From 99e55f84f01ae45cbc127857359364ffb14e3633 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Sat, 20 Jan 2018 04:39:31 -0800
Subject: [PATCH] Fixed misc UI permissions elements

---
 app/Http/Controllers/AssetModelsController.php       | 12 ++++++++++--
 app/Http/Controllers/CategoriesController.php        |  8 +++++++-
 app/Http/Controllers/LocationsController.php         |  7 +++++++
 app/Http/Controllers/StatuslabelsController.php      |  9 ++++++++-
 app/Http/Controllers/SuppliersController.php         |  7 +++++++
 app/Http/Transformers/LocationsTransformer.php       |  2 +-
 resources/views/locations/index.blade.php            |  4 +++-
 resources/views/models/index.blade.php               |  4 +++-
 resources/views/partials/forms/edit/status.blade.php |  7 ++++++-
 resources/views/statuslabels/index.blade.php         |  4 +++-
 resources/views/suppliers/index.blade.php            |  4 +++-
 11 files changed, 58 insertions(+), 10 deletions(-)

diff --git a/app/Http/Controllers/AssetModelsController.php b/app/Http/Controllers/AssetModelsController.php
index ca43b0c925..8cd9a450d2 100755
--- a/app/Http/Controllers/AssetModelsController.php
+++ b/app/Http/Controllers/AssetModelsController.php
@@ -40,6 +40,7 @@ class AssetModelsController extends Controller
     */
     public function index()
     {
+        $this->authorize('index', AssetModel::class);
         return view('models/index');
     }
 
@@ -52,6 +53,7 @@ class AssetModelsController extends Controller
     */
     public function create()
     {
+        $this->authorize('create', AssetModel::class);
         $category_type = 'asset';
         return view('models/edit')->with('category_type',$category_type)
         ->with('depreciation_list', Helper::depreciationList())
@@ -69,6 +71,7 @@ class AssetModelsController extends Controller
     public function store(ImageUploadRequest $request)
     {
 
+        $this->authorize('create', AssetModel::class);
         // Create a new asset model
         $model = new AssetModel;
 
@@ -124,7 +127,8 @@ class AssetModelsController extends Controller
      */
     public function apiStore(Request $request)
     {
-      //COPYPASTA!!!! FIXME
+        //COPYPASTA!!!! FIXME
+        $this->authorize('create', AssetModel::class);
         $model = new AssetModel;
 
         $settings=Input::all();
@@ -162,6 +166,7 @@ class AssetModelsController extends Controller
     */
     public function edit($modelId = null)
     {
+        $this->authorize('edit', AssetModel::class);
         if ($item = AssetModel::find($modelId)) {
             $category_type = 'asset';
             $view = View::make('models/edit', compact('item','category_type'));
@@ -185,6 +190,7 @@ class AssetModelsController extends Controller
     */
     public function update(ImageUploadRequest $request, $modelId = null)
     {
+        $this->authorize('edit', AssetModel::class);
         // Check if the model exists
         if (is_null($model = AssetModel::find($modelId))) {
             // Redirect to the models management page
@@ -255,6 +261,7 @@ class AssetModelsController extends Controller
     */
     public function destroy($modelId)
     {
+        $this->authorize('delete', AssetModel::class);
         // Check if the model exists
         if (is_null($model = AssetModel::find($modelId))) {
             return redirect()->route('models.index')->with('error', trans('admin/models/message.not_found'));
@@ -291,7 +298,7 @@ class AssetModelsController extends Controller
     */
     public function getRestore($modelId = null)
     {
-
+        $this->authorize('create', AssetModel::class);
         // Get user information
         $model = AssetModel::withTrashed()->find($modelId);
 
@@ -322,6 +329,7 @@ class AssetModelsController extends Controller
     */
     public function show($modelId = null)
     {
+        $this->authorize('view', AssetModel::class);
         $model = AssetModel::withTrashed()->find($modelId);
 
         if (isset($model->id)) {
diff --git a/app/Http/Controllers/CategoriesController.php b/app/Http/Controllers/CategoriesController.php
index 4c3f9d68d5..74b83acac3 100755
--- a/app/Http/Controllers/CategoriesController.php
+++ b/app/Http/Controllers/CategoriesController.php
@@ -40,6 +40,7 @@ class CategoriesController extends Controller
     public function index()
     {
         // Show the page
+        $this->authorize('view', Category::class);
         return view('categories/index');
     }
 
