Inheritance: extends Illuminate\Support\Facades\Gate
Gate Class Documentation
Example #1
0
 /**
  * Handle an incoming request.
  *
  * @param  \Illuminate\Http\Request  $request
  * @param  \Closure  $next
  * @return mixed
  */
 public function handle($request, \Closure $next)
 {
     if (\Gate::allows("admin")) {
         return $next($request);
     }
     die(view("unauthorized"));
 }
Example #2
0
 /**
  * Update the specified resource in storage.
  *
  * @param  \Illuminate\Http\Request $request
  * @param  int $id
  * @return \Illuminate\Http\Response
  */
 public function update(Request $request, $id)
 {
     try {
         $user = User::findOrFail($id);
         if (\Gate::denies('user.edit', $user)) {
             return abort(403);
         }
     } catch (ModelNotFoundException $e) {
         return abort(404);
     }
     // обновляем профиль пользователя
     $user->fill($request->all())->save();
     // Удаляем все присвоенные роли у пользователя
     $user->roles()->detach();
     // если иммеются назнаеченные роли
     if (count($request->input('roles'))) {
         // для оптимизации запросов выполняем добавление ролей в одну транзакцию
         \DB::transaction(function () use($request, $user) {
             foreach ($request->input('roles') as $role_id) {
                 $user->roles()->attach($role_id);
             }
         });
     }
     return redirect()->route('user.index');
 }
Example #3
0
 /**
  * Handle an incoming request.
  *
  * @param \Illuminate\Http\Request $request
  * @param \Closure                 $next
  * @param $value
  *
  * @return mixed
  */
 public function handle($request, Closure $next, $value)
 {
     if (\Gate::denies($value)) {
         app()->abort(403, 'Missing permission \'' . $value . '\'');
     }
     return $next($request);
 }
Example #4
0
 public function handle($request, Closure $next, $permission)
 {
     if (\Gate::denies($permission)) {
         return redirect('')->with('message_error', trans('admin.no_permission'));
     }
     return $next($request);
 }
Example #5
0
 public function testBoot()
 {
     $this->assertTrue(Gate::forUser(factory(App\User::class)->make(['is_admin' => true]))->allows('self-destruct'));
     $this->assertFalse(Gate::forUser(factory(App\User::class)->make(['is_admin' => false]))->allows('self-destruct'));
     $this->assertTrue(Gate::forUser(factory(App\User::class)->make(['is_staff' => true]))->allows('use-tags'));
     $this->assertFalse(Gate::forUser(factory(App\User::class)->make(['is_staff' => false]))->allows('use-tags'));
     $this->assertTrue(Gate::forUser(factory(App\User::class)->make(['is_staff' => true]))->allows('isStaff'));
 }
Example #6
0
 /**
  * Show the form for editing the specified resource.
  *
  * @param  int  $id
  * @return \Illuminate\Http\Response
  */
 public function edit($id)
 {
     $applicant = Applicant::with('documents')->findOrFail($id);
     if (\Gate::denies('update', $applicant)) {
         return abort(403);
     }
     return view('applicants.edit', compact('applicant'));
 }
Example #7
0
 public function delete($id)
 {
     $customer = $this->customerRepository->getById($id);
     if (\Gate::denies('show', $customer)) {
         return $this->json->error('You Cannot View or Alter Someone\'s Customer ...');
     }
     $customer->delete();
     return $this->json->success('Customer Deleted Successfully ...');
 }
Example #8
0
 /**
  * Register any application authentication / authorization services.
  *
  * @param  \Illuminate\Contracts\Auth\Access\Gate  $gate
  * @return void
  */
 public function boot()
 {
     $this->registerPolicies();
     //GateContract $gate
     \Gate::define('update-widget-item', 'App\\Http\\Controllers\\UserController@ability');
     \Gate::define('edit-question', function ($user, $question) {
         return $user->id === $question->author_id;
     });
     //[0]['id']
 }
Example #9
0
 /**
  * Handle an incoming request.
