diff --git a/app/Http/Controllers/Admin/PaymentController.php b/app/Http/Controllers/Admin/PaymentController.php index 25d2c9ce..02d91bde 100644 --- a/app/Http/Controllers/Admin/PaymentController.php +++ b/app/Http/Controllers/Admin/PaymentController.php @@ -23,6 +23,7 @@ use App\Settings\LocaleSettings; class PaymentController extends Controller { + const BUY_PERMISSION = 'user.shop.buy'; /** * @return Application|Factory|View */ @@ -41,6 +42,8 @@ class PaymentController extends Controller */ public function checkOut(ShopProduct $shopProduct, GeneralSettings $general_settings) { + $this->checkPermission(self::BUY_PERMISSION); + $discount = PartnerDiscount::getDiscount(); $price = $shopProduct->price - ($shopProduct->price * $discount / 100); diff --git a/app/Http/Controllers/Admin/RoleController.php b/app/Http/Controllers/Admin/RoleController.php index d5d474af..ed4194be 100644 --- a/app/Http/Controllers/Admin/RoleController.php +++ b/app/Http/Controllers/Admin/RoleController.php @@ -164,6 +164,9 @@ class RoleController extends Controller return datatables($query) + ->editColumn('id', function (Role $role) { + return $role->id; + }) ->addColumn('actions', function (Role $role) { return ' checkPermission(self::CREATE_PERMISSION); + $validate_configuration = $this->validateConfigurationRules($user_settings, $server_settings); if (!is_null($validate_configuration)) { @@ -316,6 +322,8 @@ class ServerController extends Controller public function upgrade(Server $server, Request $request) { + $this->checkPermission(self::UPGRADE_PERMISSION); + if ($server->user_id != Auth::user()->id) { return redirect()->route('servers.index'); } diff --git a/app/Http/Controllers/TicketsController.php b/app/Http/Controllers/TicketsController.php index 754241ed..d5912e43 100644 --- a/app/Http/Controllers/TicketsController.php +++ b/app/Http/Controllers/TicketsController.php @@ -21,6 +21,8 @@ use Illuminate\Support\Str; class TicketsController extends Controller { + const READ_PERMISSION = 'user.ticket.read'; + const WRITE_PERMISSION = 'user.ticket.write'; public function index(LocaleSettings $locale_settings) { return view('ticket.index', [ @@ -74,6 +76,7 @@ class TicketsController extends Controller public function show($ticket_id, PterodactylSettings $ptero_settings) { + $this->checkPermission(self::READ_PERMISSION); try { $ticket = Ticket::where('ticket_id', $ticket_id)->firstOrFail(); } catch (Exception $e) { @@ -118,6 +121,7 @@ class TicketsController extends Controller public function create() { + $this->checkPermission(self::WRITE_PERMISSION); //check in blacklist $check = TicketBlacklist::where('user_id', Auth::user()->id)->first(); if ($check && $check->status == 'True') { diff --git a/config/permission.php b/config/permission.php index 5b6e184c..5aeaab7c 100644 --- a/config/permission.php +++ b/config/permission.php @@ -133,7 +133,7 @@ return [ * By default wildcard permission lookups are disabled. */ - 'enable_wildcard_permission' => false, + 'enable_wildcard_permission' => true, 'cache' => [ diff --git a/database/settings/2023_02_01_182158_create_website_settings.php b/database/settings/2023_02_01_182158_create_website_settings.php index 013c85f8..c7e8fa51 100644 --- a/database/settings/2023_02_01_182158_create_website_settings.php +++ b/database/settings/2023_02_01_182158_create_website_settings.php @@ -14,10 +14,7 @@ class CreateWebsiteSettings extends SettingsMigration $this->migrator->add( 'website.motd_message', $table_exists ? $this->getOldValue("SETTINGS::SYSTEM:MOTD_MESSAGE") : - '

Controlpanel.gg

-

Thank you for using our Software

-

If you have any questions, make sure to join our Discord

-

(you can change this message in the Settings )

' + '