@@ -55,6 +56,7 @@ class CategoriesController extends Controller
     public function create()
     {
         // Show the page
+        $this->authorize('create', Category::class);
          $category_types= Helper::categoryTypeList();
         return view('categories/edit')->with('item', new Category)
             ->with('category_types', $category_types);
@@ -71,6 +73,7 @@ class CategoriesController extends Controller
      */
     public function store(ImageUploadRequest $request)
     {
+        $this->authorize('create', Category::class);
         $category = new Category();
         $category->name                 = $request->input('name');
         $category->category_type        = $request->input('category_type');
@@ -110,6 +113,7 @@ class CategoriesController extends Controller
      */
     public function edit($categoryId = null)
     {
+        $this->authorize('edit', Category::class);
         if (is_null($item = Category::find($categoryId))) {
             return redirect()->route('categories.index')->with('error', trans('admin/categories/message.does_not_exist'));
         }
@@ -132,7 +136,7 @@ class CategoriesController extends Controller
      */
     public function update(ImageUploadRequest $request, $categoryId = null)
     {
-        // Check if the blog post exists
+        $this->authorize('edit', Category::class);
         if (is_null($category = Category::find($categoryId))) {
             // Redirect to the categories management page
             return redirect()->to('admin/categories')->with('error', trans('admin/categories/message.does_not_exist'));
@@ -198,6 +202,7 @@ class CategoriesController extends Controller
      */
     public function destroy($categoryId)
     {
+        $this->authorize('delete', Category::class);
         // Check if the category exists
         if (is_null($category = Category::find($categoryId))) {
             return redirect()->route('categories.index')->with('error', trans('admin/categories/message.not_found'));
@@ -231,6 +236,7 @@ class CategoriesController extends Controller
      */
     public function show($id)
     {
+        $this->authorize('view', Category::class);
         if ($category = Category::find($id)) {
 
             if ($category->category_type=='asset') {
diff --git a/app/Http/Controllers/LocationsController.php b/app/Http/Controllers/LocationsController.php
index 65b17474cc..0738757c64 100755
--- a/app/Http/Controllers/LocationsController.php
+++ b/app/Http/Controllers/LocationsController.php
@@ -40,6 +40,7 @@ class LocationsController extends Controller
     public function index()
     {
         // Grab all the locations
+        $this->authorize('view', Location::class);
         $locations = Location::orderBy('created_at', 'DESC')->with('parent', 'assets', 'assignedassets')->get();
 
         // Show the page
@@ -57,6 +58,7 @@ class LocationsController extends Controller
      */
     public function create()
     {
+        $this->authorize('create', Location::class);
         $locations = Location::orderBy('name', 'ASC')->get();
 
         $location_options_array = Location::getLocationHierarchy($locations);
@@ -80,6 +82,7 @@ class LocationsController extends Controller
      */
     public function store(ImageUploadRequest $request)
     {
+        $this->authorize('create', Location::class);
         $location = new Location();
         $location->name             = $request->input('name');
         $location->parent_id        = $request->input('parent_id', null);
@@ -122,6 +125,7 @@ class LocationsController extends Controller
     */
     public function apiStore(Request $request)
     {
+        $this->authorize('create', Location::class);
         $new['currency']=Setting::first()->default_currency;
 
         // create a new location instance
@@ -158,6 +162,7 @@ class LocationsController extends Controller
      */
     public function edit($locationId = null)
     {
+        $this->authorize('edit', Location::class);
         // Check if the location exists
         if (is_null($item = Location::find($locationId))) {
             return redirect()->route('locations.index')->with('error', trans('admin/locations/message.does_not_exist'));
@@ -186,6 +191,7 @@ class LocationsController extends Controller
      */
     public function update(ImageUploadRequest $request, $locationId = null)
     {
+        $this->authorize('edit', Location::class);
         // Check if the location exists
         if (is_null($location = Location::find($locationId))) {
             return redirect()->route('locations.index')->with('error', trans('admin/locations/message.does_not_exist'));
@@ -252,6 +258,7 @@ class LocationsController extends Controller
      */
     public function destroy($locationId)
     {
+        $this->authorize('delete', Location::class);
         if (is_null($location = Location::find($locationId))) {
             return redirect()->to(route('locations.index'))->with('error', trans('admin/locations/message.not_found'));
         }
diff --git a/app/Http/Controllers/StatuslabelsController.php b/app/Http/Controllers/StatuslabelsController.php
index bd5c34360a..1a9b772dd9 100755
--- a/app/Http/Controllers/StatuslabelsController.php
+++ b/app/Http/Controllers/StatuslabelsController.php
@@ -32,12 +32,13 @@ class StatuslabelsController extends Controller
 
     public function index()
     {
+        $this->authorize('view', Statuslabel::class);
         return view('statuslabels.index', compact('statuslabels'));
     }
 
     public function show($id)
     {
-
+        $this->authorize('view', Statuslabel::class);
         if ($statuslabel = Statuslabel::find($id)) {
             return view('statuslabels.view')->with('statuslabel', $statuslabel);
         }
@@ -55,6 +56,7 @@ class StatuslabelsController extends Controller
     public function create()
     {
         // Show the page
+        $this->authorize('create', Statuslabel::class);
         $item = new Statuslabel;
         $use_statuslabel_type = $item->getStatuslabelType();
         $statuslabel_types = Helper::statusTypeList();
@@ -72,6 +74,7 @@ class StatuslabelsController extends Controller
     public function store(Request $request)
     {
 
