mirror of https://github.com/MarceauKa/shaark.git
✨ Non-admin users can't access settings section
This commit is contained in:
parent
2658c2441c
commit
603eec7fe8
|
@ -44,6 +44,7 @@ class Kernel extends HttpKernel
|
|||
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
|
||||
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
|
||||
'demo' => \App\Http\Middleware\BlockInDemoMode::class,
|
||||
'manage' => \App\Http\Middleware\ManageAccess::class,
|
||||
];
|
||||
|
||||
protected $middlewarePriority = [
|
||||
|
|
|
@ -0,0 +1,29 @@
|
|||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
|
||||
class ManageAccess
|
||||
{
|
||||
public function handle(Request $request, Closure $next, $guard = null)
|
||||
{
|
||||
if (Auth::check() && Auth::user()->is_admin) {
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
if ($request->expectsJson()) {
|
||||
return response()->json([
|
||||
'status' => 'error',
|
||||
'message' => __("You can't access settings section")
|
||||
], 401);
|
||||
}
|
||||
|
||||
session()->flash('alert', __("You can't access settings section"));
|
||||
session()->flash('level', 'error');
|
||||
|
||||
return redirect()->back();
|
||||
}
|
||||
}
|
|
@ -5,6 +5,7 @@
|
|||
## Added
|
||||
|
||||
- Multi-users
|
||||
- Non-admin users can't access settings section
|
||||
|
||||
## Changed
|
||||
|
||||
|
|
|
@ -212,6 +212,7 @@
|
|||
"Export type or format not recognized": "Type d'export ou format non-reconnu",
|
||||
|
||||
"This action is not available in demo mode": "Cette action n'est pas disponible en mode démonstration",
|
||||
"You can't access settings section": "Vous n'avez pas accès aux paramètres",
|
||||
|
||||
"Source code": "Code source"
|
||||
}
|
||||
|
|
|
@ -26,7 +26,7 @@ Route::delete('chest/{id}', 'ChestController@delete')->name('chest.delete');
|
|||
Route::group([
|
||||
'as' => 'manage.',
|
||||
'prefix' => 'manage',
|
||||
'middleware' => 'auth:api',
|
||||
'middleware' => ['auth:api', 'manage'],
|
||||
'namespace' => 'Manage',
|
||||
], function (\Illuminate\Routing\Router $router) {
|
||||
$router->get('tags', 'TagsController@all')->name('tags.all');
|
||||
|
|
|
@ -36,12 +36,19 @@ Route::post('account/password', 'AccountController@storePassword');
|
|||
Route::get('account/logins', 'AccountController@viewLogins')->name('account.logins');
|
||||
Route::post('account/logins/logout', 'AccountController@logoutDevices')->name('account.logins.logout');
|
||||
|
||||
Route::get('manage/import', 'Manage\ImportController@form')->name('manage.import');
|
||||
Route::post('manage/import', 'Manage\ImportController@import');
|
||||
Route::get('manage/export', 'Manage\ExportController@form')->name('manage.export');
|
||||
Route::post('manage/export', 'Manage\ExportController@export');
|
||||
Route::get('manage/users', 'Manage\UsersController@all')->name('manage.users');
|
||||
Route::get('manage/tags', 'Manage\TagsController@view')->name('manage.tags');
|
||||
Route::get('manage/settings', 'Manage\SettingsController@form')->name('manage.settings');
|
||||
Route::post('manage/settings', 'Manage\SettingsController@store');
|
||||
Route::group([
|
||||
'as' => 'manage.',
|
||||
'prefix' => 'manage',
|
||||
'middleware' => ['auth', 'manage'],
|
||||
'namespace' => 'Manage',
|
||||
], function (\Illuminate\Routing\Router $router) {
|
||||
$router->get('import', 'ImportController@form')->name('import');
|
||||
$router->post('import', 'ImportController@import');
|
||||
$router->get('export', 'ExportController@form')->name('export');
|
||||
$router->post('export', 'ExportController@export');
|
||||
$router->get('users', 'UsersController@all')->name('users');
|
||||
$router->get('tags', 'TagsController@view')->name('tags');
|
||||
$router->get('settings', 'SettingsController@form')->name('settings');
|
||||
$router->post('settings', 'SettingsController@store');
|
||||
});
|
||||
|
||||
|
|
Loading…
Reference in New Issue