/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @param $value * * @return mixed */ public function handle($request, Closure $next, $value) { if (\Gate::denies($value)) { app()->abort(403, 'Missing permission \'' . $value . '\''); } return $next($request); }
public function handle($request, Closure $next, $permission) { if (\Gate::denies($permission)) { return redirect('')->with('message_error', trans('admin.no_permission')); } return $next($request); }
/** * Update the specified resource in storage. * * @param \Illuminate\Http\Request $request * @param int $id * @return \Illuminate\Http\Response */ public function update(Request $request, $id) { try { $user = User::findOrFail($id); if (\Gate::denies('user.edit', $user)) { return abort(403); } } catch (ModelNotFoundException $e) { return abort(404); } // обновляем профиль пользователя $user->fill($request->all())->save(); // Удаляем все присвоенные роли у пользователя $user->roles()->detach(); // если иммеются назнаеченные роли if (count($request->input('roles'))) { // для оптимизации запросов выполняем добавление ролей в одну транзакцию \DB::transaction(function () use($request, $user) { foreach ($request->input('roles') as $role_id) { $user->roles()->attach($role_id); } }); } return redirect()->route('user.index'); }
/** * Show the form for editing the specified resource. * * @param int $id * @return \Illuminate\Http\Response */ public function edit($id) { $applicant = Applicant::with('documents')->findOrFail($id); if (\Gate::denies('update', $applicant)) { return abort(403); } return view('applicants.edit', compact('applicant')); }
public function delete($id) { $customer = $this->customerRepository->getById($id); if (\Gate::denies('show', $customer)) { return $this->json->error('You Cannot View or Alter Someone\'s Customer ...'); } $customer->delete(); return $this->json->success('Customer Deleted Successfully ...'); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * * @return mixed */ public function handle($request, Closure $next) { if (\Gate::denies('app.admin.show')) { if ($request->ajax()) { return response('Forbidden.', 403); } else { return app()->abort(403, 'No permission to view backend'); } } return $next($request); }
/** * Check if the logged in user can follow the specified user. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $user = $request->route('users'); if (\Gate::denies('can-follow', $user)) { if ($request->ajax()) { return response()->json(['message' => 'Забранет пристап'], 401); } else { return redirect(route('users.show', $user->slug))->withErrors(['error' => 'Забранет пристап']); } } return $next($request); }
/** * Check if the logged in user can remove the dislike * from the specified course. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $course = $request->route('courses'); if (\Gate::denies('remove-course-dislike', $course)) { if ($request->ajax()) { return response()->json(['message' => 'Забранет пристап'], 401); } else { return redirect(route('courses.show', $course->slug))->withErrors(['error' => 'Забранет пристап']); } } return $next($request); }
public function handle(Request $request, \Closure $next, $guard = null) { if (\Gate::denies('admin.access')) { if ($request->ajax()) { return response('Unauthorized.', 401, ['X-Redirect-Url' => route('admin.login')]); } elseif (\Auth::guard($guard)->check()) { return view('admin::auth.denied'); } else { return redirect()->guest(route('admin.login')); } } return $next($request); }
public function storePermission(Request $request, WidgetBoxHandler $handler, $id) { if (\Gate::denies('edit', new Instance('widgetbox.' . $id))) { throw new AccessDeniedHttpException(); } $this->permissionRegister($request, 'widgetbox.' . $id, ['edit']); return XePresenter::makeApi(['type' => 'success', 'message' => '권한을 저장했습니다.']); }
