public function allowed($sAction = null, $sRole = null) { if (static::isAdmin() || \Entrust::hasRole('admin') || \Entrust::can($sAction) || \Entrust::hasRole($sRole)) { return true; } return false; }
public function __construct() { $this->data['crud'] = $this->crud; // Check for the right roles to access these pages if (!\Entrust::can('view-admin-panel')) { abort(403, trans('crud.unauthorized_access')); } }
public function __construct() { $this->middleware('auth'); // Check for the right roles to access these pages if (!\Entrust::can('view-admin-panel')) { abort(403, 'Unauthorized access - you do not have the necessary role to see this page.'); } }
public function inicio(Request $request) { if (!\Entrust::can('crud-promociones')) { return \Redirect::to('/'); } else { $registros = Promociones::buscar($request->get('parametros'))->orderBy('nombre', 'desc')->paginate(6); return view('Center.promociones.ver')->with('registros', $registros); } }
/** * Funcion que retorna la vista de inicio del modulo de Equipo, esta retorna la vista con los datos * @param Request $request - variable interna que controla los elementos de la vista para obtner su valor * @return $this */ public function inicio(Request $request) { if (!\Entrust::can('crud-empleados')) { return \Redirect::to('/'); } else { $registros = \DB::table('users')->join('role_user', 'users.id', '=', 'user_id')->join('roles', 'roles.id', '=', 'role_id')->where('users.type', '=', 0)->select('users.id AS id_usuario', 'users.name AS nombre_usuario', 'users.email', 'users.avatar', 'roles.display_name')->orderBy('roles.display_name', 'asc')->paginate(6); return view('Center.empleados.ver')->with('registros', $registros); } }
/** * Display a listing of xcasts * * @return Response */ public function index() { $search = Request::get('q'); $xcasts = $search ? Xcast::search($search) : Xcast::latest('updated_at'); if (!Entrust::can('manage_premium_casts') && !Entrust::can('delete_casts')) { $xcasts = $xcasts->onlyFree(); } $xcasts = $xcasts->paginate(8); return View::make('admin.xcasts.index', compact('xcasts')); }
public function getReprezentantiOrganizatie() { $reprezentanti = array(); $sql = "SELECT \n rl.id,\n rl.nume,\n rl.cnp\n FROM reprezentant_legal rl\n WHERE rl.logical_delete = 0"; if (\Entrust::can('administrare_platforma')) { $reprezentanti = DB::select($sql); } else { $sql .= " AND id_organizatie = :id_organizatie"; $reprezentanti = DB::select($sql, array('id_organizatie' => isset(self::organizatie()[0]) ? self::organizatie()[0]->id_organizatie : -1)); } return View::make('entitate::reprezentant_legal.list')->with('reprezentanti', $reprezentanti); }
public function getBanci() { $banci = array(); $sql = "SELECT\n id,\n denumire,\n adresa, \n telefon\n FROM banca\n WHERE logical_delete = 0"; if (\Entrust::can('administrare_platforma')) { $banci = DB::select($sql); } else { $sql .= " AND id_organizatie = :id_organizatie"; $banci = DB::select($sql, array('id_organizatie' => isset(self::organizatie()[0]) ? self::organizatie()[0]->id_organizatie : -1)); } return View::make("banca::banca.list")->with("banci", $banci); }
public function getInvestitii() { $ids = self::getIDsDepartamente(Confide::getDepartamenteUser()); $sql = "SELECT \n investitie.id,\n investitie.denumire,\n im.adresa,\n investitie.id_imobil,\n j.denumire AS judet,\n l.denumire AS localitate\n FROM por12_investitie investitie\n INNER JOIN imobil im ON im.id = investitie.id_imobil AND im.logical_delete = 0\n LEFT OUTER JOIN judet j ON j.id_judet = im.id_judet AND j.logical_delete = 0\n LEFT OUTER JOIN localitate l ON l.id_localitate = im.id_localitate AND l.logical_delete = 0"; if (!Entrust::can("administrare_platforma")) { $sql .= " INNER JOIN departament ON departament.id = investitie.id_departament AND departament.logical_delete = 0\n AND departament.id IN (" . $ids . ") "; } $sql .= " WHERE investitie.logical_delete = 0"; //dd($sql); $investitii = DB::select($sql); return View::make('investitie_por_axa12.list')->with('investitii', $investitii); }
