#3: Implemented admin security for groups, users and storage locations

This commit is contained in:
Andy Heathershaw 2017-04-15 09:58:33 +01:00
parent 2ef01cc23c
commit 8473eb4a05
8 changed files with 101 additions and 36 deletions

View File

@ -27,7 +27,7 @@ class GroupController extends Controller
*/ */
public function create() public function create()
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-groups');
return Theme::render('admin.create_group'); return Theme::render('admin.create_group');
} }
@ -53,7 +53,7 @@ class GroupController extends Controller
*/ */
public function destroy(Request $request, $id) public function destroy(Request $request, $id)
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-groups');
/** @var Group $group */ /** @var Group $group */
$group = Group::where('id', intval($id))->first(); $group = Group::where('id', intval($id))->first();
@ -88,7 +88,7 @@ class GroupController extends Controller
*/ */
public function edit(Request $request, $id) public function edit(Request $request, $id)
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-groups');
$group = Group::where('id', intval($id))->first(); $group = Group::where('id', intval($id))->first();
if (is_null($group)) if (is_null($group))
@ -114,7 +114,7 @@ class GroupController extends Controller
*/ */
public function index(Request $request) public function index(Request $request)
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-groups');
$groups = Group::orderBy('name') $groups = Group::orderBy('name')
->paginate(UserConfig::get('items_per_page')); ->paginate(UserConfig::get('items_per_page'));
@ -135,7 +135,7 @@ class GroupController extends Controller
*/ */
public function store(StoreGroupRequest $request) public function store(StoreGroupRequest $request)
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-groups');
$group = new Group(); $group = new Group();
$group->fill($request->only(['name'])); $group->fill($request->only(['name']));
@ -153,7 +153,7 @@ class GroupController extends Controller
*/ */
public function update(StoreGroupRequest $request, $id) public function update(StoreGroupRequest $request, $id)
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-groups');
/** @var Group $group */ /** @var Group $group */
$group = Group::where('id', intval($id))->first(); $group = Group::where('id', intval($id))->first();

View File

@ -34,7 +34,7 @@ class StorageController extends Controller
*/ */
public function index(Request $request) public function index(Request $request)
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-storage');
$storageLocations = Storage::orderBy('name') $storageLocations = Storage::orderBy('name')
->paginate(UserConfig::get('items_per_page')); ->paginate(UserConfig::get('items_per_page'));
@ -53,7 +53,7 @@ class StorageController extends Controller
*/ */
public function create(Request $request) public function create(Request $request)
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-storage');
$filesystemDefaultLocation = sprintf('%s/storage/app/albums', dirname(dirname(dirname(dirname(__DIR__))))); $filesystemDefaultLocation = sprintf('%s/storage/app/albums', dirname(dirname(dirname(dirname(__DIR__)))));
@ -72,7 +72,7 @@ class StorageController extends Controller
*/ */
public function store(Requests\StoreStorageRequest $request) public function store(Requests\StoreStorageRequest $request)
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-storage');
$storage = new Storage(); $storage = new Storage();
$storage->fill($request->only([ $storage->fill($request->only([
@ -136,7 +136,7 @@ class StorageController extends Controller
*/ */
public function delete(Request $request, $id) public function delete(Request $request, $id)
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-storage');
$storage = Storage::where('id', intval($id))->first(); $storage = Storage::where('id', intval($id))->first();
if (is_null($storage)) if (is_null($storage))
@ -169,7 +169,7 @@ class StorageController extends Controller
*/ */
public function edit(Request $request, $id) public function edit(Request $request, $id)
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-storage');
/** @var Storage $storage */ /** @var Storage $storage */
$storage = Storage::where('id', intval($id))->first(); $storage = Storage::where('id', intval($id))->first();
@ -203,7 +203,7 @@ class StorageController extends Controller
*/ */
public function update(Requests\StoreStorageRequest $request, $id) public function update(Requests\StoreStorageRequest $request, $id)
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-storage');
$storage = Storage::where('id', intval($id))->first(); $storage = Storage::where('id', intval($id))->first();
if (is_null($storage)) if (is_null($storage))
@ -258,7 +258,7 @@ class StorageController extends Controller
*/ */
public function destroy(Request $request, $id) public function destroy(Request $request, $id)
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-storage');
$storage = Storage::where('id', intval($id))->first(); $storage = Storage::where('id', intval($id))->first();
if (is_null($storage)) if (is_null($storage))

