simple settings perms

2023-05-05 01:28:56 +02:00 · 2023-05-05 01:28:56 +02:00 · 03eef835f7
parent 79432fce82
commit 03eef835f7
3 changed files with 12 additions and 21 deletions
--- a/app/Http/Controllers/Admin/SettingsController.php
+++ b/app/Http/Controllers/Admin/SettingsController.php
@ -15,6 +15,9 @@ use Qirolab\Theme\Theme;

 class SettingsController extends Controller
 {
+
+    const READ_PERMISSIONS = "admin.settings.read";
+    const WRITE_PERMISSIONS = "admin.settings.write";
    /**
     * Display a listing of the resource.
     *
@ -23,6 +26,8 @@ class SettingsController extends Controller
    public function index()
    {

+        $this->checkPermission(self::READ_PERMISSIONS);
+
        // get all other settings in app/Settings directory
        // group items by file name like $categories
        $settings = collect();
@ -91,6 +96,8 @@ class SettingsController extends Controller
     */
    public function update(Request $request)
    {
+        $this->checkPermission(self::WRITE_PERMISSIONS);
+
        $category = request()->get('category');
        $settings_class = request()->get('settings_class');

--- a/config/permissions_web.php
+++ b/config/permissions_web.php
@ -71,26 +71,8 @@ return [

    'admin.logs.read',

-    /*
-     * Permissions for settings
-     */
-    'settings.sidebar.read',
-
-    'settings.invoices.read',
-    'settings.invoices.write',
-
-    'settings.language.read',
-    'settings.language.write',
-
-    'settings.misc.read',
-    'settings.misc.write',
-
-    'settings.payment.read',
-    'settings.payment.write',
-
-    'settings.system.read',
-    'settings.system.write',
-
+    'admin.settings.read',
+    'admin.settings.write',
    /*
    * Permissions for users
    */
--- a/themes/default/views/layouts/main.blade.php
+++ b/themes/default/views/layouts/main.blade.php
@ -258,7 +258,7 @@
                        @endif

                    <!-- lol how do i make this shorter? -->
-                        @canany(['admin.overview.read','admin.overview.sync','admin.ticket.read','admin.tickets.write','admin.ticket_blacklist.read','admin.ticket_blacklist.write','admin.roles.read','admin.roles.write','admin.api.read','admin.api.write'])
+                        @canany(['admin.settings.read','admin.settings.write','admin.overview.read','admin.overview.sync','admin.ticket.read','admin.tickets.write','admin.ticket_blacklist.read','admin.ticket_blacklist.write','admin.roles.read','admin.roles.write','admin.api.read','admin.api.write'])
                            <li class="nav-header">{{ __('Administration') }}</li>
                        @endcanany

@ -302,6 +302,7 @@
                            </li>
                            @endcanany

+                        @canany(['admin.settings.read','admin.settings.write'])
                            <li class="nav-item">
                                <a href="{{ route('admin.settings.index') }}"
                                    class="nav-link @if (Request::routeIs('admin.settings.*')) active @endif">
@ -309,6 +310,7 @@
                                    <p>{{ __('Settings') }}</p>
                                </a>
                            </li>
+                        @endcanany

                        @canany(['admin.api.read','admin.api.write'])
                            <li class="nav-item">