module permissions for reports/settings/widgets

app/Http/Controllers/Settings/Modules.php

@@ -8,6 +8,20 @@ use App\Http\Requests\Setting\Module as Request;
 
 class Modules extends Controller
 {
+    /**
+     * Instantiate a new controller instance.
+     */
+    public function __construct()
+    {
+        $alias = request()->segment(1);
+
+        // Add CRUD permission check
+        $this->middleware('permission:create-' . $alias . '-settings')->only(['create', 'store', 'duplicate', 'import']);
+        $this->middleware('permission:read-' . $alias . '-settings')->only(['index', 'show', 'edit', 'export']);
+        $this->middleware('permission:update-' . $alias . '-settings')->only(['update', 'enable', 'disable']);
+        $this->middleware('permission:delete-' . $alias . '-settings')->only('destroy');
+    }
+
     /**
      * Show the form for editing the specified resource.
      *

app/Http/Controllers/Settings/Settings.php

@@ -43,14 +43,24 @@ class Settings extends Controller
             $modules->settings[$m->getAlias()] = [
                 'name' => $m->getName(),
                 'description' => $m->getDescription(),
-                'url' => 'settings/' . $m->getAlias(),
+                'url' => $m->getAlias() . '/settings',
                 'icon' => $m->get('icon', 'fa fa-cog'),
             ];
         }
 
         event(new \App\Events\Module\SettingShowing($modules));
 
-        return view('settings.settings.index', ['modules' => $modules->settings]);
+        $settings = [];
+
+        foreach ($modules->settings as $alias => $setting) {
+            if (!user()->can('read-' . $alias . '-settings')) {
+                continue;
+            }
+
+            $settings[$alias] = $setting;
+        }
+
+        return view('settings.settings.index', ['modules' => $settings]);
     }
 
     /**