/** * Deletes a backup file. */ public function delete($file_name) { if (!\Entrust::can('delete-backups')) { abort(403, 'Unauthorized access - you do not have the necessary permission to delete backups.'); } $disk = Storage::disk(config('dick.backupmanager.disk')); if ($disk->exists('backups/' . $file_name)) { $disk->delete('backups/' . $file_name); return 'success'; } else { abort(404, "The backup file doesn't exist."); } }
/** * Deletes a log file. */ public function delete($file_name) { if (!\Entrust::can('delete-logs')) { abort(403, 'Unauthorized access - you do not have the necessary permission to delete logs.'); } $disk = Storage::disk('local'); if ($disk->exists('logs/' . $file_name)) { $disk->delete('logs/' . $file_name); return 'success'; } else { abort(404, "The log file doesn't exist."); } }
public function getPersonalOrganizatie() { $personal = array(); $sql = "SELECT \n p.id,\n p.nume,\n p.cnp,\n p.telefon_1,\n p.telefon_2,\n p.mail_1,\n p.mail_2,\n (SELECT group_concat(ent.denumire) \n FROM entitate ent\n INNER JOIN personal_entitate pe ON pe.id_entitate = ent.id AND pe.logical_delete = 0\n WHERE ent.logical_delete = 0\n AND pe.id_personal = p.id) AS entitati\n FROM personal p\n WHERE p.logical_delete = 0"; //dd($sql); if (\Entrust::can('administrare_platforma')) { $personal = DB::select($sql); } else { $sql .= " AND p.id_organizatie = :id_organizatie"; $personal = DB::select($sql, array('id_organizatie' => isset(self::organizatie()[0]) ? self::organizatie()[0]->id_organizatie : -1)); //dd($sql); } return View::make('entitate::personal.list')->with('personal', $personal); }
public function getSeriiFacturare() { $ids = self::getIDsDepartamente(Confide::getDepartamenteUser()); $sql = "SELECT \n sf.id,\n sf.serie,\n sf.numar,\n sf.id_entitate,\n ent.denumire AS entitate\n FROM serie_factura sf\n INNER JOIN entitate ent ON ent.id = sf.id_entitate AND ent.logical_delete = 0\n WHERE "; if (!Entrust::can("administrare_platforma")) { /*$sql .= " INNER JOIN departament d ON d.id_entitate = ent.id AND d.logical_delete = 0" . " AND d.id IN (" . $ids . ")";*/ $sql .= " EXISTS(SELECT id FROM departament WHERE departament.id_entitate = sf.id_entitate AND departament.logical_delete = 0\n AND departament.id IN (" . $ids . ")) AND "; } $sql .= " sf.logical_delete = 0 ORDER BY ent.id, sf.serie"; //dd($sql); $serii = DB::select($sql); return View::make('serii_facturare.list')->with('serii', $serii); }
/** * @param $filters * @param null $limit * * @return \Illuminate\Database\Eloquent\Collection|static[] */ public function getAll($filters, $limit = null) { $query = $this->post->select('*'); if (!\Entrust::can('manage-all-content')) { $query->where('created_by', auth()->user()->id); } $from = "posts "; if (isset($filters['status']) && $filters['status'] != '') { $status = $filters['status']; $query->whereRaw("posts.metadata->>'status' = ?", [$status]); } if (isset($filters['date_from']) && $filters['date_from'] != '') { $query->whereRaw("date(created_at) >= ?", [str_replace('/', '-', $filters['date_from'])]); } if (isset($filters['date_to']) && $filters['date_to'] != '') { $query->whereRaw("date(created_at) <= ?", [str_replace('/', '-', $filters['date_to'])]); } if (isset($filters['post_type']) && $filters['post_type'] != '') { $post_type = $filters['post_type']; $query->whereRaw("posts.metadata->>'type' = ?", [$post_type]); } if (array_has($filters, "sub_category1")) { $ids = $filters['sub_category1']; $query->category($ids); } if (array_has($filters, "sub_category")) { $category = Category::find($filters['sub_category']); $category_ids = $category->getDescendantsAndSelf()->lists('id')->toArray(); $query->category($category_ids); } if (array_has($filters, "category")) { $category = Category::find($filters['category']); $category_ids = $category->getDescendantsAndSelf()->lists('id')->toArray(); $query->category($category_ids); } $query->from($this->db->raw($from)); $query->orderBy('updated_at', 'DESC'); if (is_null($limit)) { return $query->get(); } return $query->paginate(); }
