdminPanel('admin:manage-groups'); return Theme::render('admin.create_group'); } @@ -53,7 +53,7 @@ class GroupController extends Controller */ public function destroy(Request $request, $id) { - $this->authorizeAccessToAdminPanel(); + $this->authorizeAccessToAdminPanel('admin:manage-groups'); /** @var Group $group */ $group = Group::where('id', intval($id))->first(); @@ -88,7 +88,7 @@ class GroupController extends Controller */ public function edit(Request $request, $id) { - $this->authorizeAccessToAdminPanel(); + $this->authorizeAccessToAdminPanel('admin:manage-groups'); $group = Group::where('id', intval($id))->first(); if (is_null($group)) @@ -114,7 +114,7 @@ class GroupController extends Controller */ public function index(Request $request) { - $this->authorizeAccessToAdminPanel(); + $this->authorizeAccessToAdminPanel('admin:manage-groups'); $groups = Group::orderBy('name') ->paginate(UserConfig::get('items_per_page')); @@ -135,7 +135,7 @@ class GroupController extends Controller */ public function store(StoreGroupRequest $request) { - $this->authorizeAccessToAdminPanel(); + $this->authorizeAccessToAdminPanel('admin:manage-groups'); $group = new Group(); $group->fill($request->only(['name'])); @@ -153,7 +153,7 @@ class GroupController extends Controller */ public function update(StoreGroupRequest $request, $id) { - $this->authorizeAccessToAdminPanel(); + $this->authorizeAccessToAdminPanel('admin:manage-groups'); /** @var Group $group */ $group = Group::where('id', intval($id))->first(); diff --git a/app/Http/Controllers/Admin/StorageController.php b/app/Http/Controllers/Admin/StorageController.php index 76d1c3c..33828d6 100644 --- a/app/Http/Controllers/Admin/StorageController.php +++ b/app/Http/Controllers/Admin/StorageController.php @@ -34,7 +34,7 @@ class StorageController extends Controller */ public function index(Request $request) { - $this->authorizeAccessToAdminPanel(); + $this->authorizeAccessToAdminPanel('admin:manage-storage'); $storageLocations = Storage::orderBy('name') ->paginate(UserConfig::get('items_per_page')); @@ -53,7 +53,7 @@ class StorageController extends Controller */ public function create(Request $request) { - $this->authorizeAccessToAdminPanel(); + $this->authorizeAccessToAdminPanel('admin:manage-storage'); $filesystemDefaultLocation = sprintf('%s/storage/app/albums', dirname(dirname(dirname(dirname(__DIR__))))); @@ -72,7 +72,7 @@ class StorageController extends Controller */ public function store(Requests\StoreStorageRequest $request) { - $this->authorizeAccessToAdminPanel(); + $this->authorizeAccessToAdminPanel('admin:manage-storage'); $storage = new Storage(); $storage->fill($request->only([ @@ -136,7 +136,7 @@ class StorageController extends Controller */ public function delete(Request $request, $id) { - $this->authorizeAccessToAdminPanel(); + $this->authorizeAccessToAdminPanel('admin:manage-storage'); $storage = Storage::where('id', intval($id))->first(); if (is_null($storage)) @@ -169,7 +169,7 @@ class StorageController extends Controller */ public function edit(Request $request, $id) { - $this->authorizeAccessToAdminPanel(); + $this->authorizeAccessToAdminPanel('admin:manage-storage'); /** @var Storage $storage */ $storage = Storage::where('id', intval($id))->first(); @@ -203,7 +203,7 @@ class StorageController extends Controller */ public function update(Requests\StoreStorageRequest $request, $id) { - $this->authorizeAccessToAdminPanel(); + $this->authorizeAccessToAdminPanel('admin:manage-storage'); $storage = Storage::where('id', intval($id))->first(); if (is_null($storage)) @@ -258,7 +258,7 @@ class StorageController extends Controller */ public function destroy(Request $request, $id) { - $this->authorizeAccessToAdminPanel(); + $this->authorizeAccessToAdminPanel('admin:manage-storage'); $storage = Storage::where('id', intval($id))->first(); if (is_null($storage)) diff --git a/app/Http/Controllers/Admin/UserController.php b/app/Http/Controllers/Admin/UserController.php index 2e2e83b..2171d3e 100644 --- a/app/Http/Controllers/Admin/UserController.php +++ b/app/Http/Controllers/Admin/UserController.php @@ -24,7 +24,7 @@ class UserController extends Controller public function delete(Request $request, $id) { - $this->authorizeAccessToAdminPanel(); + $this->authorizeAccessToAdminPanel('admin:manage-users'); $user = User::where('id', intval($id))->first(); if (is_null($user)) @@ -48,7 +48,7 @@ class UserController extends Controller */ public function index(Request $request) { - $this->authorizeAccessToAdminPanel(); + $this->authorizeAccessToAdminPanel('admin:manage-users'); $users = User::orderBy('name') ->paginate(UserConfig::get('items_per_page')); @@ -68,7 +68,7 @@ class UserController extends Controller */ public function create() { - $this->authorizeAccessToAdminPanel(); + $this->authorizeAccessToAdminPanel('admin:manage-users'); return Theme::render('admin.create_user'); } @@ -81,7 +81,7 @@ class UserController extends Controller */ public function store(Requests\StoreUserRequest $request) { - $this->authorizeAccessToAdminPanel(); + $this->authorizeAccessToAdminPanel('admin:manage-users'); $user = new User(); $user->fill($request->only(['name', 'email', 'password'])); @@ -113,7 +113,7 @@ class UserController extends Controller */ public function edit(Request $request, $id) { - $this->authorizeAccessToAdminPanel(); + $this->authorizeAccessToAdminPanel('admin:manage-users'); $user = User::where('id', intval($id))->first(); if (is_null($user)) @@ -145,7 +145,7 @@ class UserController extends Controller */ public function update(Requests\StoreUserRequest $request, $id) { - $this->authorizeAccessToAdminPanel(); + $this->authorizeAccessToAdminPanel('admin:manage-users'); $user = User::where('id', intval($id))->first(); if (is_null($user)) @@ -214,7 +214,7 @@ class UserController extends Controller */ public function destroy(Request $request, $id) { - $this->authorizeAccessToAdminPanel(); + $this->authorizeAccessToAdminPanel('admin:manage-users'); /** @var User $user */ $user = User::where('id', intval($id))->first(); @@ -255,7 +255,7 @@ class UserController extends Controller */ public function searchJson(Request $request) { - $this->authorizeAccessToAdminPanel(); + $this->authorizeAccessToAdminPanel('admin:manage-users'); $limit = intval($request->get('n')); if ($limit == 0) diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php index 73e3c66..8677a7a 100644 --- a/app/Providers/AuthServiceProvider.php +++ b/app/Providers/AuthServiceProvider.php @@ -50,6 +50,18 @@ class AuthServiceProvider extends ServiceProvider { return $this->userHasAdminPermission($user, 'manage-albums'); }); + Gate::define('admin:manage-groups', function ($user) + { + return $this->userHasAdminPermission($user, 'manage-groups'); + }); + Gate::define('admin:manage-storage', function ($user) + { + return $this->userHasAdminPermission($user, 'manage-storage'); + }); + Gate::define('admin:manage-users', function ($user) + { + return $this->userHasAdminPermission($user, 'manage-users'); + }); Gate::define('photo.download_original', function ($user, Photo $photo) { diff --git a/database/seeds/PermissionsSeeder.php b/database/seeds/PermissionsSeeder.php index 9274824..d75b4bf 100644 --- a/database/seeds/PermissionsSeeder.php +++ b/database/seeds/PermissionsSeeder.php @@ -40,6 +40,30 @@ class PermissionsSeeder extends Seeder 'is_default' => false, 'sort_order' => 0 ]); + + // admin:manage-groups = controls if groups