  *
  * @param \Illuminate\Http\Request $request
  * @param \Closure                 $next
  *
  * @return mixed
  */
 public function handle($request, Closure $next)
 {
     if (\Gate::denies('app.admin.show')) {
         if ($request->ajax()) {
             return response('Forbidden.', 403);
         } else {
             return app()->abort(403, 'No permission to view backend');
         }
     }
     return $next($request);
 }
Example #10
0
 /**
  * Check if the logged in user can follow the specified user.
  *
  * @param  \Illuminate\Http\Request  $request
  * @param  \Closure  $next
  * @return mixed
  */
 public function handle($request, Closure $next)
 {
     $user = $request->route('users');
     if (\Gate::denies('can-follow', $user)) {
         if ($request->ajax()) {
             return response()->json(['message' => 'Забранет пристап'], 401);
         } else {
             return redirect(route('users.show', $user->slug))->withErrors(['error' => 'Забранет пристап']);
         }
     }
     return $next($request);
 }
Example #11
0
 /**
  * @inheritDoc
  */
 public function getSignal()
 {
     $signal = parent::getSignal();
     if (is_null($signal)) {
         $input = $this->source->getSignal();
         if (!is_null($input)) {
             $signal = SixteenBitMask::mask(~$input);
             $this->setSignal($signal);
         }
     }
     return $signal;
 }
Example #12
0
 /**
  * Check if the logged in user can remove the dislike
  * from the specified course.
  *
  * @param  \Illuminate\Http\Request  $request
  * @param  \Closure  $next
  * @return mixed
  */
 public function handle($request, Closure $next)
 {
     $course = $request->route('courses');
     if (\Gate::denies('remove-course-dislike', $course)) {
         if ($request->ajax()) {
             return response()->json(['message' => 'Забранет пристап'], 401);
         } else {
             return redirect(route('courses.show', $course->slug))->withErrors(['error' => 'Забранет пристап']);
         }
     }
     return $next($request);
 }
Example #13
0
 public function handle(Request $request, \Closure $next, $guard = null)
 {
     if (\Gate::denies('admin.access')) {
         if ($request->ajax()) {
             return response('Unauthorized.', 401, ['X-Redirect-Url' => route('admin.login')]);
         } elseif (\Auth::guard($guard)->check()) {
             return view('admin::auth.denied');
         } else {
             return redirect()->guest(route('admin.login'));
         }
     }
     return $next($request);
 }
Example #14
0
 public function index()
 {
     if (\Gate::allows('admin-check')) {
         $matches = $this->getMatches('A');
         $matches16 = $this->getMatches('B');
         $matches8 = $this->getMatches('C');
         $matches4 = $this->getMatches('D');
         $matches2 = $this->getMatches('E');
         $countrydropdown = $this->CountryDropdown();
         return view('Admin.index', ['matches' => $matches, 'matches16' => $matches16, 'matches8' => $matches8, 'matches4' => $matches4, 'matches2' => $matches2, 'countrydropdown' => $countrydropdown]);
     } else {
         return Redirect::action('HomeController@index');
     }
 }
Example #15
0
 function test_checks_for_access_using_the_access_handler_and_the_gate()
 {
     Auth::loginUsingId(1);
     Gate::define('update-post', function ($user, Post $post) {
         return $post->id === 1;
     });
     Gate::define('delete-post', function ($user) {
         return false;
     });
     // Having
     $items = array('view-post' => [], 'edit-post' => ['allows' => ['update-post', ':post']], 'review-post' => ['denies' => ['update-post', ':post']], 'delete-post' => ['allows' => 'delete-post']);
     // Expect
     $this->assertTemplate('menus/access-handler', Menu::make($items)->setParam('post', new Post(1))->render());
 }
Example #16
0
 public function index()
 {
     if (!\Gate::allows('admin-check')) {
         $matches = $this->getMatches('A');
         $matches16 = $this->getMatches('B');
         $matches8 = $this->getMatches('C');
         $matches4 = $this->getMatches('D');
         $matches2 = $this->getMatches('E');
         $ownscore = new ScoreClass();
         $totalscore = $ownscore->Scores(Auth::user()->id);
         return view('Game.index', ['matches' => $matches, 'matches16' => $matches16, 'matches8' => $matches8, 'matches4' => $matches4, 'matches2' => $matches2, 'totalscore' => $totalscore]);
     } else {
         return Redirect::action('AdminController@index');
     }
 }
Example #17
0
 /**
  * Register the application services.
