/** * Authorize the page. * * @param PageInterface $page */ public function authorize(PageInterface $page) { /* @var UserInterface $user */ $user = $this->guard->user(); /** * If the page is not enabled and we * are not logged in then 404. */ if (!$page->isEnabled() && !$user) { abort(404); } /** * If the page is not enabled and we are * logged in then make sure we have permission. */ if (!$page->isEnabled()) { $this->authorizer->authorize('anomaly.module.pages::view_drafts'); } /** * If the page is restricted to specific * roles then make sure our user is one of them. */ $allowed = $page->getAllowedRoles(); if (!$allowed->isEmpty() && (!$user || !$user->hasAnyRole($allowed))) { $page->setResponse($this->response->redirectTo('login')); } }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return void|mixed */ public function handle(Request $request, Closure $next) { if (!$this->app->isDownForMaintenance()) { return $next($request); } if ($request->segment(1) == 'admin') { return $next($request); } if (in_array($request->getClientIp(), $this->config->get('streams::maintenance.ip_whitelist', []))) { return $next($request); } /* @var UserInterface $user */ $user = $this->guard->user(); if ($user && $user->isAdmin()) { return $next($request); } if ($user && $this->authorizer->authorize('streams::maintenance.access')) { return $next($request); } if (!$user && $this->config->get('streams::maintenance.auth')) { /* @var Response|null $response */ $response = $this->guard->onceBasic(); if (!$response) { return $next($request); } $response->setContent(view('streams::errors.401')); return $response; } abort(503); }
/** * Authorize the post. * * @param PostInterface $post */ public function authorize(PostInterface $post) { if (!$post->isEnabled() && !$this->guard->user()) { abort(404); } $this->authorizer->authorize('anomaly.module.posts::view_drafts'); }
/** * Authorize the table. * * @param TableBuilder $builder */ public function authorize(TableBuilder $builder) { // Try the option first. $permission = $builder->getTableOption('permission'); if ($permission && !$this->authorizer->authorize($permission)) { abort(403); } }
/** * Activate the chosen theme. * * @param SettingRepositoryInterface $settings * @param Authorizer $authorizer * @param $namespace * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector */ public function activate(SettingRepositoryInterface $settings, Authorizer $authorizer, $namespace) { if (!$authorizer->authorize('anomaly.module.appearance::admin_theme.change')) { $this->messages->error('streams::message.access_denied'); return $this->redirect->to('admin/appearance/admin'); } $settings->set('streams::admin_theme', $namespace); return redirect('admin/appearance'); }
/** * Guess the HREF for a button. * * @param TableBuilder $builder */ public function guess(TableBuilder $builder) { $buttons = $builder->getButtons(); foreach ($buttons as &$button) { if (isset($button['permission']) && !$this->authorizer->authorize($button['permission'])) { $button['enabled'] = false; } } $builder->setButtons($buttons); }
/** * Check the authorization of module access. * * @param Request $request * @param \Closure $next * @return mixed */ public function handle(Request $request, Closure $next) { if ($request->segment(1) !== 'admin') { return $next($request); } if (!$this->authorizer->authorize('streams::control_panel.access')) { abort(403); } return $next($request); }
/** * Check the authorization of module access. * * @param Request $request * @param \Closure $next * @return mixed */ public function handle(Request $request, Closure $next) { if ($request->segment(1) !== 'admin' || in_array($request->path(), ['admin/login', 'admin/logout'])) { return $next($request); } if (!$this->authorizer->authorize('streams::control_panel.access')) { abort(403); } return $next($request); }
/** * Check the authorization of module access. * * @param Request $request * @param \Closure $next * @return mixed */ public function handle(Request $request, Closure $next) { if ($request->segment(1) !== 'admin' || in_array($request->path(), ['admin/login', 'admin/logout'])) { return $next($request); } $module = $this->modules->active(); if ($module && !$this->authorizer->authorize($module->getNamespace('*'))) { abort(403); } return $next($request); }
