From d8dacd58387f8d62d2dfefe8c0ea0dd588e3c3a4 Mon Sep 17 00:00:00 2001 From: denisdulici Date: Mon, 6 Jan 2020 14:42:14 +0300 Subject: [PATCH] module permissions for reports/settings/widgets --- app/Http/Controllers/Settings/Modules.php | 14 +++ app/Http/Controllers/Settings/Settings.php | 14 ++- app/Listeners/Update/V20/Version200.php | 4 + app/Utilities/Reports.php | 15 ++- app/Utilities/Widgets.php | 15 ++- database/seeds/Roles.php | 4 + .../Http/Controllers/Settings.php | 3 +- .../OfflinePayments/Listeners/ShowSetting.php | 2 +- .../Resources/views/edit.blade.php | 2 +- modules/OfflinePayments/Routes/admin.php | 10 +- .../views/settings/modules/edit.blade.php | 7 +- .../views/settings/settings/index.blade.php | 96 ++++++++++--------- routes/admin.php | 8 +- 13 files changed, 129 insertions(+), 65 deletions(-) diff --git a/app/Http/Controllers/Settings/Modules.php b/app/Http/Controllers/Settings/Modules.php index 80d4e37b2..03121837a 100644 --- a/app/Http/Controllers/Settings/Modules.php +++ b/app/Http/Controllers/Settings/Modules.php @@ -8,6 +8,20 @@ use App\Http\Requests\Setting\Module as Request; class Modules extends Controller { + /** + * Instantiate a new controller instance. + */ + public function __construct() + { + $alias = request()->segment(1); + + // Add CRUD permission check + $this->middleware('permission:create-' . $alias . '-settings')->only(['create', 'store', 'duplicate', 'import']); + $this->middleware('permission:read-' . $alias . '-settings')->only(['index', 'show', 'edit', 'export']); + $this->middleware('permission:update-' . $alias . '-settings')->only(['update', 'enable', 'disable']); + $this->middleware('permission:delete-' . $alias . '-settings')->only('destroy'); + } + /** * Show the form for editing the specified resource. * diff --git a/app/Http/Controllers/Settings/Settings.php b/app/Http/Controllers/Settings/Settings.php index b9c1f1ba4..9c5d205c0 100644 --- a/app/Http/Controllers/Settings/Settings.php +++ b/app/Http/Controllers/Settings/Settings.php @@ -43,14 +43,24 @@ class Settings extends Controller $modules->settings[$m->getAlias()] = [ 'name' => $m->getName(), 'description' => $m->getDescription(), - 'url' => 'settings/' . $m->getAlias(), + 'url' => $m->getAlias() . '/settings', 'icon' => $m->get('icon', 'fa fa-cog'), ]; } event(new \App\Events\Module\SettingShowing($modules)); - return view('settings.settings.index', ['modules' => $modules->settings]); + $settings = []; + + foreach ($modules->settings as $alias => $setting) { + if (!user()->can('read-' . $alias . '-settings')) { + continue; + } + + $settings[$alias] = $setting; + } + + return view('settings.settings.index', ['modules' => $settings]); } /** diff --git a/app/Listeners/Update/V20/Version200.php b/app/Listeners/Update/V20/Version200.php index 65882a2fe..d7272b4bf 100644 --- a/app/Listeners/Update/V20/Version200.php +++ b/app/Listeners/Update/V20/Version200.php @@ -699,6 +699,8 @@ class Version200 extends Listener 'common-search' => 'r', 'common-widgets' => 'c,r,u,d', 'modules-api-key' => 'c,u', + 'offline-payments-settings' => 'r,u,d', + 'paypal-standard-settings' => 'r,u', 'settings-appearance' => 'r,u', 'settings-company' => 'r', 'settings-defaults' => 'r', @@ -721,6 +723,8 @@ class Version200 extends Listener 'common-reports' => 'c,r,u,d', 'common-search' => 'r', 'common-widgets' => 'r', + 'offline-payments-settings' => 'r,u,d', + 'paypal-standard-settings' => 'r,u', 'settings-company' => 'r', 'settings-defaults' => 'r', 'settings-email' => 'r', diff --git a/app/Utilities/Reports.php b/app/Utilities/Reports.php index 493be8705..7f2eaf355 100644 --- a/app/Utilities/Reports.php +++ b/app/Utilities/Reports.php @@ -95,9 +95,20 @@ class Reports public static function getPermission($class) { - $class_name = (new \ReflectionClass($class))->getShortName(); + $arr = explode('\\', $class); - $permission = 'read-reports-' . Str::kebab($class_name); + $prefix = 'read-'; + + // Add module + if (strtolower($arr[0]) == 'modules') { + $prefix .