  *
  * @return void
  */
 public function register()
 {
     $this->mergeConfigFrom(__DIR__ . '/../config/config.php', $this->packageName);
     \Gate::before(function ($user, $ability, $arguments) {
         $class = config($this->packageName . '.rbacClass');
         $rbac = new $class();
         return $rbac->checkPermission($user, $ability, $arguments);
     });
     $this->app->afterResolving('blade.compiler', function (BladeCompiler $bladeCompiler) {
         $bladeCompiler->directive('role', function ($roles) {
             return "<?php if(auth()->check() && in_array(auth()->user()->role, explode('|', {$roles}))): ?>";
         });
         $bladeCompiler->directive('endrole', function () {
             return '<?php endif; ?>';
         });
     });
 }
Example #18
0
 /**
  * Retrieve roles for authed user's user-role.
  *
  * @author Casper Rasmussen <*****@*****.**>
  *
  * @return array
  */
 public function getListUserLevel()
 {
     // Retrieve full list
     $list = $this->getList();
     // If user is developer, give the full list
     if (\Gate::allows('backend-developer')) {
         return $list;
     }
     // This means user is not developer, let's unset that option
     unset($list['developer']);
     if (\Gate::allows('backend-super-admin')) {
         return $list;
     }
     // This means user is not super-admin, let's unset that option
     unset($list['super-admin']);
     // If user is admin, we return the list
     if (\Gate::allows('backend-admin')) {
         return $list;
     }
     // If user is not even admin, that option should not be possible either
     unset($list['admin']);
     return $list;
 }
Example #19
0
 public function authorize()
 {
     return \Gate::allows('create', 'user');
 }
Example #20
0
 /**
  * @param FormRequestAbstract $request
  * @param bool                $usePartial
  *
  * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
  */
 public function indexUsersListBackEnd(FormRequestAbstract $request, $usePartial = false)
 {
     $name = $request->has('name') ? $request->get('name') : null;
     $email = $request->has('email') ? $request->get('email') : null;
     $roles = $request->has('roles') ? $request->get('roles') : null;
     $trashed = $request->has('trashed') ? $request->get('trashed') : null;
     $environments = $request->has('environments') ? $request->get('environments') : [];
     $this->setPresenter(new IndexUsersListPresenter());
     if (\Gate::denies('super-administrator')) {
         $environments = [\Environments::currentId()];
     }
     $this->filterEnvironments($environments);
     if (!is_null($name)) {
         $this->filterUserName($name);
     }
     if (!is_null($email)) {
         $this->filterEmail($email);
     }
     if (!is_null($roles)) {
         $this->filterRoles($roles);
     }
     if (!is_null($trashed)) {
         switch ($trashed) {
             case 'with_trashed':
                 $this->filterShowWithTrashed();
                 break;
             case 'only_trashed':
                 $this->filterShowOnlyTrashed();
                 break;
             default:
                 // Display active users only
         }
     }
     $users = $this->with(['environments', 'roles'])->paginate(\Settings::get('app.pagination'), ['users.id', 'users.first_name', 'users.last_name', 'users.email', 'users.deleted_at']);
     return cmsview($usePartial ? 'users.backend.users.chunks.index_tables' : 'users.backend.users.index', ['users' => $users, 'nb_users' => $this->count(), 'user_can_see_env' => true, 'is_role_management_allowed' => \Settings::get('users.is_role_management_allowed'), 'filters' => ['name' => $name, 'email' => $email, 'roles' => $roles, 'environments' => $environments]], 'users::');
 }
Example #21
0
 /**
  * 보이지 않는(보기 권한이 없는) 메뉴는 제외시킨다.