/** * Build the sections and push them to the control_panel. * * @param ControlPanelBuilder $builder */ public function build(ControlPanelBuilder $builder) { $controlPanel = $builder->getControlPanel(); $this->input->read($builder); foreach ($builder->getSections() as $section) { if (!$this->authorizer->authorize($section['permission'])) { continue; } $controlPanel->addSection($this->factory->make($section)); } }
/** * Authorize the table. * * @param FormBuilder $builder */ public function authorize(FormBuilder $builder) { // Try the option first. $permission = $builder->getFormOption('permission'); if ($permission === false) { return; } if (!env('INSTALLED')) { return; } if ($permission && !$this->authorizer->authorizeAny((array) $permission)) { abort(403); } }
/** * Authorize the tree. * * @param TreeBuilder $builder */ public function authorize(TreeBuilder $builder) { // Try the option first. $permission = $builder->getTreeOption('permission'); /* * If the option is not set then * try and automate the permission. */ if (!$permission && ($module = $this->modules->active()) && ($stream = $builder->getTreeStream())) { $permission = $module->getNamespace($stream->getSlug() . '.read'); } if (!$this->authorizer->authorize($permission)) { abort(403); } }
/** * Export all entries. * * @param $addon * @param $namespace * @param $stream * @return \Illuminate\Http\RedirectResponse */ public function export($addon, $namespace, $stream) { $addon = $this->addons->get($addon); /* @var StreamInterface $stream */ $stream = $this->streams->findBySlugAndNamespace($stream, $namespace); /* * Resolve the model and set * it on the repository. */ $this->repository->setModel($this->container->make($stream->getEntryModelName())); if (!$this->authorizer->authorize($addon->getNamespace($stream->getSlug() . '.export'))) { abort(403); } $headers = ['Content-Disposition' => 'attachment; filename=' . $stream->getSlug() . '.csv', 'Cache-Control' => 'must-revalidate, post-check=0, pre-check=0', 'Content-type' => 'text/csv', 'Pragma' => 'public', 'Expires' => '0']; $callback = function () { $output = fopen('php://output', 'w'); foreach ($this->repository->all() as $k => $entry) { if ($k == 0) { fputcsv($output, array_keys($entry->toArray())); } fputcsv($output, $entry->toArray()); } fclose($output); }; return $this->response->stream($callback, 200, $headers); }
/** * Make a button. * * @param array $parameters * @return ButtonInterface */ public function make(array $parameters) { $button = array_get($parameters, 'button'); if ($button && ($registered = $this->buttons->get($button))) { $parameters = array_replace_recursive($registered, array_except($parameters, 'button')); } $parameters = $this->translator->translate($parameters); if (!array_get($parameters, 'button') || !class_exists(array_get($parameters, 'button'))) { array_set($parameters, 'button', $this->button); } /* @var ButtonInterface $button */ $button = app()->make(array_get($parameters, 'button'), $parameters); $this->hydrator->hydrate($button, $parameters); if (($permission = $button->getPermission()) && !$this->authorizer->authorize($permission)) { $button->setEnabled(false); } return $button; }
/** * Handle the command. * * @param Request $request * @param Authorizer $authorizer * @param BreadcrumbCollection $breadcrumbs */ public function handle(Request $request, Authorizer $authorizer, BreadcrumbCollection $breadcrumbs) { $links = $this->builder->getControlPanelNavigation(); /** * If we already have an active link * then we don't need to do this. */ if ($active = $links->active()) { return; } /* @var NavigationLinkInterface $link */ foreach ($links as $link) { /** * Get the HREF for both the active * and loop iteration link. */ $href = array_get($link->getAttributes(), 'data-href', array_get($link->getAttributes(), 'href')); $activeHref = ''; if ($active && $active instanceof NavigationLinkInterface) { $activeHref = array_get($active->getAttributes(), 'data-href', array_get($active->getAttributes(), 'href')); } /** * If the request URL does not even * contain the HREF then skip it. */ if (!str_contains($request->url(), $href)) { continue; } /** * Compare the length of the active HREF * and loop iteration HREF. The longer the * HREF the more detailed and exact it is and * the more likely it is the active HREF and * therefore the active link. */ $hrefLength = strlen($href); $activeHrefLength = strlen($activeHref); if ($hrefLength > $activeHrefLength) { $active = $link; } } // No active link! if (!$active) { return; } // Active navigation link! $active->setActive(true); // Authorize the active link. if (!$authorizer->authorize($active->getPermission())) { abort(403); } // Add the bread crumb. if (($breadcrumb = $active->getBreadcrumb()) !== false) { $breadcrumbs->put($breadcrumb ?: $active->getTitle(), $active->getHref()); } }