View File

@ -24,7 +24,7 @@ class UserController extends Controller
public function delete(Request $request, $id) public function delete(Request $request, $id)
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-users');
$user = User::where('id', intval($id))->first(); $user = User::where('id', intval($id))->first();
if (is_null($user)) if (is_null($user))
@ -48,7 +48,7 @@ class UserController extends Controller
*/ */
public function index(Request $request) public function index(Request $request)
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-users');
$users = User::orderBy('name') $users = User::orderBy('name')
->paginate(UserConfig::get('items_per_page')); ->paginate(UserConfig::get('items_per_page'));
@ -68,7 +68,7 @@ class UserController extends Controller
*/ */
public function create() public function create()
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-users');
return Theme::render('admin.create_user'); return Theme::render('admin.create_user');
} }
@ -81,7 +81,7 @@ class UserController extends Controller
*/ */
public function store(Requests\StoreUserRequest $request) public function store(Requests\StoreUserRequest $request)
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-users');
$user = new User(); $user = new User();
$user->fill($request->only(['name', 'email', 'password'])); $user->fill($request->only(['name', 'email', 'password']));
@ -113,7 +113,7 @@ class UserController extends Controller
*/ */
public function edit(Request $request, $id) public function edit(Request $request, $id)
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-users');
$user = User::where('id', intval($id))->first(); $user = User::where('id', intval($id))->first();
if (is_null($user)) if (is_null($user))
@ -145,7 +145,7 @@ class UserController extends Controller
*/ */
public function update(Requests\StoreUserRequest $request, $id) public function update(Requests\StoreUserRequest $request, $id)
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-users');
$user = User::where('id', intval($id))->first(); $user = User::where('id', intval($id))->first();
if (is_null($user)) if (is_null($user))
@ -214,7 +214,7 @@ class UserController extends Controller
*/ */
public function destroy(Request $request, $id) public function destroy(Request $request, $id)
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-users');
/** @var User $user */ /** @var User $user */
$user = User::where('id', intval($id))->first(); $user = User::where('id', intval($id))->first();
@ -255,7 +255,7 @@ class UserController extends Controller
*/ */
public function searchJson(Request $request) public function searchJson(Request $request)
{ {
$this->authorizeAccessToAdminPanel(); $this->authorizeAccessToAdminPanel('admin:manage-users');
$limit = intval($request->get('n')); $limit = intval($request->get('n'));
if ($limit == 0) if ($limit == 0)

View File

@ -50,6 +50,18 @@ class AuthServiceProvider extends ServiceProvider
{ {
return $this->userHasAdminPermission($user, 'manage-albums'); return $this->userHasAdminPermission($user, 'manage-albums');
}); });
Gate::define('admin:manage-groups', function ($user)
{
return $this->userHasAdminPermission($user, 'manage-groups');
});
Gate::define('admin:manage-storage', function ($user)
{
return $this->userHasAdminPermission($user, 'manage-storage');
});
Gate::define('admin:manage-users', function ($user)
{
return $this->userHasAdminPermission($user, 'manage-users');
});
Gate::define('photo.download_original', function ($user, Photo $photo) Gate::define('photo.download_original', function ($user, Photo $photo)
{ {

View File

@ -40,6 +40,30 @@ class PermissionsSeeder extends Seeder
'is_default' => false, 'is_default' => false,
'sort_order' => 0 'sort_order' => 0
]); ]);
// admin:manage-groups = controls if groups can be managed
DatabaseSeeder::createOrUpdate('permissions', [
'section' => 'admin',
'description' => 'manage-groups',
'is_default' => false,
'sort_order' => 0
]);
// admin:manage-storage = controls if storages can be managed
DatabaseSeeder::createOrUpdate('permissions', [
'section' => 'admin',
'description' => 'manage-storage',
'is_default' => false,
'sort_order' => 0
]);
// admin:manage-users = controls if users can be managed
DatabaseSeeder::createOrUpdate('permissions', [
'section' => 'admin',
'description' => 'manage-users',
'is_default' => false,
'sort_order' => 0
]);
} }
private function seedAlbumPermissions() private function seedAlbumPermissions()

