#3: Implemented admin security for groups, users and storage locations
This commit is contained in:
parent
2ef01cc23c
commit
8473eb4a05
@ -27,7 +27,7 @@ class GroupController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function create()
|
public function create()
|
||||||
{
|
{
|
||||||
$this->authorizeAccessToAdminPanel();
|
$this->authorizeAccessToAdminPanel('admin:manage-groups');
|
||||||
|
|
||||||
return Theme::render('admin.create_group');
|
return Theme::render('admin.create_group');
|
||||||
}
|
}
|
||||||
@ -53,7 +53,7 @@ class GroupController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function destroy(Request $request, $id)
|
public function destroy(Request $request, $id)
|
||||||
{
|
{
|
||||||
$this->authorizeAccessToAdminPanel();
|
$this->authorizeAccessToAdminPanel('admin:manage-groups');
|
||||||
|
|
||||||
/** @var Group $group */
|
/** @var Group $group */
|
||||||
$group = Group::where('id', intval($id))->first();
|
$group = Group::where('id', intval($id))->first();
|
||||||
@ -88,7 +88,7 @@ class GroupController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function edit(Request $request, $id)
|
public function edit(Request $request, $id)
|
||||||
{
|
{
|
||||||
$this->authorizeAccessToAdminPanel();
|
$this->authorizeAccessToAdminPanel('admin:manage-groups');
|
||||||
|
|
||||||
$group = Group::where('id', intval($id))->first();
|
$group = Group::where('id', intval($id))->first();
|
||||||
if (is_null($group))
|
if (is_null($group))
|
||||||
@ -114,7 +114,7 @@ class GroupController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function index(Request $request)
|
public function index(Request $request)
|
||||||
{
|
{
|
||||||
$this->authorizeAccessToAdminPanel();
|
$this->authorizeAccessToAdminPanel('admin:manage-groups');
|
||||||
|
|
||||||
$groups = Group::orderBy('name')
|
$groups = Group::orderBy('name')
|
||||||
->paginate(UserConfig::get('items_per_page'));
|
->paginate(UserConfig::get('items_per_page'));
|
||||||
@ -135,7 +135,7 @@ class GroupController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function store(StoreGroupRequest $request)
|
public function store(StoreGroupRequest $request)
|
||||||
{
|
{
|
||||||
$this->authorizeAccessToAdminPanel();
|
$this->authorizeAccessToAdminPanel('admin:manage-groups');
|
||||||
|
|
||||||
$group = new Group();
|
$group = new Group();
|
||||||
$group->fill($request->only(['name']));
|
$group->fill($request->only(['name']));
|
||||||
@ -153,7 +153,7 @@ class GroupController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function update(StoreGroupRequest $request, $id)
|
public function update(StoreGroupRequest $request, $id)
|
||||||
{
|
{
|
||||||
$this->authorizeAccessToAdminPanel();
|
$this->authorizeAccessToAdminPanel('admin:manage-groups');
|
||||||
|
|
||||||
/** @var Group $group */
|
/** @var Group $group */
|
||||||
$group = Group::where('id', intval($id))->first();
|
$group = Group::where('id', intval($id))->first();
|
||||||
|
@ -34,7 +34,7 @@ class StorageController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function index(Request $request)
|
public function index(Request $request)
|
||||||
{
|
{
|
||||||
$this->authorizeAccessToAdminPanel();
|
$this->authorizeAccessToAdminPanel('admin:manage-storage');
|
||||||
|
|
||||||
$storageLocations = Storage::orderBy('name')
|
$storageLocations = Storage::orderBy('name')
|
||||||
->paginate(UserConfig::get('items_per_page'));
|
->paginate(UserConfig::get('items_per_page'));
|
||||||
@ -53,7 +53,7 @@ class StorageController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function create(Request $request)
|
public function create(Request $request)
|
||||||
{
|
{
|
||||||
$this->authorizeAccessToAdminPanel();
|
$this->authorizeAccessToAdminPanel('admin:manage-storage');
|
||||||
|
|
||||||
$filesystemDefaultLocation = sprintf('%s/storage/app/albums', dirname(dirname(dirname(dirname(__DIR__)))));
|
$filesystemDefaultLocation = sprintf('%s/storage/app/albums', dirname(dirname(dirname(dirname(__DIR__)))));
|
||||||
|
|
||||||
@ -72,7 +72,7 @@ class StorageController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function store(Requests\StoreStorageRequest $request)
