Bulk action permission check fixed.

2020-02-13 15:49:43 +03:00 · 2020-02-13 15:49:43 +03:00 · 2000de7b7b
commit 2000de7b7b
parent d9e9271858
2 changed files with 82 additions and 68 deletions
--- a/app/Http/Controllers/Common/BulkActions.php
+++ b/app/Http/Controllers/Common/BulkActions.php
@ -29,6 +29,18 @@ BulkActions extends Controller
            $bulk_actions = app('App\BulkActions\\' .  ucfirst($group) . '\\' . ucfirst($type));
        }

+        if (isset($bulk_actions->actions[$request->get('handle')]['permission']) && !user()->can($bulk_actions->actions[$request->get('handle')]['permission'])) {
+            flash(trans('errors.message.403'))->error();
+
+            return response()->json([
+                'success' => false,
+                'redirect' => true,
+                'error' => true,
+                'data' => [],
+                'message' => trans('errors.message.403')
+            ]);
+        }
+
        $result = $bulk_actions->{$request->get('handle')}($request);

        if (!empty($result) && ($result instanceof \Symfony\Component\HttpFoundation\BinaryFileResponse)) {
--- a/resources/views/partials/form/bulk_action_row_group.blade.php
+++ b/resources/views/partials/form/bulk_action_row_group.blade.php
@ -1,13 +1,13 @@
@stack('bulk_action_row_input_start')
-    @php
+@php
    if (is_array($path)) {
        $path = route('bulk-actions.action', $path);
    } else {
        $path = url('common/bulk-actions/' . $path);
    }
-    @endphp
+@endphp

-    <div class="align-items-center d-none"
+<div class="align-items-center d-none"
     v-if="bulk_action.show"
     :class="[{'show': bulk_action.show}]">
    <div class="mr-6">
@ -31,12 +31,14 @@
                @change="onChange">
                <option value="*">{{ trans_choice('bulk_actions.bulk_actions', 2) }}</option>
                @foreach($actions as $key => $action)
+                    @if((!isset($action['permission'])) || (isset($action['permission']) && user()->can($action['permission'])))
                    <option
                        value="{{ $key }}"
                        @if(!empty($action['message']))
                        data-message="{{ trans_choice($action['message'], 2, ['type' => $text]) }}"
                        @endif
                    >{{ trans($action['name']) }}</option>
+                    @endif
                @endforeach
            </select>

@ -63,9 +65,9 @@
            <span>{{ trans('general.clear') }}</span>
        </button>
    </div>
-    </div>
+</div>

-    <akaunting-modal
+<akaunting-modal
    :show="bulk_action.modal"
    :title="'{{ trans_choice('general.items', 2) }}'"
    :message="bulk_action.message"
@ -83,6 +85,6 @@
            </button>
        </div>
    </template>
-    </akaunting-modal>
+</akaunting-modal>

@stack('bulk_action_row_input_end')