  *
  * @param \Xpressengine\Menu\Models\MenuItem $item menu item
  * @param \Xpressengine\Menu\Models\Menu     $menu menu
  *
  * @return null|\Xpressengine\Menu\Models\MenuItem
  */
 function removeInvisible($item, $menu)
 {
     // resolve item
     if (Gate::denies('visible', [$item, $menu])) {
         return null;
     }
     // resolve child menuitems of item
     $children = new \Illuminate\Support\Collection();
     foreach ($item['children'] as $child) {
         if ($new = removeInvisible($child, $menu)) {
             if ($new) {
                 $children[] = $new;
             }
         }
     }
     $item['children'] = $children;
     return $item;
 }
Example #22
0
        <h3><?php 
echo trans('boomcms::people-manager.groups-heading');
?>
</h3>
        <p><?php 
echo trans('boomcms::people-manager.groups');
?>
</p>

        <?php 
echo view('boomcms::people-manager.group-select');
?>
    </section>

    <?php 
if (Gate::allows('manageSites', Router::getActiveSite())) {
    ?>
        <section>
            <h3><?php 
    echo trans('boomcms::people-manager.sites-heading');
    ?>
</h3>
            <p><?php 
    echo trans('boomcms::people-manager.sites');
    ?>
</p>

            <select name="sites" multiple>
                <% for (var i in sites.models) { %>
                    <option value="<%= sites.models[i].getId() %>"<%= person.sites.get(sites.models[i].getId()) ? ' selected' : '' %>><%= sites.models[i].getName() %></option>
                <% } %>
Example #23
0
 public function store()
 {
     if (\Gate::denies('edit-songs')) {
         abort(403);
     }
     // Get input
     $title = \Input::get('title');
     $alternative = \Input::get('alternative');
     $author = \Input::get('author');
     $copyright = \Input::get('copyright');
     $lyrics = \Input::get('lyrics');
     // Save new song
     $song = new \Crockenhill\Song();
     $song->title = $title;
     $song->alternative_title = $alternative;
     $song->author = $author;
     $song->copyright = $copyright;
     $song->lyrics = $lyrics;
     $song->save();
     // Send user back to index
     return redirect('/members/songs')->with('message', '"' . \Input::get('title') . '" successfully uploaded!');
 }
Example #24
0
if (Gate::allows('edit', $page)) {
    ?>
            <button id="b-page-version-status" class="b-button" data-status="<?php 
    echo $page->getCurrentVersion()->status();
    ?>
">
                <?php 
    echo $page->getCurrentVersion()->status();
    ?>
            </button>
        <?php 
}
?>

		<?php 
if (Gate::allows('delete', $page)) {
    ?>
            <?php 
    if ($page->canBeDeleted()) {
        ?>
    			<?php 
        echo $button('trash-o', 'toolbar.delete', ['id' => 'b-page-delete']);
        ?>
            <?php 
    } else {
        ?>
                <?php 
        echo $button('trash-o', 'toolbar.nodelete', ['id' => 'b-page-delete', 'disabled' => 'disabled']);
        ?>
            <?php 
    }
Example #25
0
        Route::get('/curOrders', 'BossController@getCurrents');
        Route::get('/pastOrders', 'BossController@pastOrders');
        //Route::get('/pastOrdersDetails', 'UserController@pastOrdersDetails');
        Route::get('/newOrders', 'BossController@getNewOrders');
        Route::get('/newOrder/{id}', 'BossController@getNewOrder');
        // get new order details
        Route::post('/approveOrder', 'BossController@postApproveOrder');
        Route::get('/users', 'BossController@getUsers');
        Route::post('/user', 'BossController@postNewUser');
    });
    // accounting
    Route::group(['prefix' => 'accounting'], function () {
        Route::get('/', 'AccountingController@getProcessOrders');
        Route::get('/processOrders', 'AccountingController@getProcessOrders');
        //Route::get('/processOrderDetails', 'AccountingController@getProcessOrderDetails');
        //Route::post('/orderApprove', 'AccountingController@orderApprove');
        Route::get('/pastOrders', 'AccountingController@pastOrders');
        //Route::get('/pastOrdersDetails', 'UserController@pastOrdersDetails');
    });
    Route::get('/', function () {
        if (Gate::allows('isBoss')) {
            return redirect('/boss/curOrders');
        } elseif (Gate::allows('isAcc')) {