|
public function store(Requests\StoreStorageRequest $request)
|
||||||
{
|
{
|
||||||
$this->authorizeAccessToAdminPanel();
|
$this->authorizeAccessToAdminPanel('admin:manage-storage');
|
||||||
|
|
||||||
$storage = new Storage();
|
$storage = new Storage();
|
||||||
$storage->fill($request->only([
|
$storage->fill($request->only([
|
||||||
@ -136,7 +136,7 @@ class StorageController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function delete(Request $request, $id)
|
public function delete(Request $request, $id)
|
||||||
{
|
{
|
||||||
$this->authorizeAccessToAdminPanel();
|
$this->authorizeAccessToAdminPanel('admin:manage-storage');
|
||||||
|
|
||||||
$storage = Storage::where('id', intval($id))->first();
|
$storage = Storage::where('id', intval($id))->first();
|
||||||
if (is_null($storage))
|
if (is_null($storage))
|
||||||
@ -169,7 +169,7 @@ class StorageController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function edit(Request $request, $id)
|
public function edit(Request $request, $id)
|
||||||
{
|
{
|
||||||
$this->authorizeAccessToAdminPanel();
|
$this->authorizeAccessToAdminPanel('admin:manage-storage');
|
||||||
|
|
||||||
/** @var Storage $storage */
|
/** @var Storage $storage */
|
||||||
$storage = Storage::where('id', intval($id))->first();
|
$storage = Storage::where('id', intval($id))->first();
|
||||||
@ -203,7 +203,7 @@ class StorageController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function update(Requests\StoreStorageRequest $request, $id)
|
public function update(Requests\StoreStorageRequest $request, $id)
|
||||||
{
|
{
|
||||||
$this->authorizeAccessToAdminPanel();
|
$this->authorizeAccessToAdminPanel('admin:manage-storage');
|
||||||
|
|
||||||
$storage = Storage::where('id', intval($id))->first();
|
$storage = Storage::where('id', intval($id))->first();
|
||||||
if (is_null($storage))
|
if (is_null($storage))
|
||||||
@ -258,7 +258,7 @@ class StorageController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function destroy(Request $request, $id)
|
public function destroy(Request $request, $id)
|
||||||
{
|
{
|
||||||
$this->authorizeAccessToAdminPanel();
|
$this->authorizeAccessToAdminPanel('admin:manage-storage');
|
||||||
|
|
||||||
$storage = Storage::where('id', intval($id))->first();
|
$storage = Storage::where('id', intval($id))->first();
|
||||||
if (is_null($storage))
|
if (is_null($storage))
|
||||||
|
@ -24,7 +24,7 @@ class UserController extends Controller
|
|||||||
|
|
||||||
public function delete(Request $request, $id)
|
public function delete(Request $request, $id)
|
||||||
{
|
{
|
||||||
$this->authorizeAccessToAdminPanel();
|
$this->authorizeAccessToAdminPanel('admin:manage-users');
|
||||||
|
|
||||||
$user = User::where('id', intval($id))->first();
|
$user = User::where('id', intval($id))->first();
|
||||||
if (is_null($user))
|
if (is_null($user))
|
||||||
@ -48,7 +48,7 @@ class UserController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function index(Request $request)
|
public function index(Request $request)
|
||||||
{
|
{
|
||||||
$this->authorizeAccessToAdminPanel();
|
$this->authorizeAccessToAdminPanel('admin:manage-users');
|
||||||
|
|
||||||
$users = User::orderBy('name')
|
$users = User::orderBy('name')
|
||||||
->paginate(UserConfig::get('items_per_page'));
|
->paginate(UserConfig::get('items_per_page'));
|
||||||
@ -68,7 +68,7 @@ class UserController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function create()
|
public function create()
|
||||||
{
|
{
|
||||||
$this->authorizeAccessToAdminPanel();
|
$this->authorizeAccessToAdminPanel('admin:manage-users');
|
||||||
|
|
||||||
return Theme::render('admin.create_user');
|
return Theme::render('admin.create_user');
|
||||||
}
|
}
|
||||||
@ -81,7 +81,7 @@ class UserController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function store(Requests\StoreUserRequest $request)
|
public function store(Requests\StoreUserRequest $request)
|
||||||
{
|
{
|
||||||
$this->authorizeAccessToAdminPanel();
|
$this->authorizeAccessToAdminPanel('admin:manage-users');
|
||||||
|
|
||||||
$user = new User();
|
$user = new User();
|
||||||
$user->fill($request->only(['name', 'email', 'password']));
