diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index dea46c4..e9d59c1 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -44,6 +44,7 @@ class Kernel extends HttpKernel 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, 'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class, 'demo' => \App\Http\Middleware\BlockInDemoMode::class, + 'manage' => \App\Http\Middleware\ManageAccess::class, ]; protected $middlewarePriority = [ diff --git a/app/Http/Middleware/ManageAccess.php b/app/Http/Middleware/ManageAccess.php new file mode 100644 index 0000000..276c083 --- /dev/null +++ b/app/Http/Middleware/ManageAccess.php @@ -0,0 +1,29 @@ +is_admin) { + return $next($request); + } + + if ($request->expectsJson()) { + return response()->json([ + 'status' => 'error', + 'message' => __("You can't access settings section") + ], 401); + } + + session()->flash('alert', __("You can't access settings section")); + session()->flash('level', 'error'); + + return redirect()->back(); + } +} diff --git a/changelog.md b/changelog.md index e997cc7..1a2f380 100644 --- a/changelog.md +++ b/changelog.md @@ -5,6 +5,7 @@ ## Added - Multi-users +- Non-admin users can't access settings section ## Changed diff --git a/resources/lang/fr.json b/resources/lang/fr.json index a300b27..fde5716 100644 --- a/resources/lang/fr.json +++ b/resources/lang/fr.json @@ -212,6 +212,7 @@ "Export type or format not recognized": "Type d'export ou format non-reconnu", "This action is not available in demo mode": "Cette action n'est pas disponible en mode démonstration", + "You can't access settings section": "Vous n'avez pas accès aux paramètres", "Source code": "Code source" } diff --git a/routes/api.php b/routes/api.php index 5b0ac2f..d893c12 100644 --- a/routes/api.php +++ b/routes/api.php @@ -26,7 +26,7 @@ Route::delete('chest/{id}', 'ChestController@delete')->name('chest.delete'); Route::group([ 'as' => 'manage.', 'prefix' => 'manage', - 'middleware' => 'auth:api', + 'middleware' => ['auth:api', 'manage'], 'namespace' => 'Manage', ], function (\Illuminate\Routing\Router $router) { $router->get('tags', 'TagsController@all')->name('tags.all'); diff --git a/routes/web.php b/routes/web.php index ce174f4..efd1c92 100644 --- a/routes/web.php +++ b/routes/web.php @@ -36,12 +36,19 @@ Route::post('account/password', 'AccountController@storePassword'); Route::get('account/logins', 'AccountController@viewLogins')->name('account.logins'); Route::post('account/logins/logout', 'AccountController@logoutDevices')->name('account.logins.logout'); -Route::get('manage/import', 'Manage\ImportController@form')->name('manage.import'); -Route::post('manage/import', 'Manage\ImportController@import'); -Route::get('manage/export', 'Manage\ExportController@form')->name('manage.export'); -Route::post('manage/export', 'Manage\ExportController@export'); -Route::get('manage/users', 'Manage\UsersController@all')->name('manage.users'); -Route::get('manage/tags', 'Manage\TagsController@view')->name('manage.tags'); -Route::get('manage/settings', 'Manage\SettingsController@form')->name('manage.settings'); -Route::post('manage/settings', 'Manage\SettingsController@store'); +Route::group([ + 'as' => 'manage.', + 'prefix' => 'manage', + 'middleware' => ['auth', 'manage'], + 'namespace' => 'Manage', +], function (\Illuminate\Routing\Router $router) { + $router->get('import', 'ImportController@form')->name('import'); + $router->post('import', 'ImportController@import'); + $router->get('export', 'ExportController@form')->name('export'); + $router->post('export', 'ExportController@export'); + $router->get('users', 'UsersController@all')->name('users'); + $router->get('tags', 'TagsController@view')->name('tags'); + $router->get('settings', 'SettingsController@form')->name('settings'); + $router->post('settings', 'SettingsController@store'); +});