DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-11-09 23:24:06 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Set up permissions gates

Browse source 
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe 2023-12-15 15:45:08 +00:00
parent 2427cb787b
commit 32672e80dd
6 changed files with 65 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
app/Http/Controllers/Api/UsersController.php
View file

@ -20,6 +20,7 @@ use App\Notifications\CurrentInventory;
use Auth;
use Illuminate\Http\Request;
use App\Http\Requests\ImageUploadRequest;
use Illuminate\Support\Facades\Gate;
use Illuminate\Support\Facades\Storage;
use Illuminate\Support\Facades\Validator;
@ -355,6 +356,9 @@ class UsersController extends Controller
$user->fill($request->all());
$user->created_by = Auth::user()->id;
if (Gate::allows('users.permissions', $user)) {
\Log::debug('This user can edit permissions');
if ($request->has('permissions')) {
$permissions_array = $request->input('permissions');
@ -364,6 +368,7 @@ class UsersController extends Controller
}
$user->permissions = $permissions_array;
}
}
//
if ($request->filled('password')) {
@ -446,6 +451,7 @@ class UsersController extends Controller
// We need to use has() instead of filled()
// here because we need to overwrite permissions
// if someone needs to null them out
if (Gate::allows('users.permissions', Asset::class)) {
if ($request->has('permissions')) {
$permissions_array = $request->input('permissions');
@ -455,7 +461,7 @@ class UsersController extends Controller
}
$user->permissions = $permissions_array;
}
}
// Update the location of any assets checked out to this user

26
app/Http/Controllers/Users/UsersController.php
View file

@ -17,6 +17,7 @@ use App\Notifications\WelcomeNotification;
use Auth;
use Illuminate\Database\Eloquent\ModelNotFoundException;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Gate;
use Illuminate\Support\Facades\Password;
use Input;
use Redirect;
@ -122,13 +123,20 @@ class UsersController extends Controller
$user->end_date = $request->input('end_date', null);
$user->autoassign_licenses = $request->input('autoassign_licenses', 0);
// Strip out the superuser permission if the user isn't a superadmin
$permissions_array = $request->input('permission');
if (Gate::allows('users.permissions', $user)) {
\Log::debug('This user can edit permissions');
$permissions_array = $request->input('permission');
// Strip out the superuser permission if the user isn't a superadmin
if (!Auth::user()->isSuperUser()) {
unset($permissions_array['superuser']);
}
$user->permissions = json_encode($permissions_array);
} else {
\Log::debug('This user can not edit permissions');
}
// we have to invoke the
app(ImageUploadRequest::class)->handleImages($user, 600, 'avatar', 'avatars', 'avatar');
@ -240,6 +248,7 @@ class UsersController extends Controller
}
}
// Only save groups if the user is a super user
if (Auth::user()->isSuperUser()) {
$user->groups()->sync($request->input('groups'));
@ -287,15 +296,18 @@ class UsersController extends Controller
$user->password = bcrypt($request->input('password'));
}
$permissions_array = $request->input('permission');
// Strip out the superuser permission if the user isn't a superadmin
if (Gate::allows('users.permissions', $user)) {
if ($request->has('permissions')) {
$permissions_array = $request->input('permissions');
// Strip out the superuser permission if the API user isn't a superadmin
if (!Auth::user()->isSuperUser()) {
unset($permissions_array['superuser']);
$permissions_array['superuser'] = $orig_superuser;
}
$user->permissions = json_encode($permissions_array);
$user->permissions = $permissions_array;
}
}
// Handle uploaded avatar
app(ImageUploadRequest::class)->handleImages($user, 600, 'avatar', 'avatars', 'avatar');

5
app/Policies/SnipePermissionsPolicy.php
View file

@ -61,6 +61,11 @@ abstract class SnipePermissionsPolicy
return $user->hasAccess($this->columnName().'.view');
}
public function permissions(User $user, $item = null)
{
return $user->hasAccess($this->columnName().'.permissions');
}
public function files(User $user, $item = null)
{
return $user->hasAccess($this->columnName().'.files');

6
app/Providers/AuthServiceProvider.php
View file

@ -152,6 +152,12 @@ class AuthServiceProvider extends ServiceProvider
}
});
Gate::define('users.permissions', function ($user) {
if ($user->hasAccess('users.permissions')) {
return true;
}
});
// -----------------------------------------
// Reports
// -----------------------------------------

6
config/permissions.php
View file

@ -339,6 +339,12 @@ return [
'note' => '',
'display' => true,
],
[
'permission' => 'users.permissions',
'label' => 'User Permissions',
'note' => 'Manage individual User permissions. (Only superusers can edit group memberships)',
'display' => true,
],
[
'permission' => 'users.delete',
'label' => 'Delete Users',

5
resources/views/users/edit.blade.php
View file

@ -76,7 +76,9 @@
<div class="nav-tabs-custom">
<ul class="nav nav-tabs">
<li class="active"><a href="#info" data-toggle="tab">{{ trans('general.information') }} </a></li>
@can('users.permissions')
<li><a href="#permissions" data-toggle="tab">{{ trans('general.permissions') }} </a></li>
@endcan
</ul>
<div class="tab-content">
@ -568,7 +570,7 @@
</div> <!--/col-md-12-->
</div>
</div><!-- /.tab-pane -->
@can('users.permissions')
<div class="tab-pane" id="permissions">
<div class="col-md-12">
@if (!Auth::user()->isSuperUser())
@ -592,6 +594,7 @@
@include('partials.forms.edit.permissions-base')
</table>
</div><!-- /.tab-pane -->
@endcan
</div><!-- /.tab-content -->
<div class="box-footer text-right">
<button type="submit" accesskey="s" class="btn btn-primary"><i class="fas fa-check icon-white" aria-hidden="true"></i> {{ trans('general.save') }}</button>