\"\"Controlpanel.gg<\/span><\/h1>\r\n

Thank you for using our Software<\/span><\/p>\r\n

If you have any questions, make sure to join our Discord<\/a><\/span><\/p>\r\n

(you can change this message in the Settings<\/a> )<\/span><\/p>' ); $this->migrator->add('website.show_imprint', $table_exists ? $this->getOldValue("SETTINGS::SYSTEM:SHOW_IMPRINT") : false); $this->migrator->add('website.show_privacy', $table_exists ? $this->getOldValue("SETTINGS::SYSTEM:SHOW_PRIVACY") : false); diff --git a/themes/default/views/admin/roles/index.blade.php b/themes/default/views/admin/roles/index.blade.php index 71c88d92..0bc9d3a2 100644 --- a/themes/default/views/admin/roles/index.blade.php +++ b/themes/default/views/admin/roles/index.blade.php @@ -18,6 +18,7 @@ + @@ -40,10 +41,11 @@ url: '//cdn.datatables.net/plug-ins/1.11.3/i18n/{{config("SETTINGS::LOCALE:DATATABLES")}}.json' }, processing: true, - serverSide: false, //increases loading times too much? change back to "true" if it does + serverSide: true, //increases loading times too much? change back to "true" if it does stateSave: true, ajax: "{{route('admin.roles.datatable')}}", columns: [ + {data: 'id'}, {data: 'name'}, {data: 'usercount'}, {data: 'permissionscount'}, diff --git a/themes/default/views/admin/settings/index.blade.php b/themes/default/views/admin/settings/index.blade.php index 89249eac..134e0a95 100644 --- a/themes/default/views/admin/settings/index.blade.php +++ b/themes/default/views/admin/settings/index.blade.php @@ -159,6 +159,9 @@ @endforeach + +
diff --git a/themes/default/views/layouts/main.blade.php b/themes/default/views/layouts/main.blade.php index 6925c936..c72187bd 100644 --- a/themes/default/views/layouts/main.blade.php +++ b/themes/default/views/layouts/main.blade.php @@ -246,6 +246,7 @@ @endif @php($ticket_enabled = app(App\Settings\TicketSettings::class)->enabled) @if ($ticket_enabled) + @canany(["user.ticket.read", "user.ticket.write"])
  • @@ -253,6 +254,7 @@

    {{ __('Support Ticket') }}
    • + @endcanany @endif @if ((Auth::user()->hasRole(1) || Auth::user()->role == 'moderator') && $ticket_enabled) diff --git a/themes/default/views/profile/index.blade.php b/themes/default/views/profile/index.blade.php index 6fe0208b..45938437 100644 --- a/themes/default/views/profile/index.blade.php +++ b/themes/default/views/profile/index.blade.php @@ -101,7 +101,7 @@
    @if($referral_enabled) - @if(($referral_allowed === "client" && $user->role != "member") || $referral_allowed === "everyone") + @can("user.referral")
    @@ -112,8 +112,8 @@ @else - {{_("Make a purchase to reveal your referral-URL")}} - @endif + {{_("You can not see your Referral Code")}} + @endcan
    @endif diff --git a/themes/default/views/servers/index.blade.php b/themes/default/views/servers/index.blade.php index 4b9b7df1..df47ae53 100644 --- a/themes/default/views/servers/index.blade.php +++ b/themes/default/views/servers/index.blade.php @@ -27,17 +27,17 @@
    - Servers->count() >= Auth::user()->server_limit) - disabled="disabled" title="Server limit reached!" - @endif href="{{ route('servers.create') }}" - class="btn - @if (Auth::user()->Servers->count() >= Auth::user()->server_limit) disabled - @endif btn-primary"> + Servers->count() >= Auth::user()->server_limit) disabled="disabled" title="Server limit reached!" @endif + @cannot("user.server.create") disabled="disabled" title="No Permission!" @endcannot + href="{{ route('servers.create') }}" class="btn + @if (Auth::user()->Servers->count() >= Auth::user()->server_limit) disabled @endif + @cannot("user.server.create") disabled @endcannot + btn-primary"> + {{ __('Create Server') }} @if (Auth::user()->Servers->count() > 0 && !empty($phpmyadmin_url)) - {{ __('Database') }} diff --git a/themes/default/views/servers/settings.blade.php b/themes/default/views/servers/settings.blade.php index 2ec6bb27..4ef71744 100644 --- a/themes/default/views/servers/settings.blade.php +++ b/themes/default/views/servers/settings.blade.php @@ -222,7 +222,7 @@
    - @if($server_enable_upgrade) + @if($server_enable_upgrade && Auth::user()->can("user.server.upgrade"))
    @endforeach diff --git a/themes/default/views/ticket/index.blade.php b/themes/default/views/ticket/index.blade.php index d2e66c80..0c1d4098 100644 --- a/themes/default/views/ticket/index.blade.php +++ b/themes/default/views/ticket/index.blade.php @@ -30,8 +30,8 @@
    {{__('My Ticket')}}
    -     {{__('New Ticket')}} + + {{__('New Ticket')}}
    {{__("ID")}} {{__("Name")}} {{__("User count")}} {{__("Permissions count")}} {{ __('Purchase') }} + class="btn btn-info @cannot('user.shop.buy') disabled @endcannot">{{ __('Purchase') }}