Adds AdminFilter for protecting certain routes. Closes #411

2015-01-23 08:31:00 +00:00
parent 86d30b82e1
commit 787ecde0ea
4 changed files with 41 additions and 7 deletions
--- a/app/routes/dashboard.php
+++ b/app/routes/dashboard.php
@@ -89,13 +89,16 @@ Route::group(['before' => 'auth', 'prefix' => 'dashboard', 'namespace' => 'Cache
            'as'   => 'dashboard.team',
            'uses' => 'DashTeamController@showTeamView',
        ]);
-        Route::get('add', [
-            'as'   => 'dashboard.team.add',
-            'uses' => 'DashTeamController@showAddTeamMemberView'
-        ]);
-        Route::get('{user}', 'DashTeamController@showTeamMemberView');
-        Route::post('add', 'DashTeamController@postAddUser');
-        Route::post('{user}', 'DashTeamController@postUpdateUser');
+
+        Route::group(['before' => 'admin'], function () {
+            Route::get('add', [
+                'as'   => 'dashboard.team.add',
+                'uses' => 'DashTeamController@showAddTeamMemberView'
+            ]);
+            Route::get('{user}', 'DashTeamController@showTeamMemberView');
+            Route::post('add', 'DashTeamController@postAddUser');
+            Route::post('{user}', 'DashTeamController@postUpdateUser');
+        });
    });

    // Settings
--- a/app/views/dashboard/team/index.blade.php
+++ b/app/views/dashboard/team/index.blade.php
@@ -8,9 +8,11 @@
        <span class="uppercase">
            <i class="icon icon ion-android-alert"></i> {{ trans('dashboard.team.team') }}
        </span>
+        @if(Auth::user()->isAdmin)
        <a class="btn btn-sm btn-success pull-right" href="{{ route('dashboard.team.add') }}">
            {{ trans('dashboard.team.add.title') }}
        </a>
+        @endif
        <div class="clearfix"></div>
    </div>
    <div class="content-wrapper header-fixed">