|
$user->fill($request->only(['name', 'email', 'password']));
|
||||||
@ -113,7 +113,7 @@ class UserController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function edit(Request $request, $id)
|
public function edit(Request $request, $id)
|
||||||
{
|
{
|
||||||
$this->authorizeAccessToAdminPanel();
|
$this->authorizeAccessToAdminPanel('admin:manage-users');
|
||||||
|
|
||||||
$user = User::where('id', intval($id))->first();
|
$user = User::where('id', intval($id))->first();
|
||||||
if (is_null($user))
|
if (is_null($user))
|
||||||
@ -145,7 +145,7 @@ class UserController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function update(Requests\StoreUserRequest $request, $id)
|
public function update(Requests\StoreUserRequest $request, $id)
|
||||||
{
|
{
|
||||||
$this->authorizeAccessToAdminPanel();
|
$this->authorizeAccessToAdminPanel('admin:manage-users');
|
||||||
|
|
||||||
$user = User::where('id', intval($id))->first();
|
$user = User::where('id', intval($id))->first();
|
||||||
if (is_null($user))
|
if (is_null($user))
|
||||||
@ -214,7 +214,7 @@ class UserController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function destroy(Request $request, $id)
|
public function destroy(Request $request, $id)
|
||||||
{
|
{
|
||||||
$this->authorizeAccessToAdminPanel();
|
$this->authorizeAccessToAdminPanel('admin:manage-users');
|
||||||
|
|
||||||
/** @var User $user */
|
/** @var User $user */
|
||||||
$user = User::where('id', intval($id))->first();
|
$user = User::where('id', intval($id))->first();
|
||||||
@ -255,7 +255,7 @@ class UserController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function searchJson(Request $request)
|
public function searchJson(Request $request)
|
||||||
{
|
{
|
||||||
$this->authorizeAccessToAdminPanel();
|
$this->authorizeAccessToAdminPanel('admin:manage-users');
|
||||||
|
|
||||||
$limit = intval($request->get('n'));
|
$limit = intval($request->get('n'));
|
||||||
if ($limit == 0)
|
if ($limit == 0)
|
||||||
|
@ -50,6 +50,18 @@ class AuthServiceProvider extends ServiceProvider
|
|||||||
{
|
{
|
||||||
return $this->userHasAdminPermission($user, 'manage-albums');
|
return $this->userHasAdminPermission($user, 'manage-albums');
|
||||||
});
|
});
|
||||||
|
Gate::define('admin:manage-groups', function ($user)
|
||||||
|
{
|
||||||
|
return $this->userHasAdminPermission($user, 'manage-groups');
|
||||||
|
});
|
||||||
|
Gate::define('admin:manage-storage', function ($user)
|
||||||
|
{
|
||||||
|
return $this->userHasAdminPermission($user, 'manage-storage');
|
||||||
|
});
|
||||||
|
Gate::define('admin:manage-users', function ($user)
|
||||||
|
{
|
||||||
|
return $this->userHasAdminPermission($user, 'manage-users');
|
||||||
|
});
|
||||||
|
|
||||||
Gate::define('photo.download_original', function ($user, Photo $photo)
|
Gate::define('photo.download_original', function ($user, Photo $photo)
|
||||||
{
|
{
|
||||||
|
@ -40,6 +40,30 @@ class PermissionsSeeder extends Seeder
|
|||||||
'is_default' => false,
|
'is_default' => false,
|
||||||
'sort_order' => 0
|
'sort_order' => 0
|
||||||
]);
|
]);
|
||||||
|
|
||||||
|
// admin:manage-groups = controls if groups can be managed
|
||||||
|
DatabaseSeeder::createOrUpdate('permissions', [
|
||||||
|
'section' => 'admin',
|
||||||
|
'description' => 'manage-groups',
|
||||||
|
'is_default' => false,
|
||||||
|
'sort_order' => 0
|
||||||
|
]);
|
||||||
|
|
||||||
|
// admin:manage-storage = controls if storages can be managed
|
||||||
|
DatabaseSeeder::createOrUpdate('permissions', [
|
||||||
|
'section' => 'admin',
|
||||||
|
'description' => 'manage-storage',
|
||||||
|
'is_default' => false,
|
||||||
|
'sort_order' => 0
|
||||||
|
]);
|
||||||
|
|
||||||
|
// admin:manage-users = controls if users can be managed
|
||||||
|
DatabaseSeeder::createOrUpdate('permissions', [
|
||||||
|
'section' => 'admin',
|
||||||
|
'description' => 'manage-users',
|
||||||
|
'is_default' => false,
|
||||||
|
'sort_order' => 0
|
||||||
|
]);
|
||||||
}
|
}
|
||||||
|
|
||||||
private function seedAlbumPermissions()
|
private function seedAlbumPermissions()
|
||||||
|
@ -3,7 +3,10 @@ return [
|
|||||||
'admin' => [
|
'admin' => [
|
||||||