/** * Check the authorization of module access. * * @param Request $request * @param \Closure $next * @return \Illuminate\Http\RedirectResponse */ public function handle(Request $request, Closure $next) { if (in_array($request->path(), ['admin/login', 'admin/logout'])) { return $next($request); } if ($request->segment(1) == 'admin' && !$this->authorizer->authorize('anomaly.module.users::general.control_panel')) { abort(403); } if (!$this->authorizer->authorize(array_get($this->route->getAction(), 'anomaly.module.users::permission'))) { if ($message = array_get($this->route->getAction(), 'anomaly.module.users::message')) { $this->messages->error($message); } if ($redirect = array_get($this->route->getAction(), 'anomaly.module.users::redirect')) { return $this->redirect->to($redirect); } abort(403); } return $next($request); }
/** * Authorize the page. * * @param PageInterface $page */ public function authorize(PageInterface $page) { /* @var UserInterface $user */ $user = $this->guard->user(); /** * If the page is not enabled and we * are not logged in then 404. */ if (!$page->isEnabled() && !$user) { abort(404); } /** * If the page is not enabled and we are * logged in then make sure we have permission. */ if (!$page->isEnabled() && !$this->authorizer->authorize('anomaly.module.pages::view_drafts')) { abort(403); } /** * If the page is restricted to specific * roles then make sure our user is one of them. */ $allowed = $page->getAllowedRoles(); /** * If there is a guest role and * there IS a user then this * page can NOT display. */ if ($allowed->has('guest') && $user && !$user->isAdmin()) { abort(403); } // No longer needed. $allowed->forget('guest'); /** * Check the roles against the * user if there are any. */ if (!$allowed->isEmpty() && (!$user || !$user->hasAnyRole($allowed) && !$user->isAdmin())) { $page->setResponse($this->response->redirectGuest('login')); } }
/** * Execute an action. * * @param TableBuilder $builder * @param ActionInterface $action * @throws \Exception */ public function execute(TableBuilder $builder, ActionInterface $action) { $options = $builder->getTableOptions(); $handler = $action->getHandler(); // Self handling implies @handle if (is_string($handler) && !str_contains($handler, '@')) { $handler .= '@handle'; } /* * Authorize the action. */ if (!$this->authorizer->authorize($action->getPermission())) { $this->messages->error('streams::message.403'); return; } /* * Get the IDs of the selected rows. */ $selected = $this->request->get($options->get('prefix') . 'id', []); /* * If the handler is a callable string or Closure * then call it using the IoC container. */ if (is_string($handler) || $handler instanceof \Closure) { if (is_string($handler) && class_exists($handler)) { $handler .= '@handle'; } app()->call($handler, compact('builder', 'selected')); return; } /* * If the handle is an instance of ActionHandlerInterface * simply call the handle method on it. */ if ($handler instanceof ActionHandlerInterface) { $handler->handle($builder, $selected); return; } throw new \Exception('Action $handler must be a callable string, Closure or ActionHandlerInterface.'); }
/** * Delete a link and go back. * * @param LinkRepositoryInterface $links * @param Authorizer $authorizer * @param $id * @return \Illuminate\Http\RedirectResponse */ public function delete(LinkRepositoryInterface $links, Authorizer $authorizer, $id) { if (!$authorizer->authorize('anomaly.module.navigation::links.delete')) { $this->messages->error('streams::message.access_denied'); return $this->redirect->back(); } /** * Force delete until we get * views into the tree UI. */ $links->forceDelete($links->find($id)); return $this->redirect->back(); }
