Only allow asset files to be deleted, maintenances to be added if user has assets.edit permission

This commit is contained in:
snipe 2016-11-29 13:37:45 -08:00
parent abcc01f5e0
commit f5e100a6a5
4 changed files with 45 additions and 15 deletions

View file

@ -21,6 +21,7 @@ use App\Models\Setting;
use App\Models\Asset;
use App\Helpers\Helper;
use Auth;
use Gate;
/**
* This controller handles all actions related to Asset Maintenance for
@ -119,8 +120,12 @@ class AssetMaintenancesController extends Controller
$settings = Setting::getSettings();
foreach ($maintenances as $maintenance) {
$actions = '<nobr><a href="'.route('update/asset_maintenance', $maintenance->id).'" class="btn btn-warning btn-sm" style="margin-right:5px;"><i class="fa fa-pencil icon-white"></i></a><a data-html="false" class="btn delete-asset btn-danger btn-sm" data-toggle="modal" href="'.route('delete/asset_maintenance', $maintenance->id).'" data-content="'.trans('admin/asset_maintenances/message.delete.confirm').'" data-title="'.trans('general.delete').' '.htmlspecialchars($maintenance->title).'?" onClick="return false;"><i class="fa fa-trash icon-white"></i></a></nobr>';
$actions = '';
if (Gate::allows('assets.edit')) {
$actions .= '<nobr><a href="' . route('update/asset_maintenance',
$maintenance->id) . '" class="btn btn-warning btn-sm" style="margin-right:5px;"><i class="fa fa-pencil icon-white"></i></a><a data-html="false" class="btn delete-asset btn-danger btn-sm" data-toggle="modal" href="' . route('delete/asset_maintenance',
$maintenance->id) . '" data-content="' . trans('admin/asset_maintenances/message.delete.confirm') . '" data-title="' . trans('general.delete') . ' ' . htmlspecialchars($maintenance->title) . '?" onClick="return false;"><i class="fa fa-trash icon-white"></i></a></nobr>';
}
if (($maintenance->cost) && (isset($maintenance->asset)) && ($maintenance->asset->assetloc) && ($maintenance->asset->assetloc->currency!='')) {
$maintenance_cost = $maintenance->asset->assetloc->currency.$maintenance->cost;

View file

@ -481,16 +481,25 @@ Route::group([ 'prefix' => 'admin','middleware' => ['web','auth']], function ()
# Asset Maintenances
Route::group([ 'prefix' => 'asset_maintenances', 'middleware'=>'authorize:assets.view' ], function () {
Route::get(
'create/{assetId?}',
[ 'as' => 'create/asset_maintenances', 'uses' => 'AssetMaintenancesController@getCreate' ]
);
Route::post('create/{assetId?}', 'AssetMaintenancesController@postCreate');
Route::get('/', [ 'as' => 'asset_maintenances', 'uses' => 'AssetMaintenancesController@getIndex' ]);
Route::get(
'{assetMaintenanceId}/edit',
[ 'as' => 'update/asset_maintenance', 'uses' => 'AssetMaintenancesController@getEdit' ]
);
Route::get('create/{assetId?}',
[ 'as' => 'create/asset_maintenances',
'middleware' => 'authorize:assets.edit',
'uses' => 'AssetMaintenancesController@getCreate'
]);
Route::post('create/{assetId?}',
[ 'as' => 'create/asset_maintenances.save',
'middleware' => 'authorize:assets.edit',
'uses' => 'AssetMaintenancesController@postCreate'
]);
Route::get('{assetMaintenanceId}/edit',
[ 'as' => 'update/asset_maintenance',
'middleware' => 'authorize:assets.edit',
'uses' => 'AssetMaintenancesController@getEdit'
]);
Route::post('{assetMaintenanceId}/edit', 'AssetMaintenancesController@postEdit');
Route::get(
'{assetMaintenanceId}/delete',
@ -500,6 +509,8 @@ Route::group([ 'prefix' => 'admin','middleware' => ['web','auth']], function ()
'{assetMaintenanceId}/view',
[ 'as' => 'view/asset_maintenance', 'uses' => 'AssetMaintenancesController@getView' ]
);
Route::get('/', [ 'as' => 'asset_maintenances', 'uses' => 'AssetMaintenancesController@getIndex' ]);
});
# Accessories

View file

@ -8,7 +8,9 @@
@section('header_right')
@can('assets.edit')
<a href="{{ route('create/asset_maintenances') }}" class="btn btn-primary pull-right"> {{ trans('general.create') }}</a>
@endcan
@stop
@ -45,7 +47,9 @@
<th data-searchable="true" data-sortable="true" data-field="cost" class="text-right">{{ trans('admin/asset_maintenances/form.cost') }}</th>
<th data-searchable="true" data-sortable="true" data-field="user_id">{{ trans('general.admin') }}</th>
<th data-searchable="true" data-sortable="true" data-field="notes" data-visible="false">{{ trans('admin/asset_maintenances/form.notes') }}</th>
@can('assets.edit')
<th data-switchable="false" data-searchable="false" data-sortable="false" data-field="actions">{{ trans('table.actions') }}</th>
@endcan
</tr>
</thead>
</table>

View file

@ -65,7 +65,7 @@
<a href="#files" data-toggle="tab"><span class="hidden-lg hidden-md"><i class="fa fa-files-o"></i></span> <span class="hidden-xs hidden-sm">Files</span></a>
</li>
<li class="pull-right">
<a href="#" data-toggle="modal" data-target="#uploadFileModal"><i class="fa fa-paperclip"></i> </a>
<!-- <a href="#" data-toggle="modal" data-target="#uploadFileModal"><i class="fa fa-paperclip"></i> </a> -->
</li>
</ul>
<div class="tab-content">
@ -496,9 +496,11 @@
<div class="tab-pane fade" id="maintenances">
<div class="row">
<div class="col-md-12">
@can('assets.edit')
<h6>{{ trans('general.asset_maintenances') }}
[ <a href="{{ route('create/asset_maintenances', $asset->id) }}">{{ trans('button.add') }}</a> ]
</h6>
@endcan
<!-- Asset Maintenance table -->
@if (count($asset->assetmaintenances) > 0)
@ -514,7 +516,9 @@
<th>{{ trans('admin/asset_maintenances/table.is_warranty') }}</th>
<th>{{ trans('admin/asset_maintenances/form.cost') }}</th>
<th>{{ trans('general.admin') }}</th>
@can('assets.edit')
<th>{{ trans('table.actions') }}</th>
@endcan
</tr>
</thead>
<tbody>
@ -537,9 +541,11 @@
@endif
</td>
<?php $totalCost += $assetMaintenance->cost; ?>
@can('assets.edit')
<td>
<a href="{{ route('update/asset_maintenance', $assetMaintenance->id) }}" class="btn btn-warning btn-sm"><i class="fa fa-pencil icon-white"></i></a>
</td>
@endcan
</tr>
@endif
@endforeach
@ -665,6 +671,7 @@
<div class="tab-pane fade" id="files">
<div class="row">
@can('assets.edit')
{{ Form::open([
'method' => 'POST',
'route' => ['upload/asset', $asset->id],
@ -688,6 +695,7 @@
</div>
{{ Form::close() }}
@endcan
<div class="col-md-12">
@ -724,7 +732,9 @@
@endif
</td>
<td>
@can('assets.edit')
<a class="btn delete-asset btn-danger btn-sm" href="{{ route('delete/assetfile', [$asset->id, $file->id]) }}"><i class="fa fa-trash icon-white"></i></a>
@endcan
</td>
</tr>
@endforeach