= Str::kebab($arr[1]) . '-'; + } + + $prefix .= 'reports-'; + + $class_name = end($arr); + + $permission = $prefix . Str::kebab($class_name); return $permission; } diff --git a/app/Utilities/Widgets.php b/app/Utilities/Widgets.php index d10cc7211..b368e5d19 100644 --- a/app/Utilities/Widgets.php +++ b/app/Utilities/Widgets.php @@ -76,9 +76,20 @@ class Widgets public static function getPermission($class) { - $class_name = (new \ReflectionClass($class))->getShortName(); + $arr = explode('\\', $class); - $permission = 'read-widgets-' . Str::kebab($class_name); + $prefix = 'read-'; + + // Add module + if (strtolower($arr[0]) == 'modules') { + $prefix .= Str::kebab($arr[1]) . '-'; + } + + $prefix .= 'widgets-'; + + $class_name = end($arr); + + $permission = $prefix . Str::kebab($class_name); return $permission; } diff --git a/database/seeds/Roles.php b/database/seeds/Roles.php index dc85b70a2..8453d8419 100644 --- a/database/seeds/Roles.php +++ b/database/seeds/Roles.php @@ -58,6 +58,8 @@ class Roles extends Seeder 'modules-my' => 'r', 'modules-tiles' => 'r', 'notifications' => 'r,u', + 'offline-payments-settings' => 'r,u,d', + 'paypal-standard-settings' => 'r,u', 'reports-expense-summary' => 'r', 'reports-income-summary' => 'r', 'reports-income-expense-summary' => 'r', @@ -112,6 +114,8 @@ class Roles extends Seeder 'sales-revenues' => 'c,r,u,d', 'install-updates' => 'r,u', 'notifications' => 'r,u', + 'offline-payments-settings' => 'r,u,d', + 'paypal-standard-settings' => 'r,u', 'reports-expense-summary' => 'r', 'reports-income-summary' => 'r', 'reports-income-expense-summary' => 'r', diff --git a/modules/OfflinePayments/Http/Controllers/Settings.php b/modules/OfflinePayments/Http/Controllers/Settings.php index ce59eb95f..af7c37779 100644 --- a/modules/OfflinePayments/Http/Controllers/Settings.php +++ b/modules/OfflinePayments/Http/Controllers/Settings.php @@ -2,16 +2,15 @@ namespace Modules\OfflinePayments\Http\Controllers; +use App\Abstracts\Http\Controller; use Artisan; use Illuminate\Http\Response; -use Illuminate\Routing\Controller; use Modules\OfflinePayments\Http\Requests\Setting as Request; use Modules\OfflinePayments\Http\Requests\SettingGet as GRequest; use Modules\OfflinePayments\Http\Requests\SettingDelete as DRequest; class Settings extends Controller { - /** * Show the form for editing the specified resource. * diff --git a/modules/OfflinePayments/Listeners/ShowSetting.php b/modules/OfflinePayments/Listeners/ShowSetting.php index 11839e1fc..b989f09c8 100644 --- a/modules/OfflinePayments/Listeners/ShowSetting.php +++ b/modules/OfflinePayments/Listeners/ShowSetting.php @@ -17,7 +17,7 @@ class ShowSetting $event->modules->settings['offline-payments'] = [ 'name' => trans('offline-payments::general.name'), 'description' => trans('offline-payments::general.description'), - 'url' => 'settings/offline-payments', + 'url' => 'offline-payments/settings', 'icon' => 'fas fa-credit-card', ]; } diff --git a/modules/OfflinePayments/Resources/views/edit.blade.php b/modules/OfflinePayments/Resources/views/edit.blade.php index e52755d9e..d7bdf623e 100644 --- a/modules/OfflinePayments/Resources/views/edit.blade.php +++ b/modules/OfflinePayments/Resources/views/edit.blade.php @@ -39,7 +39,7 @@