/** * @param FormRequestAbstract $request * @param bool $usePartial * * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View */ public function indexUsersListBackEnd(FormRequestAbstract $request, $usePartial = false) { $name = $request->has('name') ? $request->get('name') : null; $email = $request->has('email') ? $request->get('email') : null; $roles = $request->has('roles') ? $request->get('roles') : null; $trashed = $request->has('trashed') ? $request->get('trashed') : null; $environments = $request->has('environments') ? $request->get('environments') : []; $this->setPresenter(new IndexUsersListPresenter()); if (\Gate::denies('super-administrator')) { $environments = [\Environments::currentId()]; } $this->filterEnvironments($environments); if (!is_null($name)) { $this->filterUserName($name); } if (!is_null($email)) { $this->filterEmail($email); } if (!is_null($roles)) { $this->filterRoles($roles); } if (!is_null($trashed)) { switch ($trashed) { case 'with_trashed': $this->filterShowWithTrashed(); break; case 'only_trashed': $this->filterShowOnlyTrashed(); break; default: // Display active users only } } $users = $this->with(['environments', 'roles'])->paginate(\Settings::get('app.pagination'), ['users.id', 'users.first_name', 'users.last_name', 'users.email', 'users.deleted_at']); return cmsview($usePartial ? 'users.backend.users.chunks.index_tables' : 'users.backend.users.index', ['users' => $users, 'nb_users' => $this->count(), 'user_can_see_env' => true, 'is_role_management_allowed' => \Settings::get('users.is_role_management_allowed'), 'filters' => ['name' => $name, 'email' => $email, 'roles' => $roles, 'environments' => $environments]], 'users::'); }
/** * 보이지 않는(보기 권한이 없는) 메뉴는 제외시킨다. * * @param \Xpressengine\Menu\Models\MenuItem $item menu item * @param \Xpressengine\Menu\Models\Menu $menu menu * * @return null|\Xpressengine\Menu\Models\MenuItem */ function removeInvisible($item, $menu) { // resolve item if (Gate::denies('visible', [$item, $menu])) { return null; } // resolve child menuitems of item $children = new \Illuminate\Support\Collection(); foreach ($item['children'] as $child) { if ($new = removeInvisible($child, $menu)) { if ($new) { $children[] = $new; } } } $item['children'] = $children; return $item; }
/** * Remove the specified resource from storage. * * @param int $id * @return Response */ public function destroy($id) { $group = Group::findOrFail($id); if (Gate::denies('destroy-group', $event, $group)) { abort(403); } $group->delete(); return response()->json("ok"); }
public function destroy($slug) { if (\Gate::denies('edit-pages')) { abort(403); } $page = \Crockenhill\Page::where('slug', $slug)->first(); $page->delete(); return redirect('/members/pages')->with('message', 'Page successfully deleted!'); }
/** * Not used !! * Determine if the user is authorized to make this request. * * @return bool */ public function authorize(Request $request) { $order = $this->order->getUserOrder($request); return Gate::denies('view-resource', $order); }
public function detailEvaluation($id_user, $id_evaluador) { if (\Gate::denies('ver-evaluacion', $id_user)) { $mensaje = "Acceso no autorizado, tu solo puedes acceder a tus evaluaciones"; \Session::flash('alerta', $mensaje); return redirect()->route('estudiante.index'); } $user = Evaluation::where('evaluations.id_user', $id_user)->where('evaluations.id_evaluador', $id_evaluador)->select('users.*', 'evaluations.*', 'carreras.*', 'universidades.*', 'projects.autor2', 'projects.cedula2', 'projects.tutor', 'projects.cedulatutor')->join('users', 'users.id', '=', 'evaluations.id_user')->join('projects', 'projects.id_user', '=', 'users.id')->join('carreras', 'carreras.id', '=', 'users.id_carrera')->join('universidades', 'universidades.id', '=', 'carreras.id_universidad')->first(); $evaluador = Evaluation::where('id_user', $id_user)->where('id_evaluador', $id_evaluador)->select('users.*', 'carreras.*', 'universidades.*')->join('users', 'users.id', '=', 'evaluations.id_evaluador')->join('carreras', 'carreras.id', '=', 'users.id_carrera')->join('universidades', 'universidades.id', '=', 'carreras.id_universidad')->first(); $formevaluacion = EvaluacionForm::where('id_carrera', $user->id_carrera)->first(); $evaluacion = Evaluation::where('id_user', $id_user)->where('id_evaluador', $id_evaluador)->select('evaluations.*')->first(); return view('estudianteviews.evaluaciondetalle', ['user' => $user, 'evaluador' => $evaluador, 'formevaluacion' => $formevaluacion, 'evaluacion' => $evaluacion]); }
