FGFS-4.1/phpvms
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Check user permissions on the routes #508 (#516)

Browse Source 
* Check user permissions on the routes #508

* Formatting
This commit is contained in:
Nabeel S 2020-01-30 09:23:31 -05:00 committed by GitHub
parent ff913e5304
commit 63b574181a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 133 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/Database/seeds/permissions.yml
View File

@ -24,6 +24,9 @@
- name: fares
display_name: Fares
description: Create/edit fares
- name: files
display_name: Files
description: Manage the files available
- name: finances
display_name: Finances
description: Create/view finance related items

175
app/Http/Routes/admin.php
View File

@ -13,172 +13,203 @@ Route::group(
],
static function () {
// CRUD for airlines
Route::resource('airlines', 'AirlinesController');
Route::resource('airlines', 'AirlinesController')->middleware('ability:admin,airlines');
// CRUD for roles
Route::resource('roles', 'RolesController');
Route::resource('roles', 'RolesController')->middleware('role:admin');
Route::get('airports/export', 'AirportController@export')->name('airports.export');
Route::match(['get', 'post', 'put'], 'airports/fuel', 'AirportController@fuel');
Route::get('airports/export', 'AirportController@export')
->name('airports.export')
->middleware('ability:admin,airports');
Route::match(['get', 'post'], 'airports/import', 'AirportController@import')->name(
'airports.import'
);
Route::match(['get', 'post', 'put'], 'airports/fuel', 'AirportController@fuel')
->middleware('ability:admin,airports');
Route::match(['get', 'post'], 'airports/import', 'AirportController@import')
->name('airports.import')->middleware('ability:admin,airports');
Route::match(
['get', 'post', 'put', 'delete'],
'airports/{id}/expenses',
'AirportController@expenses'
);
)->middleware('ability:admin,airports');
Route::resource('airports', 'AirportController');
Route::resource('airports', 'AirportController')->middleware('ability:admin,airports');
// Awards
Route::resource('awards', 'AwardController');
Route::resource('awards', 'AwardController')->middleware('ability:admin,awards');
// aircraft and fare associations
Route::get('aircraft/export', 'AircraftController@export')->name('aircraft.export');
Route::get('aircraft/export', 'AircraftController@export')
->name('aircraft.export')
->middleware('ability:admin,aircraft');
Route::match(['get', 'post'], 'aircraft/import', 'AircraftController@import')->name(
'aircraft.import'
);
Route::match(['get', 'post'], 'aircraft/import', 'AircraftController@import')
->name('aircraft.import')->middleware('ability:admin,aircraft');
Route::match(
['get', 'post', 'put', 'delete'],
'aircraft/{id}/expenses',
'AircraftController@expenses'
);
)->middleware('ability:admin,aircraft');
Route::resource('aircraft', 'AircraftController');
Route::resource('aircraft', 'AircraftController')->middleware('ability:admin,aircraft');
// expenses
Route::get('expenses/export', 'ExpenseController@export')->name('expenses.export');
Route::get('expenses/export', 'ExpenseController@export')
->name('expenses.export')
->middleware('ability:admin,finances');
Route::match(['get', 'post'], 'expenses/import', 'ExpenseController@import')->name(
'expenses.import'
);
Route::match(['get', 'post'], 'expenses/import', 'ExpenseController@import')
->name('expenses.import')
->middleware('ability:admin,finances');
Route::resource('expenses', 'ExpenseController');
Route::resource('expenses', 'ExpenseController')->middleware('ability:admin,finances');
// fares
Route::get('fares/export', 'FareController@export')->name('fares.export');
Route::get('fares/export', 'FareController@export')
->name('fares.export')
->middleware('ability:admin,finances');
Route::match(['get', 'post'], 'fares/import', 'FareController@import')->name(
'fares.import'
);
Route::match(['get', 'post'], 'fares/import', 'FareController@import')
->name('fares.import')->middleware('ability:admin,finances');
Route::resource('fares', 'FareController');
Route::resource('fares', 'FareController')->middleware('ability:admin,finances');
// files
Route::post('files', 'FileController@store')->name('files.store');
Route::delete('files/{id}', 'FileController@destroy')->name('files.delete');
Route::post('files', 'FileController@store')
->name('files.store')
->middleware('ability:admin,files');
Route::delete('files/{id}', 'FileController@destroy')
->name('files.delete')
->middleware('ability:admin,files');
// finances
Route::resource('finances', 'FinanceController');
Route::resource('finances', 'FinanceController')->middleware('ability:admin,finances');
// flights and aircraft associations
Route::get('flights/export', 'FlightController@export')->name('flights.export');
Route::get('flights/export', 'FlightController@export')
->name('flights.export')
->middleware('ability:admin,flights');
Route::match(['get', 'post'], 'flights/import', 'FlightController@import')->name(
'flights.import'
);
Route::match(['get', 'post'], 'flights/import', 'FlightController@import')
->name('flights.import')
->middleware('ability:admin,flights');
Route::match(
['get', 'post', 'put', 'delete'],
'flights/{id}/fares',
'FlightController@fares'
);
)->middleware('ability:admin,flights');
Route::match(
['get', 'post', 'put', 'delete'],
'flights/{id}/fields',
'FlightController@field_values'
);
)->middleware('ability:admin,flights');
Route::match(
['get', 'post', 'put', 'delete'],
'flights/{id}/subfleets',
'FlightController@subfleets'
);
)->middleware('ability:admin,flights');
Route::resource('flights', 'FlightController');
