shihaam/akaunting
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bulk action permission check fixed.

Browse Source
This commit is contained in:
Cüneyt Şentürk 2020-02-13 15:49:43 +03:00
parent d9e9271858
commit 2000de7b7b
2 changed files with 82 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
app/Http/Controllers/Common/BulkActions.php
View File

@ -29,6 +29,18 @@ BulkActions extends Controller
$bulk_actions = app('App\BulkActions\\' . ucfirst($group) . '\\' . ucfirst($type));
}
if (isset($bulk_actions->actions[$request->get('handle')]['permission']) && !user()->can($bulk_actions->actions[$request->get('handle')]['permission'])) {
flash(trans('errors.message.403'))->error();
return response()->json([
'success' => false,
'redirect' => true,
'error' => true,
'data' => [],
'message' => trans('errors.message.403')
]);
}
$result = $bulk_actions->{$request->get('handle')}($request);
if (!empty($result) && ($result instanceof \Symfony\Component\HttpFoundation\BinaryFileResponse)) {

138
resources/views/partials/form/bulk_action_row_group.blade.php
View File

@ -1,16 +1,16 @@
@stack('bulk_action_row_input_start')
@php
if (is_array($path)) {
$path = route('bulk-actions.action', $path);
} else {
$path = url('common/bulk-actions/' . $path);
}
@endphp
@php
if (is_array($path)) {
$path = route('bulk-actions.action', $path);
} else {
$path = url('common/bulk-actions/' . $path);
}
@endphp
<div class="align-items-center d-none"
v-if="bulk_action.show"
:class="[{'show': bulk_action.show}]">
<div class="mr-6">
<div class="align-items-center d-none"
v-if="bulk_action.show"
:class="[{'show': bulk_action.show}]">
<div class="mr-6">
<span class="text-white d-none d-sm-block">
<b v-text="bulk_action.count"></b>
<span v-if="bulk_action.count === 1">
@ -21,68 +21,70 @@
</span>
{{ trans('bulk_actions.selected') }}
</span>
</div>
</div>
<div class="w-25 mr-4" v-if="bulk_action.count">
<div class="form-group mb-0">
<select
class="form-control form-control-sm"
v-model="{{ !empty($attributes['v-model']) ? $attributes['v-model'] : 'bulk_action.value' }}"
@change="onChange">
<option value="*">{{ trans_choice('bulk_actions.bulk_actions', 2) }}</option>
@foreach($actions as $key => $action)
<option
value="{{ $key }}"
@if(!empty($action['message']))
data-message="{{ trans_choice($action['message'], 2, ['type' => $text]) }}"
@endif
>{{ trans($action['name']) }}</option>
@endforeach
</select>
<div class="w-25 mr-4" v-if="bulk_action.count">
<div class="form-group mb-0">
<select
class="form-control form-control-sm"
v-model="{{ !empty($attributes['v-model']) ? $attributes['v-model'] : 'bulk_action.value' }}"
@change="onChange">
<option value="*">{{ trans_choice('bulk_actions.bulk_actions', 2) }}</option>
@foreach($actions as $key => $action)
@if((!isset($action['permission'])) || (isset($action['permission']) && user()->can($action['permission'])))
<option
value="{{ $key }}"
@if(!empty($action['message']))
data-message="{{ trans_choice($action['message'], 2, ['type' => $text]) }}"
@endif
>{{ trans($action['name']) }}</option>
@endif
@endforeach
</select>
<input type="hidden" name="bulk_action_path" value="{{ $path }}" />
</div>
</div>
<div class="mr-4" v-if="bulk_action.count">
<button type="button" class="btn btn-sm btn-outline-confirm"
v-if="bulk_action.message.length"
@click="bulk_action.modal=true">
<span>{{ trans('general.confirm') }}</span>
</button>
<button type="button" class="btn btn-sm btn-outline-confirm"
v-if="!bulk_action.message.length"
@click="onAction">
<span>{{ trans('general.confirm') }}</span>
</button>
</div>
<div class="mr-4" v-if="bulk_action.count">
<button type="button" class="btn btn-outline-clear btn-sm"
@click="onClear">
<span>{{ trans('general.clear') }}</span>
</button>
<input type="hidden" name="bulk_action_path" value="{{ $path }}" />
</div>
</div>
<akaunting-modal
:show="bulk_action.modal"
:title="'{{ trans_choice('general.items', 2) }}'"
:message="bulk_action.message"
@cancel="onCancel"
v-if='bulk_action.message && bulk_action.modal'>
<template #card-footer>
<div class="float-right">
<button type="button" class="btn btn-outline-secondary" @click="onCancel">
<span>{{ trans('general.cancel') }}</span>
</button>
<div class="mr-4" v-if="bulk_action.count">
<button type="button" class="btn btn-sm btn-outline-confirm"
v-if="bulk_action.message.length"
@click="bulk_action.modal=true">
<span>{{ trans('general.confirm') }}</span>
</button>
<button type="button" class="btn btn-sm btn-outline-confirm"
v-if="!bulk_action.message.length"
@click="onAction">
<span>{{ trans('general.confirm') }}</span>
</button>
</div>
<button :disabled="bulk_action.loading" type="button" class="btn btn-success button-submit" @click="onAction">
<div class="aka-loader d-none"></div>
<span>{{ trans('general.confirm') }}</span>
</button>
</div>
</template>
</akaunting-modal>
<div class="mr-4" v-if="bulk_action.count">
<button type="button" class="btn btn-outline-clear btn-sm"
@click="onClear">
<span>{{ trans('general.clear') }}</span>
</button>
</div>
</div>
<akaunting-modal
:show="bulk_action.modal"
:title="'{{ trans_choice('general.items', 2) }}'"
:message="bulk_action.message"
@cancel="onCancel"
v-if='bulk_action.message && bulk_action.modal'>
<template #card-footer>
<div class="float-right">
<button type="button" class="btn btn-outline-secondary" @click="onCancel">
<span>{{ trans('general.cancel') }}</span>
</button>
<button :disabled="bulk_action.loading" type="button" class="btn btn-success button-submit" @click="onAction">
<div class="aka-loader d-none"></div>
<span>{{ trans('general.confirm') }}</span>
</button>
</div>
</template>
</akaunting-modal>
@stack('bulk_action_row_input_end')