/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, \Closure $next) { if (\Gate::allows("admin")) { return $next($request); } die(view("unauthorized")); }
/** * Update the specified resource in storage. * * @param \Illuminate\Http\Request $request * @param int $id * @return \Illuminate\Http\Response */ public function update(Request $request, $id) { try { $user = User::findOrFail($id); if (\Gate::denies('user.edit', $user)) { return abort(403); } } catch (ModelNotFoundException $e) { return abort(404); } // обновляем профиль пользователя $user->fill($request->all())->save(); // Удаляем все присвоенные роли у пользователя $user->roles()->detach(); // если иммеются назнаеченные роли if (count($request->input('roles'))) { // для оптимизации запросов выполняем добавление ролей в одну транзакцию \DB::transaction(function () use($request, $user) { foreach ($request->input('roles') as $role_id) { $user->roles()->attach($role_id); } }); } return redirect()->route('user.index'); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @param $value * * @return mixed */ public function handle($request, Closure $next, $value) { if (\Gate::denies($value)) { app()->abort(403, 'Missing permission \'' . $value . '\''); } return $next($request); }
public function handle($request, Closure $next, $permission) { if (\Gate::denies($permission)) { return redirect('')->with('message_error', trans('admin.no_permission')); } return $next($request); }
public function testBoot() { $this->assertTrue(Gate::forUser(factory(App\User::class)->make(['is_admin' => true]))->allows('self-destruct')); $this->assertFalse(Gate::forUser(factory(App\User::class)->make(['is_admin' => false]))->allows('self-destruct')); $this->assertTrue(Gate::forUser(factory(App\User::class)->make(['is_staff' => true]))->allows('use-tags')); $this->assertFalse(Gate::forUser(factory(App\User::class)->make(['is_staff' => false]))->allows('use-tags')); $this->assertTrue(Gate::forUser(factory(App\User::class)->make(['is_staff' => true]))->allows('isStaff')); }
/** * Show the form for editing the specified resource. * * @param int $id * @return \Illuminate\Http\Response */ public function edit($id) { $applicant = Applicant::with('documents')->findOrFail($id); if (\Gate::denies('update', $applicant)) { return abort(403); } return view('applicants.edit', compact('applicant')); }
public function delete($id) { $customer = $this->customerRepository->getById($id); if (\Gate::denies('show', $customer)) { return $this->json->error('You Cannot View or Alter Someone\'s Customer ...'); } $customer->delete(); return $this->json->success('Customer Deleted Successfully ...'); }
/** * Register any application authentication / authorization services. * * @param \Illuminate\Contracts\Auth\Access\Gate $gate * @return void */ public function boot() { $this->registerPolicies(); //GateContract $gate \Gate::define('update-widget-item', 'App\\Http\\Controllers\\UserController@ability'); \Gate::define('edit-question', function ($user, $question) { return $user->id === $question->author_id; }); //[0]['id'] }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * * @return mixed */ public function handle($request, Closure $next) { if (\Gate::denies('app.admin.show')) { if ($request->ajax()) { return response('Forbidden.', 403); } else { return app()->abort(403, 'No permission to view backend'); } } return $next($request); }
/** * Check if the logged in user can follow the specified user. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $user = $request->route('users'); if (\Gate::denies('can-follow', $user)) { if ($request->ajax()) { return response()->json(['message' => 'Забранет пристап'], 401); } else { return redirect(route('users.show', $user->slug))->withErrors(['error' => 'Забранет пристап']); } } return $next($request); }
/** * @inheritDoc */ public function getSignal() { $signal = parent::getSignal(); if (is_null($signal)) { $input = $this->source->getSignal(); if (!is_null($input)) { $signal = SixteenBitMask::mask(~$input); $this->setSignal($signal); } } return $signal; }
/** * Check if the logged in user can remove the dislike * from the specified course. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $course = $request->route('courses'); if (\Gate::denies('remove-course-dislike', $course)) { if ($request->ajax()) { return response()->json(['message' => 'Забранет пристап'], 401); } else { return redirect(route('courses.show', $course->slug))->withErrors(['error' => 'Забранет пристап']); } } return $next($request); }
public function handle(Request $request, \Closure $next, $guard = null) { if (\Gate::denies('admin.access')) { if ($request->ajax()) { return response('Unauthorized.', 401, ['X-Redirect-Url' => route('admin.login')]); } elseif (\Auth::guard($guard)->check()) { return view('admin::auth.denied'); } else { return redirect()->guest(route('admin.login')); } } return $next($request); }