Route::resource('flights', 'FlightController')
->middleware('ability:admin,flights');
Route::resource('flightfields', 'FlightFieldController');
Route::resource('flightfields', 'FlightFieldController')
->middleware('ability:admin,flights');
// pirep related routes
Route::get('pireps/fares', 'PirepController@fares');
Route::get('pireps/pending', 'PirepController@pending');
Route::resource('pireps', 'PirepController');
Route::match(['get', 'post', 'delete'], 'pireps/{id}/comments', 'PirepController@comments');
Route::match(['post', 'put'], 'pireps/{id}/status', 'PirepController@status')->name(
'pirep.status'
);
Route::get('pireps/fares', 'PirepController@fares')->middleware('ability:admin,pireps');
Route::get('pireps/pending', 'PirepController@pending')->middleware('ability:admin,pireps');
Route::resource('pireps', 'PirepController')->middleware('ability:admin,pireps');
Route::resource('pirepfields', 'PirepFieldController');
Route::match(['get', 'post', 'delete'], 'pireps/{id}/comments', 'PirepController@comments')
->middleware('ability:admin,pireps');
Route::match(['post', 'put'], 'pireps/{id}/status', 'PirepController@status')
->name('pirep.status')
->middleware('ability:admin,pireps');
Route::resource('pirepfields', 'PirepFieldController')
->middleware('ability:admin,pireps');
// rankings
Route::resource('ranks', 'RankController');
Route::resource('ranks', 'RankController')->middleware('ability:admin,ranks');
Route::match(
['get', 'post', 'put', 'delete'],
'ranks/{id}/subfleets',
'RankController@subfleets'
);
)->middleware('ability:admin,ranks');
// settings
Route::match(['get'], 'settings', 'SettingsController@index');
Route::match(['post', 'put'], 'settings', 'SettingsController@update')->name(
'settings.update'
);
Route::match(['get'], 'settings', 'SettingsController@index')
->middleware('ability:admin,settings');
Route::match(['post', 'put'], 'settings', 'SettingsController@update')
->name('settings.update')
->middleware('ability:admin,settings');
// maintenance
Route::match(['get'], 'maintenance', 'MaintenanceController@index')->name(
'maintenance.index'
);
Route::match(['post'], 'maintenance', 'MaintenanceController@cache')->name(
'maintenance.cache'
);
Route::match(['get'], 'maintenance', 'MaintenanceController@index')
->name('maintenance.index')
->middleware('ability:admin,maintenance');
Route::match(['post'], 'maintenance', 'MaintenanceController@cache')
->name('maintenance.cache')
->middleware('ability:admin,maintenance');
// subfleet
Route::get('subfleets/export', 'SubfleetController@export')->name('subfleets.export');
Route::match(['get', 'post'], 'subfleets/import', 'SubfleetController@import')->name(
'subfleets.import'
);
Route::get('subfleets/export', 'SubfleetController@export')
->name('subfleets.export')
->middleware('ability:admin,fleet');
Route::match(['get', 'post'], 'subfleets/import', 'SubfleetController@import')
->name('subfleets.import')
->middleware('ability:admin,fleet');
Route::match(
['get', 'post', 'put', 'delete'],
'subfleets/{id}/expenses',
'SubfleetController@expenses'
);
)->middleware('ability:admin,fleet');
Route::match(
['get', 'post', 'put', 'delete'],
'subfleets/{id}/fares',
'SubfleetController@fares'
);
)->middleware('ability:admin,fleet');
Route::match(
['get', 'post', 'put', 'delete'],
'subfleets/{id}/ranks',
'SubfleetController@ranks'
);
)->middleware('ability:admin,fleet');
Route::resource('subfleets', 'SubfleetController');
Route::resource('subfleets', 'SubfleetController')->middleware('ability:admin,fleet');
Route::resource('users', 'UserController');
Route::resource('users', 'UserController')->middleware('ability:admin,users');
Route::get(
'users/{id}/regen_apikey',
'UserController@regen_apikey'
)->name('users.regen_apikey');
)->name('users.regen_apikey')->middleware('ability:admin,users');
// defaults
Route::get('', ['uses' => 'DashboardController@index'])->middleware('update_pending');
Route::get('/', ['uses' => 'DashboardController@index'])->middleware('update_pending');
Route::get('', ['uses' => 'DashboardController@index'])
->middleware('update_pending', 'ability:admin,admin-access');
Route::get('/', ['uses' => 'DashboardController@index'])
->middleware('update_pending', 'ability:admin,admin-access');
Route::get('dashboard', ['uses' => 'DashboardController@index', 'name' => 'dashboard'])
->middleware('update_pending', 'ability:admin,admin-access');
Route::get('dashboard', ['uses' => 'DashboardController@index', 'name' => 'dashboard']);
Route::match(
['get', 'post', 'delete'],
'dashboard/news',
['uses' => 'DashboardController@news']
)->name('dashboard.news');
)->name('dashboard.news')->middleware('update_pending', 'ability:admin,admin-access');
}
);

29
config/laratrust.php
View File

@ -168,8 +168,33 @@ return [
'middleware' => [
'register' => true,
'handling' => 'redirect',
'params' => '/login',
/**
* Handlers for the unauthorized method in the middlewares.
* The name of the handler must be the same as the handling.
*/
'handlers' => [
/**
* Aborts the execution with a 403 code and allows you to provide the response text
*/
'abort' => [
'code' => 403,
'message' => 'User does not have any of the necessary access rights.',
],
/**
* Redirects the user to the given url.
* If you want to flash a key to the session,
* you can do it by setting the key and the content of the message
* If the message content is empty it won't be added to the redirection.
*/
'redirect' => [
'url' => '/',
'message' => [
'key' => 'flash_notification.message',
'content' => 'User does not have any of the necessary access rights.',
],
],
],
'params' => '/login',
],
/*