mirrors
/
shaark
mirror of https://github.com/MarceauKa/shaark.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Non-admin users can't access settings section

This commit is contained in:
MarceauKa 2019-10-10 14:25:56 +02:00
parent 2658c2441c
commit 603eec7fe8
6 changed files with 48 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/Http/Kernel.php
View File

@ -44,6 +44,7 @@ class Kernel extends HttpKernel
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
'demo' => \App\Http\Middleware\BlockInDemoMode::class,
'manage' => \App\Http\Middleware\ManageAccess::class,
];
protected $middlewarePriority = [

29
app/Http/Middleware/ManageAccess.php Normal file
View File

@ -0,0 +1,29 @@
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
class ManageAccess
{
public function handle(Request $request, Closure $next, $guard = null)
{
if (Auth::check() && Auth::user()->is_admin) {
return $next($request);
}
if ($request->expectsJson()) {
return response()->json([
'status' => 'error',
'message' => __("You can't access settings section")
], 401);
}
session()->flash('alert', __("You can't access settings section"));
session()->flash('level', 'error');
return redirect()->back();
}
}

1
changelog.md
View File

@ -5,6 +5,7 @@
## Added
- Multi-users
- Non-admin users can't access settings section
## Changed

1
resources/lang/fr.json
View File

@ -212,6 +212,7 @@
"Export type or format not recognized": "Type d'export ou format non-reconnu",
"This action is not available in demo mode": "Cette action n'est pas disponible en mode démonstration",
"You can't access settings section": "Vous n'avez pas accès aux paramètres",
"Source code": "Code source"
}

2
routes/api.php
View File

@ -26,7 +26,7 @@ Route::delete('chest/{id}', 'ChestController@delete')->name('chest.delete');
Route::group([
'as' => 'manage.',
'prefix' => 'manage',
'middleware' => 'auth:api',
'middleware' => ['auth:api', 'manage'],
'namespace' => 'Manage',
], function (\Illuminate\Routing\Router $router) {
$router->get('tags', 'TagsController@all')->name('tags.all');

23
routes/web.php
View File

@ -36,12 +36,19 @@ Route::post('account/password', 'AccountController@storePassword');
Route::get('account/logins', 'AccountController@viewLogins')->name('account.logins');
Route::post('account/logins/logout', 'AccountController@logoutDevices')->name('account.logins.logout');
Route::get('manage/import', 'Manage\ImportController@form')->name('manage.import');
Route::post('manage/import', 'Manage\ImportController@import');
Route::get('manage/export', 'Manage\ExportController@form')->name('manage.export');
Route::post('manage/export', 'Manage\ExportController@export');
Route::get('manage/users', 'Manage\UsersController@all')->name('manage.users');
Route::get('manage/tags', 'Manage\TagsController@view')->name('manage.tags');
Route::get('manage/settings', 'Manage\SettingsController@form')->name('manage.settings');
Route::post('manage/settings', 'Manage\SettingsController@store');
Route::group([
'as' => 'manage.',
'prefix' => 'manage',
'middleware' => ['auth', 'manage'],
'namespace' => 'Manage',
], function (\Illuminate\Routing\Router $router) {
$router->get('import', 'ImportController@form')->name('import');
$router->post('import', 'ImportController@import');
$router->get('export', 'ExportController@form')->name('export');
$router->post('export', 'ExportController@export');
$router->get('users', 'UsersController@all')->name('users');
$router->get('tags', 'TagsController@view')->name('tags');
$router->get('settings', 'SettingsController@form')->name('settings');
$router->post('settings', 'SettingsController@store');
});