public function index() { if (\Gate::allows('admin-check')) { $matches = $this->getMatches('A'); $matches16 = $this->getMatches('B'); $matches8 = $this->getMatches('C'); $matches4 = $this->getMatches('D'); $matches2 = $this->getMatches('E'); $countrydropdown = $this->CountryDropdown(); return view('Admin.index', ['matches' => $matches, 'matches16' => $matches16, 'matches8' => $matches8, 'matches4' => $matches4, 'matches2' => $matches2, 'countrydropdown' => $countrydropdown]); } else { return Redirect::action('HomeController@index'); } }
function test_checks_for_access_using_the_access_handler_and_the_gate() { Auth::loginUsingId(1); Gate::define('update-post', function ($user, Post $post) { return $post->id === 1; }); Gate::define('delete-post', function ($user) { return false; }); // Having $items = array('view-post' => [], 'edit-post' => ['allows' => ['update-post', ':post']], 'review-post' => ['denies' => ['update-post', ':post']], 'delete-post' => ['allows' => 'delete-post']); // Expect $this->assertTemplate('menus/access-handler', Menu::make($items)->setParam('post', new Post(1))->render()); }
public function index() { if (!\Gate::allows('admin-check')) { $matches = $this->getMatches('A'); $matches16 = $this->getMatches('B'); $matches8 = $this->getMatches('C'); $matches4 = $this->getMatches('D'); $matches2 = $this->getMatches('E'); $ownscore = new ScoreClass(); $totalscore = $ownscore->Scores(Auth::user()->id); return view('Game.index', ['matches' => $matches, 'matches16' => $matches16, 'matches8' => $matches8, 'matches4' => $matches4, 'matches2' => $matches2, 'totalscore' => $totalscore]); } else { return Redirect::action('AdminController@index'); } }
/** * Register the application services. * * @return void */ public function register() { $this->mergeConfigFrom(__DIR__ . '/../config/config.php', $this->packageName); \Gate::before(function ($user, $ability, $arguments) { $class = config($this->packageName . '.rbacClass'); $rbac = new $class(); return $rbac->checkPermission($user, $ability, $arguments); }); $this->app->afterResolving('blade.compiler', function (BladeCompiler $bladeCompiler) { $bladeCompiler->directive('role', function ($roles) { return "<?php if(auth()->check() && in_array(auth()->user()->role, explode('|', {$roles}))): ?>"; }); $bladeCompiler->directive('endrole', function () { return '<?php endif; ?>'; }); }); }
/** * Retrieve roles for authed user's user-role. * * @author Casper Rasmussen <*****@*****.**> * * @return array */ public function getListUserLevel() { // Retrieve full list $list = $this->getList(); // If user is developer, give the full list if (\Gate::allows('backend-developer')) { return $list; } // This means user is not developer, let's unset that option unset($list['developer']); if (\Gate::allows('backend-super-admin')) { return $list; } // This means user is not super-admin, let's unset that option unset($list['super-admin']); // If user is admin, we return the list if (\Gate::allows('backend-admin')) { return $list; } // If user is not even admin, that option should not be possible either unset($list['admin']); return $list; }
public function authorize() { return \Gate::allows('create', 'user'); }
/** * @param FormRequestAbstract $request * @param bool $usePartial * * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View */ public function indexUsersListBackEnd(FormRequestAbstract $request, $usePartial = false) { $name = $request->has('name') ? $request->get('name') : null; $email = $request->has('email') ? $request->get('email') : null; $roles = $request->has('roles') ? $request->get('roles') : null; $trashed = $request->has('trashed') ? $request->get('trashed') : null; $environments = $request->has('environments') ? $request->get('environments') : []; $this->setPresenter(new IndexUsersListPresenter()); if (\Gate::denies('super-administrator')) { $environments = [\Environments::currentId()]; } $this->filterEnvironments($environments); if (!is_null($name)) { $this->filterUserName($name); } if (!is_null($email)) { $this->filterEmail($email); } if (!is_null($roles)) { $this->filterRoles($roles); } if (!is_null($trashed)) { switch ($trashed) { case 'with_trashed': $this->filterShowWithTrashed(); break; case 'only_trashed': $this->filterShowOnlyTrashed(); break; default: // Display active users only } } $users = $this->with(['environments', 'roles'])->paginate(\Settings::get('app.pagination'), ['users.id', 'users.first_name', 'users.last_name', 'users.email', 'users.deleted_at']); return cmsview($usePartial ? 'users.backend.users.chunks.index_tables' : 'users.backend.users.index', ['users' => $users, 'nb_users' => $this->count(), 'user_can_see_env' => true, 'is_role_management_allowed' => \Settings::get('users.is_role_management_allowed'), 'filters' => ['name' => $name, 'email' => $email, 'roles' => $roles, 'environments' => $environments]], 'users::'); }
