diff --git a/app/Http/Controllers/Licenses/LicenseFilesController.php b/app/Http/Controllers/Licenses/LicenseFilesController.php index 81a2f26ede57..db414edebfe0 100644 --- a/app/Http/Controllers/Licenses/LicenseFilesController.php +++ b/app/Http/Controllers/Licenses/LicenseFilesController.php @@ -135,6 +135,7 @@ public function show($licenseId = null, $fileId = null, $download = true) // the license is valid if (isset($license->id)) { $this->authorize('view', $license); + $this->authorize('licenses.files', $license); if (! $log = Actionlog::find($fileId)) { return response('No matching record for that asset/file', 500) @@ -171,6 +172,6 @@ public function show($licenseId = null, $fileId = null, $download = true) } } - return redirect()->route('license.index')->with('error', trans('admin/licenses/message.does_not_exist', ['id' => $fileId])); + return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.does_not_exist', ['id' => $fileId])); } } diff --git a/app/Policies/LicensePolicy.php b/app/Policies/LicensePolicy.php index 7a92b5b7de58..3f2f780d9b46 100644 --- a/app/Policies/LicensePolicy.php +++ b/app/Policies/LicensePolicy.php @@ -42,8 +42,12 @@ public function viewKeys(User $user, License $license = null) * @param \App\Models\User $user * @return mixed */ - public function files(User $user) + public function viewFiles(User $user) { - return $user->hasAccess($this->columnName().'.files'); + if ($user->hasAccess('licenses.files')) { + return true; + } + return false; + } } diff --git a/app/Policies/SnipePermissionsPolicy.php b/app/Policies/SnipePermissionsPolicy.php index 703385ec99ec..d4f2d88ccd83 100644 --- a/app/Policies/SnipePermissionsPolicy.php +++ b/app/Policies/SnipePermissionsPolicy.php @@ -61,6 +61,11 @@ public function view(User $user, $item = null) return $user->hasAccess($this->columnName().'.view'); } + public function files(User $user, $item = null) + { + return $user->hasAccess($this->columnName().'.files'); + } + /** * Determine whether the user can create accessories. * diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php index ac466d0ca981..7541e39919a4 100644 --- a/app/Providers/AuthServiceProvider.php +++ b/app/Providers/AuthServiceProvider.php @@ -122,6 +122,13 @@ public function boot() }); + Gate::define('licenses.files', function ($user) { + if ($user->hasAccess('licenses.files')) { + return true; + } + }); + + // ----------------------------------------- // Reports // ----------------------------------------- diff --git a/resources/lang/en/admin/licenses/message.php b/resources/lang/en/admin/licenses/message.php index 87a7c3d0b9da..dd7e54dea4aa 100644 --- a/resources/lang/en/admin/licenses/message.php +++ b/resources/lang/en/admin/licenses/message.php @@ -2,7 +2,7 @@ return array( - 'does_not_exist' => 'License does not exist.', + 'does_not_exist' => 'License does not exist or you do not have permission to view it.', 'user_does_not_exist' => 'User does not exist.', 'asset_does_not_exist' => 'The asset you are trying to associate with this license does not exist.', 'owner_doesnt_match_asset' => 'The asset you are trying to associate with this license is owned by somene other than the person selected in the assigned to dropdown.', diff --git a/resources/views/licenses/view.blade.php b/resources/views/licenses/view.blade.php index 1f6b085a4753..d0623cf405f6 100755 --- a/resources/views/licenses/view.blade.php +++ b/resources/views/licenses/view.blade.php @@ -36,7 +36,8 @@ - + + @can('licenses.files', $license)