/** * Delete a category. * * @param CategoryRepositoryInterface $categories * @param Authorizer $authorizer * @param $id * @return \Illuminate\Http\RedirectResponse */ public function delete(CategoryRepositoryInterface $categories, Authorizer $authorizer, $id) { $authorizer->authorize('anomaly.module.posts::categories.delete'); $categories->delete($categories->find($id)); return redirect()->back(); }
/** * Handle the command. * * @param Authorizer $authorizer * @return bool */ public function handle(Authorizer $authorizer) { return $authorizer->authorize('anomaly.module.dashboard::dashboard.write'); }
/** * Delete a link and go back. * * @param LinkRepositoryInterface $links * @param Authorizer $authorizer * @param $id * @return \Illuminate\Http\RedirectResponse */ public function delete(LinkRepositoryInterface $links, Authorizer $authorizer, $id) { if (!$authorizer->authorize('anomaly.module.navigation::links.delete')) { $this->messages->error('streams::message.access_denied'); return $this->redirect->back(); } $links->delete($links->find($id)); return $this->redirect->back(); }
/** * Delete a page and go back. * * @param PageRepositoryInterface $pages * @param Authorizer $authorizer * @param $id * @return \Illuminate\Http\RedirectResponse */ public function delete(PageRepositoryInterface $pages, Authorizer $authorizer, $id) { $authorizer->authorize('anomaly.module.pages::pages.delete'); $pages->delete($page = $pages->find($id)); $page->entry->delete(); return redirect()->back(); }
/** * Handle the command. * * @param Request $request * @param Authorizer $authorizer * @param BreadcrumbCollection $breadcrumbs */ public function handle(Request $request, Authorizer $authorizer, BreadcrumbCollection $breadcrumbs) { $controlPanel = $this->builder->getControlPanel(); $sections = $controlPanel->getSections(); /* * If we already have an active section * then we don't need to do this. */ if ($active = $sections->active()) { return; } /* @var SectionInterface $section */ foreach ($sections as $section) { if (($matcher = $section->getMatcher()) && str_is($matcher, $request->path())) { $active = $section; } /* * Get the HREF for both the active * and loop iteration section. */ $href = $section->getPermalink() ?: array_get($section->getAttributes(), 'href'); $activeHref = ''; if ($active && $active instanceof SectionInterface) { $activeHref = $active->getPermalink() ?: array_get($active->getAttributes(), 'href'); } /* * If the request URL does not even * contain the HREF then skip it. */ if (!str_contains($request->url(), $href)) { continue; } /* * Compare the length of the active HREF * and loop iteration HREF. The longer the * HREF the more detailed and exact it is and * the more likely it is the active HREF and * therefore the active section. */ $hrefLength = strlen($href); $activeHrefLength = strlen($activeHref); if ($hrefLength > $activeHrefLength) { $active = $section; } } /** * If we have an active section determined * then mark it as such. * * @var SectionInterface $active * @var SectionInterface $section */ if ($active) { if ($active->getParent()) { $active->setActive(true); $section = $sections->get($active->getParent(), $sections->first()); $section->setHighlighted(true); $breadcrumbs->put($section->getBreadcrumb() ?: $section->getTitle(), $section->getHref()); } else { $active->setActive(true)->setHighlighted(true); } } elseif ($active = $sections->first()) { $active->setActive(true)->setHighlighted(true); } // No active section! if (!$active) { return; } // Authorize the active section. if (!$authorizer->authorize($active->getPermission())) { abort(403); } // Add the bread crumb. if (($breadcrumb = $active->getBreadcrumb()) !== false) { $breadcrumbs->put($breadcrumb ?: $active->getTitle(), $active->getHref()); } }
/** * Delete a post and go back. * * @param PostRepositoryInterface $posts * @param Authorizer $authorizer * @param $id * @return \Illuminate\Http\RedirectResponse */ public function delete(PostRepositoryInterface $posts, Authorizer $authorizer, $id) { $authorizer->authorize('anomaly.module.posts::posts.delete'); $posts->delete($posts->find($id)); return redirect()->back(); }
/** * Handle the command. * * @param RoleRepositoryInterface $roles * @param Authorizer $authorizer */ public function handle(RoleRepositoryInterface $roles, Authorizer $authorizer) { if ($guest = $roles->findBySlug('guest')) { $authorizer->setGuest($guest); } }