View File

@ -3,7 +3,10 @@ return [
'admin' => [ 'admin' => [
'access' => 'Access the administration panel', 'access' => 'Access the administration panel',
'configure' => 'Configure the application', 'configure' => 'Configure the application',
'manage-albums' => 'Manage photo albums' 'manage-albums' => 'Manage photo albums',
'manage-groups' => 'Manage user groups',
'manage-storage' => 'Manage storage locations',
'manage-users' => 'Manage users'
], ],
'album' => [ 'album' => [
'delete' => 'Delete this album', 'delete' => 'Delete this album',

View File

@ -82,6 +82,18 @@
@include(Theme::viewName('partials.permission_checkbox'), [ @include(Theme::viewName('partials.permission_checkbox'), [
'permission' => Theme::getPermission($all_permissions, 'admin', 'manage-albums') 'permission' => Theme::getPermission($all_permissions, 'admin', 'manage-albums')
]) ])
@include(Theme::viewName('partials.permission_checkbox'), [
'permission' => Theme::getPermission($all_permissions, 'admin', 'manage-users')
])
@include(Theme::viewName('partials.permission_checkbox'), [
'permission' => Theme::getPermission($all_permissions, 'admin', 'manage-groups')
])
@include(Theme::viewName('partials.permission_checkbox'), [
'permission' => Theme::getPermission($all_permissions, 'admin', 'manage-storage')
])
</div> </div>
</div> </div>
</div> </div>

View File

@ -1,16 +1,30 @@
<div class="card admin-sidebar-card"> @php
<div class="card-header">@lang('admin.manage_widget.panel_header')</div> $canConfigure = Auth::user()->can('admin:configure');
<div class="card-block"> $canManageAlbums = Auth::user()->can('admin:manage-albums');
@can('admin:manage-albums') $canManageGroups = Auth::user()->can('admin:manage-groups');
<a class="btn btn-link" href="{{ route('albums.index') }}"><i class="fa fa-fw fa-picture-o"></i> @lang('navigation.breadcrumb.albums')</a> $canManageStorage = Auth::user()->can('admin:manage-storage');
@endcan $canManageUsers = Auth::user()->can('admin:manage-users');
@endphp
<a class="btn btn-link" href="{{ route('users.index') }}"><i class="fa fa-fw fa-user"></i> @lang('navigation.breadcrumb.users')</a> @if ($canConfigure || $canManageAlbums || $canManageGroups || $canManageStorage || $canManageUsers)
<a class="btn btn-link" href="{{ route('groups.index') }}"><i class="fa fa-fw fa-users"></i> @lang('navigation.breadcrumb.groups')</a> <div class="card admin-sidebar-card">
<a class="btn btn-link" href="{{ route('storage.index') }}"><i class="fa fa-fw fa-folder"></i> @lang('navigation.breadcrumb.storage')</a> <div class="card-header">@lang('admin.manage_widget.panel_header')</div>
<div class="card-block">
@can('admin:configure') @if ($canManageAlbums)
<a class="btn btn-link" href="{{ route('admin.settings') }}"><i class="fa fa-fw fa-cog"></i> @lang('navigation.breadcrumb.settings')</a> <a class="btn btn-link" href="{{ route('albums.index') }}"><i class="fa fa-fw fa-picture-o"></i> @lang('navigation.breadcrumb.albums')</a>
@endcan @endif
@if ($canManageUsers)
<a class="btn btn-link" href="{{ route('users.index') }}"><i class="fa fa-fw fa-user"></i> @lang('navigation.breadcrumb.users')</a>
@endif
@if ($canManageGroups)
<a class="btn btn-link" href="{{ route('groups.index') }}"><i class="fa fa-fw fa-users"></i> @lang('navigation.breadcrumb.groups')</a>
@endif
@if ($canManageStorage)
<a class="btn btn-link" href="{{ route('storage.index') }}"><i class="fa fa-fw fa-folder"></i> @lang('navigation.breadcrumb.storage')</a>
@endif
@if ($canConfigure)
<a class="btn btn-link" href="{{ route('admin.settings') }}"><i class="fa fa-fw fa-cog"></i> @lang('navigation.breadcrumb.settings')</a>
@endif
</div>
</div> </div>
</div> @endif