Skip to content

Commit

Permalink
Check for licenses.files permissions
Browse files Browse the repository at this point in the history
Signed-off-by: snipe <snipe@snipe.net>
  • Loading branch information
snipe committed Sep 16, 2022
1 parent 9cae4f1 commit dcab138
Show file tree
Hide file tree
Showing 6 changed files with 25 additions and 6 deletions.
3 changes: 2 additions & 1 deletion app/Http/Controllers/Licenses/LicenseFilesController.php
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,7 @@ public function show($licenseId = null, $fileId = null, $download = true)
// the license is valid
if (isset($license->id)) {
$this->authorize('view', $license);
$this->authorize('licenses.files', $license);

if (! $log = Actionlog::find($fileId)) {
return response('No matching record for that asset/file', 500)
Expand Down Expand Up @@ -171,6 +172,6 @@ public function show($licenseId = null, $fileId = null, $download = true)
}
}

return redirect()->route('license.index')->with('error', trans('admin/licenses/message.does_not_exist', ['id' => $fileId]));
return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.does_not_exist', ['id' => $fileId]));
}
}
8 changes: 6 additions & 2 deletions app/Policies/LicensePolicy.php
Original file line number Diff line number Diff line change
Expand Up @@ -42,8 +42,12 @@ public function viewKeys(User $user, License $license = null)
* @param \App\Models\User $user
* @return mixed
*/
public function files(User $user)
public function viewFiles(User $user)
{
return $user->hasAccess($this->columnName().'.files');
if ($user->hasAccess('licenses.files')) {
return true;
}
return false;

}
}
5 changes: 5 additions & 0 deletions app/Policies/SnipePermissionsPolicy.php
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,11 @@ public function view(User $user, $item = null)
return $user->hasAccess($this->columnName().'.view');
}

public function files(User $user, $item = null)
{
return $user->hasAccess($this->columnName().'.files');
}

/**
* Determine whether the user can create accessories.
*
Expand Down
7 changes: 7 additions & 0 deletions app/Providers/AuthServiceProvider.php
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,13 @@ public function boot()
});


Gate::define('licenses.files', function ($user) {
if ($user->hasAccess('licenses.files')) {
return true;
}
});


// -----------------------------------------
// Reports
// -----------------------------------------
Expand Down
2 changes: 1 addition & 1 deletion resources/lang/en/admin/licenses/message.php
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

return array(

'does_not_exist' => 'License does not exist.',
'does_not_exist' => 'License does not exist or you do not have permission to view it.',
'user_does_not_exist' => 'User does not exist.',
'asset_does_not_exist' => 'The asset you are trying to associate with this license does not exist.',
'owner_doesnt_match_asset' => 'The asset you are trying to associate with this license is owned by somene other than the person selected in the assigned to dropdown.',
Expand Down
6 changes: 4 additions & 2 deletions resources/views/licenses/view.blade.php
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,8 @@

</a>
</li>


@can('licenses.files', $license)
<li>
<a href="#files" data-toggle="tab">
<span class="hidden-lg hidden-md">
Expand All @@ -46,6 +47,7 @@
</span>
</a>
</li>
@endcan

<li>
<a href="#history" data-toggle="tab">
Expand Down Expand Up @@ -416,7 +418,7 @@ class="table table-striped snipe-table"
</div> <!--/.row-->
</div> <!-- /.tab-pane -->

@can('files', $license)
@can('licenses.files', $license)
<div class="tab-pane" id="files">
<div class="table-responsive">
<table
Expand Down

0 comments on commit dcab138

Please sign in to comment.