public function getEntitati($tip_entitate) { $sql = "SELECT \n ent.id, \n ent.denumire, \n ent.cif,\n ent.adresa, \n ent.cod_postal, \n ent.telefon, \n ent.fax, \n ent.id_organizatie, \n ent.id_tip_entitate, \n judet.denumire AS judet, \n loc.denumire AS localitate\n FROM entitate ent\n LEFT OUTER JOIN judet ON ent.id_judet = judet.id_judet AND judet.logical_delete = 0 \n LEFT OUTER JOIN localitate loc ON ent.id_localitate = loc.id_localitate AND loc.logical_delete = 0"; $and = ""; if (\Entrust::hasRole("Administrator de grup")) { $and = " AND ent.id_organizatie = " . \Entrust::user()->id_org; } else { if (!\Entrust::can("administrare_platforma")) { $ids = self::getIDsDepartamente(\Confide::getDepartamenteUser()); $sql = $sql . " INNER JOIN departament d ON d.id_entitate = ent.id AND d.logical_delete = 0" . " AND d.id IN (" . $ids . ")"; } } $sql .= " WHERE ent.logical_delete = 0 "; $sql .= $and; if ($tip_entitate == 1) { $sql .= " AND ent.id_tip_entitate = 1 "; } else { $sql .= " AND ent.id_tip_entitate = 2 "; } $sql .= " GROUP BY ent.id"; $entitati = DB::select($sql); //dd($sql); return View::make('entitate::entitati_organizatie.list')->with('entitati', $entitati)->with('tip_entitate', $tip_entitate); }
public function SalveazaAdaugaDepartamente() { $rules = array('edit' => 'required|integer', 'organizatie' => 'integer'); $errors = array('required' => 'Nu ati selectat utilizatorul.', 'integer' => 'Organizatia nu a fost selectata.'); $validator = Validator::make(Input::all(), $rules, $errors); if ($validator->fails()) { return Redirect::back()->withErrors('Eroare validare formular!')->withErrors($validator)->withInput(); } else { //filtru de securitate pt non admini $organizatii_list = self::getOrganizations(); $organizatie_ok = 0; foreach ($organizatii_list as $v) { if ($v->id == Input::get('organizatie')) { $organizatie_ok = 1; break; } } if ($organizatie_ok == 0) { return Redirect::back()->withErrors('Organizatia nu a fost selectata corect!'); } //sfarsit filtru de securitate non admini //informatiile pentru popularea form-ului $entitatiSiDepartamente = self::EntitatiSiDepartamente(); $entitati = array(); $departamente = array(); foreach ($entitatiSiDepartamente as $k => $v) { $entitati[$v->id_entitate] = $v->id_organizatie; $departamente[$v->id_departament] = $v->id_entitate; } //sfarsit informatii pentru popularea form-ului //cautam utilizatorul $utilizator = self::getUser(Input::get('edit')); if (!$utilizator) { //template-ul nu poate fi gasit return Redirect::back()->withErrors('Nu gasesc acest utilizator!'); } if ($organizatie_ok == 0) { return Redirect::back()->withErrors('Organizatia nu a fost selectata corect!'); } if (Input::has('entitati')) { foreach (Input::get('entitati') as $v) { if (!isset($entitati[$v])) { return Redirect::back()->withErrors('Eroare validare formular!')->withErrors($validator)->withInput(); } $idepartamente = Input::get('departamente'); if (!isset($idepartamente[$v])) { $sql_insert[] = array('id_user' => Input::get('edit'), 'id_departament' => NULL); } else { foreach ($idepartamente[$v] as $dk => $dv) { if (intval($dv) > 0) { $sql_insert[] = array('id_user' => Input::get('edit'), 'id_departament' => $dv); } } } //end foreach departamente } //end foreach entitati } //end test entitati //sfarsit testare date de intrare //se poate salva try { if (Entrust::can('administrare_platforma')) { //facem update la organizatie DB::table('users')->where('id', Input::get('edit'))->update(['id_org' => Input::get('organizatie')]); //sfarsit update organizatie } //curatam informatiile vechi DB::table('users_departament')->where('id_user', Input::get('edit'))->delete(); //sfarsit curatare //inserare linii in template_contract_tipizat_detail DB::table('users_departament')->insert($sql_insert); } catch (Exception $e) { return Redirect::back()->withErrors('Eroare salvare date: ' . $e)->withInput(); } return Redirect::back()->with('message', 'Salvare realizata cu succes!')->withInput(); //sfarsit salvare informatii } }