- {{ Form::saveButtons('settings/offline-payments') }} + {{ Form::saveButtons('offline-payments/settings') }}
{!! Form::close() !!} diff --git a/modules/OfflinePayments/Routes/admin.php b/modules/OfflinePayments/Routes/admin.php index 8b958595b..f80f77187 100644 --- a/modules/OfflinePayments/Routes/admin.php +++ b/modules/OfflinePayments/Routes/admin.php @@ -4,10 +4,10 @@ Route::group([ 'middleware' => 'admin', 'namespace' => 'Modules\OfflinePayments\Http\Controllers' ], function () { - Route::group(['prefix' => 'settings'], function () { - Route::get('offline-payments', 'Settings@edit')->name('offline-payments.edit'); - Route::post('offline-payments', 'Settings@update')->name('offline-payments.update'); - Route::post('offline-payments/get', 'Settings@get')->name('offline-payments.get'); - Route::delete('offline-payments/delete', 'Settings@destroy')->name('offline-payments.delete'); + Route::group(['prefix' => 'offline-payments/settings'], function () { + Route::get('/', 'Settings@edit')->name('offline-payments.edit'); + Route::post('/', 'Settings@update')->name('offline-payments.update'); + Route::post('get', 'Settings@get')->name('offline-payments.get'); + Route::delete('delete', 'Settings@destroy')->name('offline-payments.delete'); }); }); diff --git a/resources/views/settings/modules/edit.blade.php b/resources/views/settings/modules/edit.blade.php index 3e3249ae6..15f3cd922 100644 --- a/resources/views/settings/modules/edit.blade.php +++ b/resources/views/settings/modules/edit.blade.php @@ -7,7 +7,7 @@ {!! Form::model($setting, [ 'id' => 'module', 'method' => 'PATCH', - 'url' => ['settings/' . $module->getAlias()], + 'url' => [$module->getAlias() . '/settings'], '@submit.prevent' => 'onSubmit', '@keydown' => 'form.errors.clear($event.target.name)', 'files' => true, @@ -40,13 +40,16 @@ + @permission('update-' . $module->getAlias() . '-settings')
- {{ Form::saveButtons(URL::previous()) }} + {{ Form::saveButtons(url()->previous()) }}
+ @endpermission + {!! Form::close() !!} @endsection diff --git a/resources/views/settings/settings/index.blade.php b/resources/views/settings/settings/index.blade.php index 7cb0c8c09..689c38de6 100644 --- a/resources/views/settings/settings/index.blade.php +++ b/resources/views/settings/settings/index.blade.php @@ -126,59 +126,65 @@ @endpermission -
- -
- - - + + + + @endpermission -
- -
- - - + + + + @endpermission -
- -
- - - + + + + @endpermission @foreach($modules as $module)
diff --git a/routes/admin.php b/routes/admin.php index 412935ded..43007c8ac 100644 --- a/routes/admin.php +++ b/routes/admin.php @@ -148,12 +148,14 @@ Route::group(['prefix' => 'settings'], function () { Route::get('email', 'Settings\Email@edit')->name('email.edit'); Route::patch('email', 'Settings\Email@update')->name('email.update'); Route::get('schedule', 'Settings\Schedule@edit')->name('schedule.edit'); - - Route::get('{alias}', 'Settings\Modules@edit'); - Route::patch('{alias}', 'Settings\Modules@update'); }); }); +Route::group(['as' => 'settings.'], function () { + Route::get('{alias}/settings', 'Settings\Modules@edit'); + Route::patch('{alias}/settings', 'Settings\Modules@update'); +}); + Route::group(['as' => 'apps.', 'prefix' => 'apps'], function () { Route::resource('api-key', 'Modules\ApiKey');