+        $this->authorize('create', Statuslabel::class);
         // create a new model instance
         $statusLabel = new Statuslabel();
 
@@ -106,6 +109,7 @@ class StatuslabelsController extends Controller
      */
     public function apiStore(Request $request)
     {
+        $this->authorize('create', Statuslabel::class);
         $statuslabel = new Statuslabel();
         if (!$request->has('statuslabel_types')) {
             return JsonResponse::create(["error" => trans('validation.statuslabel_type')], 500);
@@ -137,6 +141,7 @@ class StatuslabelsController extends Controller
      */
     public function edit($statuslabelId = null)
     {
+        $this->authorize('update', Statuslabel::class);
         // Check if the Statuslabel exists
         if (is_null($item = Statuslabel::find($statuslabelId))) {
             // Redirect to the blogs management page
@@ -159,6 +164,7 @@ class StatuslabelsController extends Controller
      */
     public function update(Request $request, $statuslabelId = null)
     {
+        $this->authorize('update', Statuslabel::class);
         // Check if the Statuslabel exists
         if (is_null($statuslabel = Statuslabel::find($statuslabelId))) {
             // Redirect to the blogs management page
@@ -197,6 +203,7 @@ class StatuslabelsController extends Controller
      */
     public function destroy($statuslabelId)
     {
+        $this->authorize('delete', Statuslabel::class);
         // Check if the Statuslabel exists
         if (is_null($statuslabel = Statuslabel::find($statuslabelId))) {
             return redirect()->route('statuslabels.index')->with('error', trans('admin/statuslabels/message.not_found'));
diff --git a/app/Http/Controllers/SuppliersController.php b/app/Http/Controllers/SuppliersController.php
index 9047bf3572..d9726c4b31 100755
--- a/app/Http/Controllers/SuppliersController.php
+++ b/app/Http/Controllers/SuppliersController.php
@@ -33,6 +33,7 @@ class SuppliersController extends Controller
     public function index()
     {
         // Grab all the suppliers
+        $this->authorize('view', Supplier::class);
         $suppliers = Supplier::orderBy('created_at', 'DESC')->get();
 
         // Show the page
@@ -47,6 +48,7 @@ class SuppliersController extends Controller
      */
     public function create()
     {
+        $this->authorize('create', Supplier::class);
         return view('suppliers/edit')->with('item', new Supplier);
     }
 
@@ -59,6 +61,7 @@ class SuppliersController extends Controller
      */
     public function store(ImageUploadRequest $request)
     {
+        $this->authorize('create', Supplier::class);
         // Create a new supplier
         $supplier = new Supplier;
         // Save the location data
@@ -100,6 +103,7 @@ class SuppliersController extends Controller
      */
     public function apiStore(Request $request)
     {
+        $this->authorize('create', Supplier::class);
         $supplier = new Supplier;
         $supplier->name =  $request->input('name');
         $supplier->user_id              = Auth::id();
@@ -118,6 +122,7 @@ class SuppliersController extends Controller
      */
     public function edit($supplierId = null)
     {
+        $this->authorize('edit', Supplier::class);
         // Check if the supplier exists
         if (is_null($item = Supplier::find($supplierId))) {
             // Redirect to the supplier  page
@@ -137,6 +142,7 @@ class SuppliersController extends Controller
      */
     public function update($supplierId = null, ImageUploadRequest $request)
     {
+        $this->authorize('edit', Supplier::class);
         // Check if the supplier exists
         if (is_null($supplier = Supplier::find($supplierId))) {
             // Redirect to the supplier  page
@@ -207,6 +213,7 @@ class SuppliersController extends Controller
      */
     public function destroy($supplierId)
     {
+        $this->authorize('delete', Supplier::class);
         if (is_null($supplier = Supplier::with('asset_maintenances', 'assets', 'licenses')->withCount('asset_maintenances','assets','licenses')->find($supplierId))) {
             return redirect()->route('suppliers.index')->with('error', trans('admin/suppliers/message.not_found'));
         }
diff --git a/app/Http/Transformers/LocationsTransformer.php b/app/Http/Transformers/LocationsTransformer.php
index f8aa322c30..11b9186f17 100644
--- a/app/Http/Transformers/LocationsTransformer.php
+++ b/app/Http/Transformers/LocationsTransformer.php
@@ -57,7 +57,7 @@ class LocationsTransformer
 