if (!Entrust::can('edit_request')) { return Redirect::route('sales.index')->with('message', 'You do not have permission to view that.')->with('alert-class', 'danger'); } }); Route::filter('bom.view', function ($route) { // Bypass if direct award if (isDirectAward($route->parameter('rfq'))) { return; } if (!Entrust::can('view_bom')) { return Redirect::route('sales.index')->with('message', 'You do not have permission to view that.')->with('alert-class', 'danger'); } }); Route::filter('approval.view', function ($route) { // Bypass if direct award if (isDirectAward($route->parameter('rfq'))) { return; } if (!Entrust::can('view_approval')) { return Redirect::route('sales.index')->with('message', 'You do not have permission to view that.')->with('alert-class', 'danger'); } }); Route::filter('summary.view', function ($route) { // Bypass if direct award if (isDirectAward($route->parameter('rfq'))) { return; } if (!Entrust::can('view_summary')) { return Redirect::route('sales.index')->with('message', 'You do not have permission to view that.')->with('alert-class', 'danger'); } });
public function authorOrAdminPermissioinRequire($author_id) { if (!Entrust::can('manage_contents') && $author_id != Auth::user()->id) { App::abort(403, 'Unauthorized action.'); } }
/** * Attempt to do login * */ public function postLogin() { //$repo = App::make('UserRepository'); $input = Input::all(); /*$input = array( 'username' =>Input::get('username'), 'password' =>Input::get('password'), );*/ $err_msg = ""; if ($this->userRepo->login($input)) { //return Redirect::intended('/'); //Administratorul platformei si utilizatorii care au acces la aplicatia vor putea continua if (Entrust::can('administrare_platforma') || $this->userRepo->hasAccessApp(1)) { if (Entrust::can('hostinger')) { return Redirect::intended('/proba'); } else { self::registerLogin(Input::get('username'), Input::get('password'), 'Login OK'); Confide::getDepartamente(); return Redirect::intended('/dashboard'); } } else { //altfel se afiseaza mesajul de eroare si sunt redirectionati la pagina de login $err_msg = Lang::get('confide::confide.alerts.access_denied'); } } else { if ($this->userRepo->isThrottled($input)) { $err_msg = Lang::get('confide::confide.alerts.too_many_attempts'); } elseif ($this->userRepo->existsButNotConfirmed($input)) { $err_msg = Lang::get('confide::confide.alerts.not_confirmed'); } elseif ($this->userRepo->isUserBlocked($input)) { $err_msg = Lang::get('confide::confide.alerts.user_blocked'); } else { $err_msg = Lang::get('confide::confide.alerts.wrong_credentials'); } } self::registerLogin(Input::get('username'), Input::get('password'), $err_msg); return Redirect::to('user/login')->withInput(Input::except('password'))->with('error', $err_msg); }
| The CSRF filter is responsible for protecting your application against | cross-site request forgery attacks. If this special token in a user | session does not match the one given in this request, we'll bail. | */ Route::filter('csrf', function () { if (Session::token() != Input::get('_token')) { throw new Illuminate\Session\TokenMismatchException(); } }); /* Role/permission based Route filters */ /*If the user does not have the first role most likely administrator redirect to the home page */ Route::filter('admin', function () { if (!Entrust::hasRole(Role::find(1)->name)) { return Redirect::to('home'); } }); /** * A filter that receives a permission ($perms) as the parameter and checks if the user has * the said permissions or that the user is accessing only his own profile */ Route::filter('checkPerms', function ($route, $request, $perms) { if (!Entrust::can($perms) && Auth::id() != Request::segment(2)) { return Redirect::to('home'); } }); //Ensure form value is not zero Validator::extend('non_zero_key', function ($attribute, $value, $parameters) { return $value != 0 ? true : false; });