public static function get_list($object, $single_model, $extra = []) { $module = $object->module; $node = \Solunes\Master\App\Node::where('name', $single_model)->first(); $model = \FuncNode::node_check_model($node); if (\Gate::denies('node-admin', ['list', $module, $node, 'list'])) { return \Login::redirect_dashboard('no_permission'); } $array = ['module' => $module, 'node' => $node, 'model' => $single_model, 'i' => NULL, 'filter_category' => 'admin', 'filter_category_id' => '0', 'filter_type' => 'field', 'filter_node' => $node->name, 'dt' => 'form', 'id' => NULL, 'parent' => NULL, 'action_fields' => ['create', 'edit', 'delete']]; if ($action_field = $node->node_extras()->where('type', 'action_field')->first()) { $array['action_fields'] = json_decode($action_field->value_array, true); } if (request()->has('parent_id')) { $id = request()->input('parent_id'); $array['id'] = $id; $items = $model->whereHas('parent', function ($q) use($id) { $q->where('id', $id); }); } else { $items = $model->whereNotNull('id'); } if ($node) { if ($node->soft_delete == 1 && request()->has('view-trash') && request()->input('view-trash') == 'true') { $items->onlyTrashed(); } if ($node->translation) { $items->with('translations'); } if ($node->parent) { $array['parent'] = $node->parent->name; } if (request()->has('download-excel')) { $display_fields = ['show', 'excel']; } else { $display_fields = ['show']; } $array['fields'] = $node->fields()->whereIn('display_list', $display_fields)->where('type', '!=', 'field')->with('translations')->get(); $relation_fields = $node->fields()->whereIn('display_list', $display_fields)->where('type', 'relation')->get(); if (count($relation_fields) > 0) { foreach ($relation_fields as $relation) { $sub_node = \Solunes\Master\App\Node::where('name', str_replace('_', '-', $relation->value))->first(); if ($sub_node->translation) { $items = $items->with([$relation->trans_name, $relation->trans_name . '.translations']); } else { $items = $items->with($relation->trans_name); } } } } $array = \AdminList::filter_node($array, $node, $model, $items, 'admin'); $items = $array['items']; $graphs = $node->node_extras()->whereIn('type', ['graph', 'parent_graph'])->get(); $array = \AdminList::graph_node($array, $node, $model, $items, $graphs); $items_relations = $node->fields()->where('name', '!=', 'parent_id')->whereIn('type', ['relation', 'child', 'subchild'])->get(); if (count($items_relations) > 0) { foreach ($items_relations as $item_relation) { $items->with($item_relation->trans_name); } } $array['items'] = $items->get(); if ($node->translation == 1) { $array['langs'] = \Solunes\Master\App\Language::get(); } else { $array['langs'] = []; } if (request()->has('download-excel')) { return AdminList::generate_query_excel($array); } else { return view('master::list.general-list', $array); } }
public static function post_request_success($request, $model, $item, $type = 'admin') { $node = \Solunes\Master\App\Node::where('name', $model)->first(); if ($type == 'admin') { if (\Gate::denies('node-admin', ['item', $type, $node, $request->input('action'), $request->input('id')])) { return \Login::redirect_dashboard('no_permission'); } } if ($type == 'admin') { $display_array = ['none']; } else { $display_array = ['item_admin', 'none']; } $total_ponderation = 0; $rejected_fields = ['title', 'content', 'child', 'subchild', 'field']; foreach ($node->fields()->whereNotIn('type', $rejected_fields)->whereNotIn('display_item', $display_array)->with('field_extras')->get() as $field) { $field_name = $field->name; $input = NULL; if ($request->has($field_name)) { $input = $request->input($field_name); } if ($input && $input != 0 && ($pond = $field->field_extras()->where('type', 'ponderation')->first())) { $total_ponderation = $total_ponderation + $pond->value; } $item = \FuncNode::put_data_field($item, $field, $input); } if ($total_ponderation > 0) { $item->total_ponderation = $total_ponderation; } $item->save(); foreach ($node->fields()->whereIn('type', ['subchild', 'field'])->get() as $field) { if ($field->type == 'subchild') { $subfield_name = str_replace('_', '-', $field->value); $sub_node = \Solunes\Master\App\Node::where('name', $subfield_name)->first(); $sub_node_table = $sub_node->table_name; AdminItem::post_subitems($sub_node, $field->name, 'parent_id', $item->id, $sub_node->fields()->where('display_item', '!