            return redirect('/accounting/processOrders');
        } elseif (Gate::allows('isUser')) {
            return redirect('/user/curOrder');
        } else {
            return redirect()->action('HomeController@index');
        }
    });
});
Example #26
0
 public static function post_request_success($request, $model, $item, $type = 'admin')
 {
     $node = \Solunes\Master\App\Node::where('name', $model)->first();
     if ($type == 'admin') {
         if (\Gate::denies('node-admin', ['item', $type, $node, $request->input('action'), $request->input('id')])) {
             return \Login::redirect_dashboard('no_permission');
         }
     }
     if ($type == 'admin') {
         $display_array = ['none'];
     } else {
         $display_array = ['item_admin', 'none'];
     }
     $total_ponderation = 0;
     $rejected_fields = ['title', 'content', 'child', 'subchild', 'field'];
     foreach ($node->fields()->whereNotIn('type', $rejected_fields)->whereNotIn('display_item', $display_array)->with('field_extras')->get() as $field) {
         $field_name = $field->name;
         $input = NULL;
         if ($request->has($field_name)) {
             $input = $request->input($field_name);
         }
         if ($input && $input != 0 && ($pond = $field->field_extras()->where('type', 'ponderation')->first())) {
             $total_ponderation = $total_ponderation + $pond->value;
         }
         $item = \FuncNode::put_data_field($item, $field, $input);
     }
     if ($total_ponderation > 0) {
         $item->total_ponderation = $total_ponderation;
     }
     $item->save();
     foreach ($node->fields()->whereIn('type', ['subchild', 'field'])->get() as $field) {
         if ($field->type == 'subchild') {
             $subfield_name = str_replace('_', '-', $field->value);
             $sub_node = \Solunes\Master\App\Node::where('name', $subfield_name)->first();
             $sub_node_table = $sub_node->table_name;
             AdminItem::post_subitems($sub_node, $field->name, 'parent_id', $item->id, $sub_node->fields()->where('display_item', '!=', 'none')->whereNotIn('name', ['id', 'parent_id'])->get());
             foreach ($node->fields()->where('child_table', $sub_node_table)->get() as $field_extra) {
                 $field_extra_name = $field_extra->name;
                 if ($field_extra_name == $sub_node_table . '_count') {
                     $subvalue = count($item->{$sub_node_table});
                 } else {
                     $field_extra_name_fixed = str_replace('_total', '', $field_extra_name);
                     $subvalue = 0;
                     foreach ($item->{$sub_node_table} as $sub_item) {
                         $subvalue += $sub_item->{$field_extra_name_fixed};
                     }
                 }
                 $item->{$field_extra_name} = $subvalue;
                 $item->save();
             }
         } else {
             $field_name = $field->name;
             if ($field->multiple) {
                 $item->{$field_name}()->sync($request->input($field_name));
             } else {
                 $item->{$field_name}()->sync([$request->input($field_name)]);
             }
         }
     }
     foreach ($node->indicators as $indicator) {
         $node_model = \FuncNode::node_check_model($node);
         $items = \FuncNode::node_check_model($node);
         $array = \AdminList::filter_node(['filter_category_id' => $indicator->id], $node, $node_model, $items, 'indicator');
         $items = $array['items'];
         if ($indicator->type == 'count') {
             $indicator_value = $items->count();
         } else {
             $indicator_value = $items->count();
         }
         if ($today_indicator = $indicator->indicator_values()->where('date', date('Y-m-d'))->first()) {
         } else {
             $today_indicator = new \Solunes\Master\App\IndicatorValue();
             $today_indicator->parent_id = $indicator->id;
             $today_indicator->date = date('Y-m-d');
         }
         $today_indicator->value = $indicator_value;
         $today_indicator->save();
     }
     \Asset::delete_temp();
     return $item;
 }
Example #27
0
 /**
  * Determine if the user is authorized to make this request.