/** * Using Entrust Authorization Driver * * @param [string] $permission * @param [bool] $arguments * @package Zizaco\Entrust * @return boolean */ protected function aclEntrust($permission, $arguments = false) { return \Entrust::can($permission, $arguments); }
}); Route::filter('manage_group', function () { if (!Entrust::can('manage_group')) { return Redirect::to('dashboard')->with('notice', 'you do not have access to this resource. Contact your system admin'); } }); Route::filter('manage_settings', function () { if (!Entrust::can('manage_settings')) { return Redirect::to('dashboard')->with('notice', 'you do not have access to this resource. Contact your system admin'); } }); Route::filter('manage_users', function () { if (!Entrust::can('manage_user')) { return Redirect::to('dashboard')->with('notice', 'you do not have access to this resource. Contact your system admin'); } }); Route::filter('manage_roles', function () { if (!Entrust::can('manage_role')) { return Redirect::to('dashboard')->with('notice', 'you do not have access to this resource. Contact your system admin'); } }); Route::filter('manage_audits', function () { if (!Entrust::can('manage_audit')) { return Redirect::to('dashboard')->with('notice', 'you do not have access to this resource. Contact your system admin'); } }); Route::filter('manage_leavetypes', function () { if (!Entrust::can('manage_leave')) { return Redirect::to('dashboard')->with('notice', 'you do not have access to this resource. Contact your system admin'); } });
|-------------------------------------------------------------------------- | CSRF Protection Filter |-------------------------------------------------------------------------- | | The CSRF filter is responsible for protecting your application against | cross-site request forgery attacks. If this special token in a user | session does not match the one given in this request, we'll bail. | */ Route::filter('csrf', function () { if (Session::token() != Input::get('_token')) { throw new Illuminate\Session\TokenMismatchException(); } }); /* |-------------------------------------------------------------------------- | Roles & Permissions Filters |-------------------------------------------------------------------------- | */ Entrust::routeNeedsRole('admin', ['Administrator', 'Users Manager', 'Premium Author', 'Author', 'Eraser'], Redirect::to('/'), false); Entrust::routeNeedsPermission('admin/xcasts*', ['manage_premium_casts', 'manage_free_casts', 'delete_casts'], Redirect::to('admin'), false); Entrust::routeNeedsPermission('admin/series*', ['manage_series', 'delete_series'], Redirect::to('admin'), false); Entrust::routeNeedsPermission('admin/users*', ['manage_users', 'delete_users'], Redirect::to('admin'), false); Route::filter('can_manage_premium_casts', function () { if (Xcast::find(Route::input('xcasts'))->levels > 0) { if (!Entrust::can('manage_premium_casts') && !Entrust::can('delete_casts')) { return Redirect::to('admin'); } } });
| it simply checks that the current user is not logged in. A redirect | response will be issued if they are, which you may freely change. | */ Route::filter('guest', function () { if (Auth::check()) { return Redirect::to('/'); } }); /* |-------------------------------------------------------------------------- | CSRF Protection Filter |-------------------------------------------------------------------------- | | The CSRF filter is responsible for protecting your application against | cross-site request forgery attacks. If this special token in a user | session does not match the one given in this request, we'll bail. | */ Route::filter('csrf', function () { if (Session::token() != Input::get('_token')) { throw new Illuminate\Session\TokenMismatchException(); } }); Route::filter('manage_topics', function () { if (Auth::guest()) { return Redirect::guest('login-required'); } elseif (!Entrust::can('manage_topics')) { return Redirect::route('admin-required'); } });