             $permissions_array['available_actions'] = [
                 'update' => Gate::allows('update', Location::class) ? true : false,
-                'delete' => (Gate::allows('delete', Department::class) && ($location->assigned_assets_count==0) && ($location->assets_count==0) && ($location->users_count==0) && ($location->deleted_at=='')) ? true : false,
+                'delete' => (Gate::allows('delete', Location::class) && ($location->assigned_assets_count==0) && ($location->assets_count==0) && ($location->users_count==0) && ($location->deleted_at=='')) ? true : false,
             ];
 
             $array += $permissions_array;
diff --git a/resources/views/locations/index.blade.php b/resources/views/locations/index.blade.php
index 3ef6731380..8472ffbd70 100755
--- a/resources/views/locations/index.blade.php
+++ b/resources/views/locations/index.blade.php
@@ -7,8 +7,10 @@
 @stop
 
 @section('header_right')
-<a href="{{ route('locations.create') }}" class="btn btn-primary pull-right">
+  @can('create', \App\Models\Location::class)
+      <a href="{{ route('locations.create') }}" class="btn btn-primary pull-right">
   {{ trans('general.create') }}</a>
+  @endcan
 @stop
 {{-- Page content --}}
 @section('content')
diff --git a/resources/views/models/index.blade.php b/resources/views/models/index.blade.php
index 3d8df072f0..f1b45e4d1f 100755
--- a/resources/views/models/index.blade.php
+++ b/resources/views/models/index.blade.php
@@ -14,7 +14,9 @@
 
 {{-- Page title --}}
 @section('header_right')
-  <a href="{{ route('models.create') }}" class="btn btn-primary pull-right"></i> {{ trans('general.create') }}</a>
+  @can('create', \App\Models\AssetModel::class)
+    <a href="{{ route('models.create') }}" class="btn btn-primary pull-right"></i> {{ trans('general.create') }}</a>
+  @endcan
 
   @if (Input::get('status')=='deleted')
     <a class="btn btn-default pull-right" href="{{ route('models.index') }}" style="margin-right: 5px;">{{ trans('admin/models/general.view_models') }}</a>
diff --git a/resources/views/partials/forms/edit/status.blade.php b/resources/views/partials/forms/edit/status.blade.php
index 0a9f40574a..3fc88188ab 100644
--- a/resources/views/partials/forms/edit/status.blade.php
+++ b/resources/views/partials/forms/edit/status.blade.php
@@ -6,8 +6,13 @@
         {!! $errors->first('status_id', '<span class="alert-msg"><i class="fa fa-times"></i> :message</span>') !!}
     </div>
     <div class="col-md-2 col-sm-2 text-left">
-        <a href='{{ route('modal.statuslabel') }}' data-toggle="modal"  data-target="#createModal" data-select='status_select_id' class="btn btn-sm btn-default">New</a>
+
+        @can('index', \App\Models\Statuslabel::class)
+            <a href='{{ route('modal.statuslabel') }}' data-toggle="modal"  data-target="#createModal" data-select='status_select_id' class="btn btn-sm btn-default">New</a>
+        @endcan
+
         <span class="status_spinner" style="padding-left: 10px; color: green; display:none; width: 30px;"><i class="fa fa-spinner fa-spin"></i> </span>
+
     </div>
 
     <div class="col-md-7 col-sm-11 col-md-offset-3" id="status_helptext">
diff --git a/resources/views/statuslabels/index.blade.php b/resources/views/statuslabels/index.blade.php
index 2a057bae8b..9a677c8876 100755
--- a/resources/views/statuslabels/index.blade.php
+++ b/resources/views/statuslabels/index.blade.php
@@ -7,8 +7,10 @@
 @stop
 
 @section('header_right')
-<a href="{{ route('statuslabels.create') }}" class="btn btn-primary pull-right">
+    @can('create', \App\Models\Statuslabel::class)
+        <a href="{{ route('statuslabels.create') }}" class="btn btn-primary pull-right">
 {{ trans('general.create') }}</a>
+    @endcan
 @stop
 {{-- Page content --}}
 @section('content')
diff --git a/resources/views/suppliers/index.blade.php b/resources/views/suppliers/index.blade.php
index 125b463fda..7e6222e45a 100755
--- a/resources/views/suppliers/index.blade.php
+++ b/resources/views/suppliers/index.blade.php
@@ -11,7 +11,9 @@
 
 
 @section('header_right')
-<a href="{{ route('suppliers.create') }}" class="btn btn-primary pull-right"> {{ trans('general.create') }}</a>
+  @can('create', \App\Models\Supplier::class)
+    <a href="{{ route('suppliers.create') }}" class="btn btn-primary pull-right"> {{ trans('general.create') }}</a>
+  @endcan
 @stop
 
 <div class="row">