From 03eef835f7a3cd405e1d2c000c3fa70f60055b7c Mon Sep 17 00:00:00 2001
From: 1day2die <ownerdennis8@gmail.com>
Date: Fri, 5 May 2023 01:28:56 +0200
Subject: [PATCH] simple settings perms

---
 .../Controllers/Admin/SettingsController.php  |  7 ++++++
 config/permissions_web.php                    | 22 ++-----------------
 themes/default/views/layouts/main.blade.php   |  4 +++-
 3 files changed, 12 insertions(+), 21 deletions(-)

diff --git a/app/Http/Controllers/Admin/SettingsController.php b/app/Http/Controllers/Admin/SettingsController.php
index 7e1c5457..3c6782f0 100644
--- a/app/Http/Controllers/Admin/SettingsController.php
+++ b/app/Http/Controllers/Admin/SettingsController.php
@@ -15,6 +15,9 @@ use Qirolab\Theme\Theme;
 
 class SettingsController extends Controller
 {
+
+    const READ_PERMISSIONS = "admin.settings.read";
+    const WRITE_PERMISSIONS = "admin.settings.write";
     /**
      * Display a listing of the resource.
      *
@@ -23,6 +26,8 @@ class SettingsController extends Controller
     public function index()
     {
 
+        $this->checkPermission(self::READ_PERMISSIONS);
+
         // get all other settings in app/Settings directory
         // group items by file name like $categories
         $settings = collect();
@@ -91,6 +96,8 @@ class SettingsController extends Controller
      */
     public function update(Request $request)
     {
+        $this->checkPermission(self::WRITE_PERMISSIONS);
+
         $category = request()->get('category');
         $settings_class = request()->get('settings_class');
 
diff --git a/config/permissions_web.php b/config/permissions_web.php
index ad671842..47ba6a46 100644
--- a/config/permissions_web.php
+++ b/config/permissions_web.php
@@ -71,26 +71,8 @@ return [
 
     'admin.logs.read',
 
-    /*
-     * Permissions for settings
-     */
-    'settings.sidebar.read',
-
-    'settings.invoices.read',
-    'settings.invoices.write',
-
-    'settings.language.read',
-    'settings.language.write',
-
-    'settings.misc.read',
-    'settings.misc.write',
-
-    'settings.payment.read',
-    'settings.payment.write',
-
-    'settings.system.read',
-    'settings.system.write',
-
+    'admin.settings.read',
+    'admin.settings.write',
     /*
     * Permissions for users
     */
diff --git a/themes/default/views/layouts/main.blade.php b/themes/default/views/layouts/main.blade.php
index bc2da4ab..49fc7332 100644
--- a/themes/default/views/layouts/main.blade.php
+++ b/themes/default/views/layouts/main.blade.php
@@ -258,7 +258,7 @@
                         @endif
 
                     <!-- lol how do i make this shorter? -->
-                        @canany(['admin.overview.read','admin.overview.sync','admin.ticket.read','admin.tickets.write','admin.ticket_blacklist.read','admin.ticket_blacklist.write','admin.roles.read','admin.roles.write','admin.api.read','admin.api.write'])
+                        @canany(['admin.settings.read','admin.settings.write','admin.overview.read','admin.overview.sync','admin.ticket.read','admin.tickets.write','admin.ticket_blacklist.read','admin.ticket_blacklist.write','admin.roles.read','admin.roles.write','admin.api.read','admin.api.write'])
                             <li class="nav-header">{{ __('Administration') }}</li>
                         @endcanany
 
@@ -302,6 +302,7 @@
                             </li>
                             @endcanany
 
+                        @canany(['admin.settings.read','admin.settings.write'])
                             <li class="nav-item">
                                 <a href="{{ route('admin.settings.index') }}"
                                     class="nav-link @if (Request::routeIs('admin.settings.*')) active @endif">
@@ -309,6 +310,7 @@
                                     <p>{{ __('Settings') }}</p>
                                 </a>
                             </li>
+                        @endcanany
 
                         @canany(['admin.api.read','admin.api.write'])
                             <li class="nav-item">