/** * @param $vaccine_id * @param $child_id * @return $this */ public function provideVaccine($vaccine_id, $child_id) { if (\Entrust::can('vaccination-create')) { $vaccine = $this->vaccine->getVaccineWithWhichDose($vaccine_id, $child_id); if ($vaccine['full'] == true) { return redirect('/vaccination/program/' . $child_id)->with('message', 'This vaccine dose is already completed'); } $user = \Auth::user(); $child = $this->child->getChildByRegistrationId($child_id); $address = $this->location->getFullAddress($user->office_address); $places = \DB::table('vaccination_places')->where('address', '=', $user->office_address)->get(); $vaccilator = \DB::table('vaccillators')->where('vclr_address', '=', $user->office_address)->lists('vclr_first_name', 'vclr_id'); //$vaccilator = $this->helper->getVaccilatorList(); return view('vaccination.vaccine_program.create')->with('vaccine', $vaccine)->with('child', $child)->with('address', $address)->with('user_address', $user->office_address)->with('places', $places)->with('vaccilator', $vaccilator); } else { return abort(404, 'You are not allowed'); } }
| cross-site request forgery attacks. If this special token in a user | session does not match the one given in this request, we'll bail. | */ Route::filter('csrf', function () { if (Session::token() != Input::get('_token')) { throw new Illuminate\Session\TokenMismatchException(); } }); Route::filter('manage_topics', function () { if (Auth::guest()) { return Redirect::guest('login-required'); } elseif (!Entrust::can('manage_topics')) { // Checks the current user return Redirect::route('admin-required'); } }); Route::filter('manage_users', function () { if (Auth::guest()) { return Redirect::guest('login-required'); } elseif (!Entrust::can('manage_users')) { // Checks the current user return Redirect::route('admin-required'); } }); Route::filter('check_banned_user', function () { // Check Banned User if (Auth::check() && !Route::is('user-banned') && Auth::user()->is_banned) { return Redirect::route('user-banned'); } });
public function getEntitati() { $sql = "SELECT\n denumire, id\n FROM entitate\n WHERE logical_delete = 0"; $departamente = []; if (\Entrust::can('list_departament')) { $sql = $sql . " AND entitate.id_organizatie = :id_organizatie"; $departamente = DB::select($sql, array('id_organizatie' => isset(self::organizatie()[0]) ? self::organizatie()[0]->id_organizatie : -1)); return self::object_to_array($departamente); } else { if (\Entrust::can('administrare_platforma')) { $departamente = DB::select($sql); return self::object_to_array($departamente); } } return $departamente; }
if (!Entrust::can('eliminar_examen')) { return Redirect::guest('/'); } }); Route::filter('modificar_examen', function () { if (!Entrust::can('modificar_examen')) { return Redirect::guest('/'); } }); Route::filter('realizar_examen', function () { if (!Entrust::can('realizar_examen')) { return Redirect::guest('/'); } }); Route::filter('ver_resultado_examen', function () { if (!Entrust::can('ver_resultado_examen')) { return Redirect::guest('/'); } }); /* |-------------------------------------------------------------------------- | Guest Filter |-------------------------------------------------------------------------- | | The "guest" filter is the counterpart of the authentication filters as | it simply checks that the current user is not logged in. A redirect | response will be issued if they are, which you may freely change. | */ Route::filter('guest', function () { if (Auth::check()) {
public function authorOrAdminPermissioinRequire($author_id) { if (!Entrust::can('manage_users') && $author_id != Auth::id()) { throw new ManageTopicsException("permission-required"); } }
public function viewBirthCertificate($id) { if (\Entrust::can('birth-registration-show')) { $result = $this->birth->viewBirthCertificate($id); return view('birthRegistration.birth_details.birth_certificate')->with('child', $result); } else { return abort(404, 'You are not allowed'); } }