'access' => 'Access the administration panel',
|
'access' => 'Access the administration panel',
|
||||||
'configure' => 'Configure the application',
|
'configure' => 'Configure the application',
|
||||||
'manage-albums' => 'Manage photo albums'
|
'manage-albums' => 'Manage photo albums',
|
||||||
|
'manage-groups' => 'Manage user groups',
|
||||||
|
'manage-storage' => 'Manage storage locations',
|
||||||
|
'manage-users' => 'Manage users'
|
||||||
],
|
],
|
||||||
'album' => [
|
'album' => [
|
||||||
'delete' => 'Delete this album',
|
'delete' => 'Delete this album',
|
||||||
|
@ -82,6 +82,18 @@
|
|||||||
@include(Theme::viewName('partials.permission_checkbox'), [
|
@include(Theme::viewName('partials.permission_checkbox'), [
|
||||||
'permission' => Theme::getPermission($all_permissions, 'admin', 'manage-albums')
|
'permission' => Theme::getPermission($all_permissions, 'admin', 'manage-albums')
|
||||||
])
|
])
|
||||||
|
|
||||||
|
@include(Theme::viewName('partials.permission_checkbox'), [
|
||||||
|
'permission' => Theme::getPermission($all_permissions, 'admin', 'manage-users')
|
||||||
|
])
|
||||||
|
|
||||||
|
@include(Theme::viewName('partials.permission_checkbox'), [
|
||||||
|
'permission' => Theme::getPermission($all_permissions, 'admin', 'manage-groups')
|
||||||
|
])
|
||||||
|
|
||||||
|
@include(Theme::viewName('partials.permission_checkbox'), [
|
||||||
|
'permission' => Theme::getPermission($all_permissions, 'admin', 'manage-storage')
|
||||||
|
])
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
@ -1,16 +1,30 @@
|
|||||||
<div class="card admin-sidebar-card">
|
@php
|
||||||
|
$canConfigure = Auth::user()->can('admin:configure');
|
||||||
|
$canManageAlbums = Auth::user()->can('admin:manage-albums');
|
||||||
|
$canManageGroups = Auth::user()->can('admin:manage-groups');
|
||||||
|
$canManageStorage = Auth::user()->can('admin:manage-storage');
|
||||||
|
$canManageUsers = Auth::user()->can('admin:manage-users');
|
||||||
|
@endphp
|
||||||
|
|
||||||
|
@if ($canConfigure || $canManageAlbums || $canManageGroups || $canManageStorage || $canManageUsers)
|
||||||
|
<div class="card admin-sidebar-card">
|
||||||
<div class="card-header">@lang('admin.manage_widget.panel_header')</div>
|
<div class="card-header">@lang('admin.manage_widget.panel_header')</div>
|
||||||
<div class="card-block">
|
<div class="card-block">
|
||||||
@can('admin:manage-albums')
|
@if ($canManageAlbums)
|
||||||
<a class="btn btn-link" href="{{ route('albums.index') }}"><i class="fa fa-fw fa-picture-o"></i> @lang('navigation.breadcrumb.albums')</a>
|
<a class="btn btn-link" href="{{ route('albums.index') }}"><i class="fa fa-fw fa-picture-o"></i> @lang('navigation.breadcrumb.albums')</a>
|
||||||
@endcan
|
@endif
|
||||||
|
@if ($canManageUsers)
|
||||||
<a class="btn btn-link" href="{{ route('users.index') }}"><i class="fa fa-fw fa-user"></i> @lang('navigation.breadcrumb.users')</a>
|
<a class="btn btn-link" href="{{ route('users.index') }}"><i class="fa fa-fw fa-user"></i> @lang('navigation.breadcrumb.users')</a>
|
||||||
|
@endif
|
||||||
|
@if ($canManageGroups)
|
||||||
<a class="btn btn-link" href="{{ route('groups.index') }}"><i class="fa fa-fw fa-users"></i> @lang('navigation.breadcrumb.groups')</a>
|
<a class="btn btn-link" href="{{ route('groups.index') }}"><i class="fa fa-fw fa-users"></i> @lang('navigation.breadcrumb.groups')</a>
|
||||||
|
@endif
|
||||||
|
@if ($canManageStorage)
|
||||||
<a class="btn btn-link" href="{{ route('storage.index') }}"><i class="fa fa-fw fa-folder"></i> @lang('navigation.breadcrumb.storage')</a>
|
<a class="btn btn-link" href="{{ route('storage.index') }}"><i class="fa fa-fw fa-folder"></i> @lang('navigation.breadcrumb.storage')</a>
|
||||||
|
@endif
|
||||||
@can('admin:configure')
|
@if ($canConfigure)
|
||||||
<a class="btn btn-link" href="{{ route('admin.settings') }}"><i class="fa fa-fw fa-cog"></i> @lang('navigation.breadcrumb.settings')</a>
|
<a class="btn btn-link" href="{{ route('admin.settings') }}"><i class="fa fa-fw fa-cog"></i> @lang('navigation.breadcrumb.settings')</a>
|
||||||
@endcan
|
@endif
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
@endif
|
Loading…
Reference in New Issue
Block a user