can be managed + DatabaseSeeder::createOrUpdate('permissions', [ + 'section' => 'admin', + 'description' => 'manage-groups', + 'is_default' => false, + 'sort_order' => 0 + ]); + + // admin:manage-storage = controls if storages can be managed + DatabaseSeeder::createOrUpdate('permissions', [ + 'section' => 'admin', + 'description' => 'manage-storage', + 'is_default' => false, + 'sort_order' => 0 + ]); + + // admin:manage-users = controls if users can be managed + DatabaseSeeder::createOrUpdate('permissions', [ + 'section' => 'admin', + 'description' => 'manage-users', + 'is_default' => false, + 'sort_order' => 0 + ]); } private function seedAlbumPermissions() diff --git a/resources/lang/en/permissions.php b/resources/lang/en/permissions.php index ee16160..3f4fbdd 100644 --- a/resources/lang/en/permissions.php +++ b/resources/lang/en/permissions.php @@ -3,7 +3,10 @@ return [ 'admin' => [ 'access' => 'Access the administration panel', 'configure' => 'Configure the application', - 'manage-albums' => 'Manage photo albums' + 'manage-albums' => 'Manage photo albums', + 'manage-groups' => 'Manage user groups', + 'manage-storage' => 'Manage storage locations', + 'manage-users' => 'Manage users' ], 'album' => [ 'delete' => 'Delete this album', diff --git a/resources/views/themes/base/admin/edit_group.blade.php b/resources/views/themes/base/admin/edit_group.blade.php index 227d346..22f2027 100644 --- a/resources/views/themes/base/admin/edit_group.blade.php +++ b/resources/views/themes/base/admin/edit_group.blade.php @@ -82,6 +82,18 @@ @include(Theme::viewName('partials.permission_checkbox'), [ 'permission' => Theme::getPermission($all_permissions, 'admin', 'manage-albums') ]) + + @include(Theme::viewName('partials.permission_checkbox'), [ + 'permission' => Theme::getPermission($all_permissions, 'admin', 'manage-users') + ]) + + @include(Theme::viewName('partials.permission_checkbox'), [ + 'permission' => Theme::getPermission($all_permissions, 'admin', 'manage-groups') + ]) + + @include(Theme::viewName('partials.permission_checkbox'), [ + 'permission' => Theme::getPermission($all_permissions, 'admin', 'manage-storage') + ]) diff --git a/resources/views/themes/base/partials/admin_manage_widget.blade.php b/resources/views/themes/base/partials/admin_manage_widget.blade.php index a5f420c..2fe6694 100644 --- a/resources/views/themes/base/partials/admin_manage_widget.blade.php +++ b/resources/views/themes/base/partials/admin_manage_widget.blade.php @@ -1,16 +1,30 @@ -
-
@lang('admin.manage_widget.panel_header')
-
- @can('admin:manage-albums') - @lang('navigation.breadcrumb.albums') - @endcan +@php + $canConfigure = Auth::user()->can('admin:configure'); + $canManageAlbums = Auth::user()->can('admin:manage-albums'); + $canManageGroups = Auth::user()->can('admin:manage-groups'); + $canManageStorage = Auth::user()->can('admin:manage-storage'); + $canManageUsers = Auth::user()->can('admin:manage-users'); +@endphp - @lang('navigation.breadcrumb.users') - @lang('navigation.breadcrumb.groups') - @lang('navigation.breadcrumb.storage') - - @can('admin:configure') - @lang('navigation.breadcrumb.settings') - @endcan +@if ($canConfigure || $canManageAlbums || $canManageGroups || $canManageStorage || $canManageUsers) +
+
@lang('admin.manage_widget.panel_header')
+
+ @if ($canManageAlbums) + @lang('navigation.breadcrumb.albums') + @endif + @if ($canManageUsers) + @lang('navigation.breadcrumb.users') + @endif + @if ($canManageGroups) + @lang('navigation.breadcrumb.groups') + @endif + @if ($canManageStorage) + @lang('navigation.breadcrumb.storage') + @endif + @if ($canConfigure) + @lang('navigation.breadcrumb.settings') + @endif +
-
\ No newline at end of file +@endif \ No newline at end of file