=', 'none')->whereNotIn('name', ['id', 'parent_id'])->get()); foreach ($node->fields()->where('child_table', $sub_node_table)->get() as $field_extra) { $field_extra_name = $field_extra->name; if ($field_extra_name == $sub_node_table . '_count') { $subvalue = count($item->{$sub_node_table}); } else { $field_extra_name_fixed = str_replace('_total', '', $field_extra_name); $subvalue = 0; foreach ($item->{$sub_node_table} as $sub_item) { $subvalue += $sub_item->{$field_extra_name_fixed}; } } $item->{$field_extra_name} = $subvalue; $item->save(); } } else { $field_name = $field->name; if ($field->multiple) { $item->{$field_name}()->sync($request->input($field_name)); } else { $item->{$field_name}()->sync([$request->input($field_name)]); } } } foreach ($node->indicators as $indicator) { $node_model = \FuncNode::node_check_model($node); $items = \FuncNode::node_check_model($node); $array = \AdminList::filter_node(['filter_category_id' => $indicator->id], $node, $node_model, $items, 'indicator'); $items = $array['items']; if ($indicator->type == 'count') { $indicator_value = $items->count(); } else { $indicator_value = $items->count(); } if ($today_indicator = $indicator->indicator_values()->where('date', date('Y-m-d'))->first()) { } else { $today_indicator = new \Solunes\Master\App\IndicatorValue(); $today_indicator->parent_id = $indicator->id; $today_indicator->date = date('Y-m-d'); } $today_indicator->value = $indicator_value; $today_indicator->save(); } \Asset::delete_temp(); return $item; }
// .env APP_ENV APP_DEBUG DB_* // bootstrap/app.php AuthServiceProvider, $app->withFacades(), $app->routeMiddleware(), $app->withEloquent() // ExampleEvent ExampleListener EventServiceProvider // ExampleTest.php phpunit // database/factories/ModelFactory.php Gate::define('update-post', function ($user, $post) { return $user->id === $post->user_id; }); $this->app['auth']->viaRequest('api', function ($request) { $user = Auth::user(); // Return User or null... }); if (Gate::allows('update-post', $post)) { // } if (Gate::denies('update-post', $post)) { abort(403); } $app->group(['middleware' => 'role:editor', 'namespace' => 'App\\Http\\Controllers\\Admin', 'prefix' => 'admin'], function () use($app) { $app->get('/', ['middleware' => 'auth', 'uses' => 'UserController@showProfile']); }); function update(Request $request, $id) { $this->validate($request, ['name' => 'required', 'email' => 'required|email|unique:users']); event(new ExampleEvent()); $name = $request->input('name', 'default_val'); $uri = $request->path(); $uri = $request->has('name'); $foo = $request->is('admin\\*'); $foo = $request->isMethod('post'); $url = $request->url();
public function store() { if (\Gate::denies('edit-songs')) { abort(403); } // Get input $title = \Input::get('title'); $alternative = \Input::get('alternative'); $author = \Input::get('author'); $copyright = \Input::get('copyright'); $lyrics = \Input::get('lyrics'); // Save new song $song = new \Crockenhill\Song(); $song->title = $title; $song->alternative_title = $alternative; $song->author = $author; $song->copyright = $copyright; $song->lyrics = $lyrics; $song->save(); // Send user back to index return redirect('/members/songs')->with('message', '"' . \Input::get('title') . '" successfully uploaded!'); }
public function getTestDokumen() { $dokumen = Dokumen::where("id", 1)->firstOrFail(); if (\Gate::denies('view-dokumen', $dokumen)) { abort(404); } echo "string"; }
/** * Remove the specified resource from storage. * * @param int $id * @return Response */ public function destroy($id) { if (\Gate::denies('edit-documents')) { abort(403); } // }
/** * Remove the specified resource from storage. * * @param int $id * @return Response */ public function destroy($year, $month, $slug) { if (\Gate::denies('edit-sermons')) { abort(403); } $sermon = \Crockenhill\Sermon::where('slug', $slug)->whereBetween('date', array($year . '-' . $month . '-01', $year . '-' . $month . '-31'))->first(); $sermon->delete(); return redirect('sermons')->with('message', 'Sermon successfully deleted!'); }