  *
  * @return bool
  */
 public function authorize()
 {
     return \Gate::allows('create_role');
 }
Example #28
0
    $event->add('index', 'Dashboard', URL::route('home'), 1, 'dashboard');
    if (Gate::allows('edit_fieldtrips')) {
        $event->add('fieldtrip', 'Field Trips', 'javascript:void(0);', 5, 'desktop');
        $event->add('fieldtrip.current', 'Current', URL::route('fieldtrips.index'), 2, 'angle-right');
        $event->add('fieldtrip.create', 'New', URL::route('fieldtrips.create'), 3, 'angle-right');
    }
    $event->add('zone', 'Zones', URL::route('zones.index'), 20, 'pie-chart');
    $event->add('route', 'Routes', 'javascript:void(0);', 30, 'bus');
    $event->add('route.current', 'Current', URL::route('routes.index'), 31, 'angle-right');
    if (Gate::allows('create_routes')) {
        $event->add('route.create', 'New', URL::route('routes.create'), 32, 'angle-right');
    }
    if (Gate::allows('edit_users')) {
        $event->add('users', 'Users', 'javascript:void(0);', 500, 'users');
        $event->add('users.current', 'Current', URL::route('users.index'), 501, 'angle-right');
        $event->add('users.create', 'New', URL::route('users.create'), 502, 'angle-right');
        $event->add('users.roles', 'Roles', URL::route('roles.index'), 503, 'angle-right');
        $event->add('users.permissions', 'Permissions', URL::route('permissions.index'), 504, 'angle-right');
    }
    if (Gate::allows('edit_adjustments')) {
        $event->add('actuals', 'Adjustments', 'javascript:void(0);', 600, 'unsorted');
        $event->add('actuals.dates', 'Dates', URL::route('actuals.index'), 601, 'angle-right');
        $event->add('actuals.hours', 'Hours', URL::route('adjustments.index'), 602, 'angle-right');
    }
    if (Gate::allows('manage_reports')) {
        $event->add('reports', 'Reports', 'javascript:void(0);', 700, 'bug');
        $event->add('reports.overtime', 'OT Offered', URL::route('overtime'), 701, 'angle-right');
        $event->add('reports.calendar', 'Calendar', URL::route('calendar'), 702, 'angle-right');
    }
    $event->add('contacts', 'Contacts', URL::route('contacts'), 800, 'phone');
});
Example #29
0
 /**
  * Remove the specified resource from storage.
  *
  * @param  int  $id
  * @return Response
  */
 public function destroy($id)
 {
     if (\Gate::denies('edit-documents')) {
         abort(403);
     }
     //
 }
Example #30
0
 public function destroy($slug)
 {
     if (\Gate::denies('edit-pages')) {
         abort(403);
     }
     $page = \Crockenhill\Page::where('slug', $slug)->first();
     $page->delete();
     return redirect('/members/pages')->with('message', 'Page successfully deleted!');
 }