shihaam/akaunting
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1494 from denisdulici/master

Browse Source 
Not able to give access only to user profile
This commit is contained in:
Denis Duliçi 2020-06-21 18:54:11 +03:00 committed by GitHub
commit d75bc24a36
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
app/Http/Controllers/Auth/Users.php
View File

@ -16,6 +16,17 @@ class Users extends Controller
{ {
use Uploads; use Uploads;
public function __construct()
{
$this->middleware('permission:create-auth-users')->only('create', 'store', 'duplicate', 'import');
$this->middleware('permission:read-auth-users')->only('index', 'show', 'export');
$this->middleware('permission:update-auth-users')->only('enable', 'disable');
$this->middleware('permission:delete-auth-users')->only('destroy');
$this->middleware('permission:read-auth-users|read-auth-profile')->only('edit');
$this->middleware('permission:update-auth-users|update-auth-profile')->only('update');
}
/** /**
* Display a listing of the resource. * Display a listing of the resource.
* *
@ -101,6 +112,10 @@ class Users extends Controller
*/ */
public function edit(User $user) public function edit(User $user)
{ {
if (user()->cannot('read-auth-users') && ($user->id != user()->id)) {
abort(403);
}
$routes = [ $routes = [
'dashboard' => trans_choice('general.dashboards', 1), 'dashboard' => trans_choice('general.dashboards', 1),
'items.index' => trans_choice('general.items', 2), 'items.index' => trans_choice('general.items', 2),
@ -148,6 +163,10 @@ class Users extends Controller
*/ */
public function update(User $user, Request $request) public function update(User $user, Request $request)
{ {
if (user()->cannot('update-auth-users') && ($user->id != user()->id)) {
abort(403);
}
$response = $this->ajaxDispatch(new UpdateUser($user, $request)); $response = $this->ajaxDispatch(new UpdateUser($user, $request));
if ($response['success']) { if ($response['success']) {

2
resources/views/auth/users/edit.blade.php
View File

@ -60,7 +60,7 @@
</div> </div>
</div> </div>
@permission('update-auth-users') @permission(['update-auth-users', 'update-auth-profile'])
<div class="card-footer"> <div class="card-footer">
<div class="row save-buttons"> <div class="row save-buttons">
{{ Form::saveButtons('users.index') }} {{ Form::saveButtons('users.index') }}

2
resources/views/partials/admin/navbar.blade.php
View File

@ -251,7 +251,7 @@
@stack('navbar_profile_edit') @stack('navbar_profile_edit')
@permission('update-auth-users') @permission(['read-auth-users', 'read-auth-profile'])
<a href="{{ route('users.edit', $user->id) }}" class="dropdown-item"> <a href="{{ route('users.edit', $user->id) }}" class="dropdown-item">
<i class="fas fa-user"></i> <i class="fas fa-user"></i>
<span>{{ trans('auth.profile') }}</span> <span>{{ trans('auth.profile') }}</span>