/** * 보이지 않는(보기 권한이 없는) 메뉴는 제외시킨다. * * @param \Xpressengine\Menu\Models\MenuItem $item menu item * @param \Xpressengine\Menu\Models\Menu $menu menu * * @return null|\Xpressengine\Menu\Models\MenuItem */ function removeInvisible($item, $menu) { // resolve item if (Gate::denies('visible', [$item, $menu])) { return null; } // resolve child menuitems of item $children = new \Illuminate\Support\Collection(); foreach ($item['children'] as $child) { if ($new = removeInvisible($child, $menu)) { if ($new) { $children[] = $new; } } } $item['children'] = $children; return $item; }
<h3><?php echo trans('boomcms::people-manager.groups-heading'); ?> </h3> <p><?php echo trans('boomcms::people-manager.groups'); ?> </p> <?php echo view('boomcms::people-manager.group-select'); ?> </section> <?php if (Gate::allows('manageSites', Router::getActiveSite())) { ?> <section> <h3><?php echo trans('boomcms::people-manager.sites-heading'); ?> </h3> <p><?php echo trans('boomcms::people-manager.sites'); ?> </p> <select name="sites" multiple> <% for (var i in sites.models) { %> <option value="<%= sites.models[i].getId() %>"<%= person.sites.get(sites.models[i].getId()) ? ' selected' : '' %>><%= sites.models[i].getName() %></option> <% } %>
public function store() { if (\Gate::denies('edit-songs')) { abort(403); } // Get input $title = \Input::get('title'); $alternative = \Input::get('alternative'); $author = \Input::get('author'); $copyright = \Input::get('copyright'); $lyrics = \Input::get('lyrics'); // Save new song $song = new \Crockenhill\Song(); $song->title = $title; $song->alternative_title = $alternative; $song->author = $author; $song->copyright = $copyright; $song->lyrics = $lyrics; $song->save(); // Send user back to index return redirect('/members/songs')->with('message', '"' . \Input::get('title') . '" successfully uploaded!'); }
if (Gate::allows('edit', $page)) { ?> <button id="b-page-version-status" class="b-button" data-status="<?php echo $page->getCurrentVersion()->status(); ?> "> <?php echo $page->getCurrentVersion()->status(); ?> </button> <?php } ?> <?php if (Gate::allows('delete', $page)) { ?> <?php if ($page->canBeDeleted()) { ?> <?php echo $button('trash-o', 'toolbar.delete', ['id' => 'b-page-delete']); ?> <?php } else { ?> <?php echo $button('trash-o', 'toolbar.nodelete', ['id' => 'b-page-delete', 'disabled' => 'disabled']); ?> <?php }
Route::get('/curOrders', 'BossController@getCurrents'); Route::get('/pastOrders', 'BossController@pastOrders'); //Route::get('/pastOrdersDetails', 'UserController@pastOrdersDetails'); Route::get('/newOrders', 'BossController@getNewOrders'); Route::get('/newOrder/{id}', 'BossController@getNewOrder'); // get new order details Route::post('/approveOrder', 'BossController@postApproveOrder'); Route::get('/users', 'BossController@getUsers'); Route::post('/user', 'BossController@postNewUser'); }); // accounting Route::group(['prefix' => 'accounting'], function () { Route::get('/', 'AccountingController@getProcessOrders'); Route::get('/processOrders', 'AccountingController@getProcessOrders'); //Route::get('/processOrderDetails', 'AccountingController@getProcessOrderDetails'); //Route::post('/orderApprove', 'AccountingController@orderApprove'); Route::get('/pastOrders', 'AccountingController@pastOrders'); //Route::get('/pastOrdersDetails', 'UserController@pastOrdersDetails'); }); Route::get('/', function () { if (Gate::allows('isBoss')) { return redirect('/boss/curOrders'); } elseif (Gate::allows('isAcc')) { return redirect('/accounting/processOrders'); } elseif (Gate::allows('isUser')) { return redirect('/user/curOrder'); } else { return redirect()->action('HomeController@index'); } }); });
public static function post_request_success($request, $model, $item, $type = 'admin') { $node = \Solunes\Master\App\Node::where('name', $model)->first(); if ($type == 'admin') { if (\Gate::denies('node-admin', ['item', $type, $node, $request->input('action'), $request->input('id')])) { return \Login::redirect_dashboard('no_permission'); } } if ($type == 'admin') { $display_array = ['none']; } else { $display_array = ['item_admin', 'none']; } $total_ponderation = 0; $rejected_fields = ['title', 'content', 'child', 'subchild', 'field']; foreach ($node->fields()->whereNotIn('type', $rejected_fields)->whereNotIn('display_item', $display_array)->with('field_extras')->get() as $field) { $field_name = $field->name; $input = NULL; if ($request->has($field_name)) { $input = $request->input($field_name); } if ($input && $input != 0 && ($pond = $field->field_extras()->where('type', 'ponderation')->first())) { $total_ponderation = $total_ponderation + $pond->value; } $item = \FuncNode::put_data_field($item, $field, $input); } if ($total_ponderation > 0) { $item->total_ponderation = $total_ponderation; } $item->save(); foreach ($node->fields()->whereIn('type', ['subchild', 'field'])->get() as $field) { if ($field->type == 'subchild') { $subfield_name = str_replace('_', '-', $field->value); $sub_node = \Solunes\Master\App\Node::where('name', $subfield_name)->first(); $sub_node_table = $sub_node->table_name; AdminItem::post_subitems($sub_node, $field->name, 'parent_id', $item->id, $sub_node->fields()->where('display_item', '!=', 'none')->whereNotIn('name', ['id', 'parent_id'])->get()); foreach ($node->fields()->where('child_table', $sub_node_table)->get() as $field_extra) { $field_extra_name = $field_extra->name; if ($field_extra_name == $sub_node_table . '_count') { $subvalue = count($item->{$sub_node_table}); } else { $field_extra_name_fixed = str_replace('_total', '', $field_extra_name); $subvalue = 0; foreach ($item->{$sub_node_table} as $sub_item) { $subvalue += $sub_item->{$field_extra_name_fixed}; } } $item->{$field_extra_name} = $subvalue; $item->save(); } } else { $field_name = $field->name; if ($field->multiple) { $item->{$field_name}()->sync($request->input($field_name)); } else { $item->{$field_name}()->sync([$request->input($field_name)]); } } } foreach ($node->indicators as $indicator) { $node_model = \FuncNode::node_check_model($node); $items = \FuncNode::node_check_model($node); $array = \AdminList::filter_node(['filter_category_id' => $indicator->id], $node, $node_model, $items, 'indicator'); $items = $array['items']; if ($indicator->type == 'count') { $indicator_value = $items->count(); } else { $indicator_value = $items->count(); } if ($today_indicator = $indicator->indicator_values()->where('date', date('Y-m-d'))->first()) { } else { $today_indicator = new \Solunes\Master\App\IndicatorValue(); $today_indicator->parent_id = $indicator->id; $today_indicator->date = date('Y-m-d'); } $today_indicator->value = $indicator_value; $today_indicator->save(); } \Asset::delete_temp(); return $item; }
/** * Determine if the user is authorized to make this request. * * @return bool */ public function authorize() { return \Gate::allows('create_role'); }
$event->add('index', 'Dashboard', URL::route('home'), 1, 'dashboard'); if (Gate::allows('edit_fieldtrips')) { $event->add('fieldtrip', 'Field Trips', 'javascript:void(0);', 5, 'desktop'); $event->add('fieldtrip.current', 'Current', URL::route('fieldtrips.index'), 2, 'angle-right'); $event->add('fieldtrip.create', 'New', URL::route('fieldtrips.create'), 3, 'angle-right'); } $event->add('zone', 'Zones', URL::route('zones.index'), 20, 'pie-chart'); $event->add('route', 'Routes', 'javascript:void(0);', 30, 'bus'); $event->add('route.current', 'Current', URL::route('routes.index'), 31, 'angle-right'); if (Gate::allows('create_routes')) { $event->add('route.create', 'New', URL::route('routes.create'), 32, 'angle-right'); } if (Gate::allows('edit_users')) { $event->add('users', 'Users', 'javascript:void(0);', 500, 'users'); $event->add('users.current', 'Current', URL::route('users.index'), 501, 'angle-right'); $event->add('users.create', 'New', URL::route('users.create'), 502, 'angle-right'); $event->add('users.roles', 'Roles', URL::route('roles.index'), 503, 'angle-right'); $event->add('users.permissions', 'Permissions', URL::route('permissions.index'), 504, 'angle-right'); } if (Gate::allows('edit_adjustments')) { $event->add('actuals', 'Adjustments', 'javascript:void(0);', 600, 'unsorted'); $event->add('actuals.dates', 'Dates', URL::route('actuals.index'), 601, 'angle-right'); $event->add('actuals.hours', 'Hours', URL::route('adjustments.index'), 602, 'angle-right'); } if (Gate::allows('manage_reports')) { $event->add('reports', 'Reports', 'javascript:void(0);', 700, 'bug'); $event->add('reports.overtime', 'OT Offered', URL::route('overtime'), 701, 'angle-right'); $event->add('reports.calendar', 'Calendar', URL::route('calendar'), 702, 'angle-right'); } $event->add('contacts', 'Contacts', URL::route('contacts'), 800, 'phone'); });
/** * Remove the specified resource from storage. * * @param int $id * @return Response */ public function destroy($id) { if (\Gate::denies('edit-documents')) { abort(403); } // }
public function destroy($slug) { if (\Gate::denies('edit-pages')) { abort(403); } $page = \Crockenhill\Page::where('slug', $slug)->first(); $page->delete(); return redirect('/members/pages')->with('message', 'Page successfully deleted!'); }