Adds AdminFilter for protecting certain routes. Closes #411
This commit is contained in:
committed by
Joseph Cohen
parent
86d30b82e1
commit
787ecde0ea
@@ -89,13 +89,16 @@ Route::group(['before' => 'auth', 'prefix' => 'dashboard', 'namespace' => 'Cache
|
|||||||
'as' => 'dashboard.team',
|
'as' => 'dashboard.team',
|
||||||
'uses' => 'DashTeamController@showTeamView',
|
'uses' => 'DashTeamController@showTeamView',
|
||||||
]);
|
]);
|
||||||
Route::get('add', [
|
|
||||||
'as' => 'dashboard.team.add',
|
Route::group(['before' => 'admin'], function () {
|
||||||
'uses' => 'DashTeamController@showAddTeamMemberView'
|
Route::get('add', [
|
||||||
]);
|
'as' => 'dashboard.team.add',
|
||||||
Route::get('{user}', 'DashTeamController@showTeamMemberView');
|
'uses' => 'DashTeamController@showAddTeamMemberView'
|
||||||
Route::post('add', 'DashTeamController@postAddUser');
|
]);
|
||||||
Route::post('{user}', 'DashTeamController@postUpdateUser');
|
Route::get('{user}', 'DashTeamController@showTeamMemberView');
|
||||||
|
Route::post('add', 'DashTeamController@postAddUser');
|
||||||
|
Route::post('{user}', 'DashTeamController@postUpdateUser');
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
// Settings
|
// Settings
|
||||||
|
|||||||
@@ -8,9 +8,11 @@
|
|||||||
<span class="uppercase">
|
<span class="uppercase">
|
||||||
<i class="icon icon ion-android-alert"></i> {{ trans('dashboard.team.team') }}
|
<i class="icon icon ion-android-alert"></i> {{ trans('dashboard.team.team') }}
|
||||||
</span>
|
</span>
|
||||||
|
@if(Auth::user()->isAdmin)
|
||||||
<a class="btn btn-sm btn-success pull-right" href="{{ route('dashboard.team.add') }}">
|
<a class="btn btn-sm btn-success pull-right" href="{{ route('dashboard.team.add') }}">
|
||||||
{{ trans('dashboard.team.add.title') }}
|
{{ trans('dashboard.team.add.title') }}
|
||||||
</a>
|
</a>
|
||||||
|
@endif
|
||||||
<div class="clearfix"></div>
|
<div class="clearfix"></div>
|
||||||
</div>
|
</div>
|
||||||
<div class="content-wrapper header-fixed">
|
<div class="content-wrapper header-fixed">
|
||||||
|
|||||||
@@ -0,0 +1,28 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
namespace CachetHQ\Cachet\Http\Before;
|
||||||
|
|
||||||
|
use Illuminate\Http\Request;
|
||||||
|
use Illuminate\Routing\Route;
|
||||||
|
use Illuminate\Support\Facades\Auth;
|
||||||
|
use Illuminate\Support\Facades\Response;
|
||||||
|
|
||||||
|
class AdminFilter
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Run the auth filter.
|
||||||
|
*
|
||||||
|
* We're verifying that the current user is logged in to Cachet and is an admin level.
|
||||||
|
*
|
||||||
|
* @param \Illuminate\Routing\Route $route
|
||||||
|
* @param \Illuminate\Http\Request $request
|
||||||
|
*
|
||||||
|
* @return \Illuminate\Http\Response|null
|
||||||
|
*/
|
||||||
|
public function filter(Route $route, Request $request)
|
||||||
|
{
|
||||||
|
if (!Auth::check() || (Auth::check() && !Auth::user()->isAdmin)) {
|
||||||
|
return Response::make('Unauthorized', 401);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -36,6 +36,7 @@ class RoutingServiceProvider extends ServiceProvider
|
|||||||
protected function registerFilters()
|
protected function registerFilters()
|
||||||
{
|
{
|
||||||
// Laravel's before filters
|
// Laravel's before filters
|
||||||
|
$this->app->router->filter('admin', 'CachetHQ\Cachet\Http\Before\AdminFilter');
|
||||||
$this->app->router->filter('auth', 'CachetHQ\Cachet\Http\Before\AuthFilter');
|
$this->app->router->filter('auth', 'CachetHQ\Cachet\Http\Before\AuthFilter');
|
||||||
$this->app->router->filter('guest', 'CachetHQ\Cachet\Http\Before\GuestFilter');
|
$this->app->router->filter('guest', 'CachetHQ\Cachet\Http\Before\GuestFilter');
|
||||||
$this->app->router->filter('csrf', 'CachetHQ\Cachet\Http\Before\CsrfFilter');
|
$this->app->router->filter('csrf', 'CachetHQ\Cachet\Http\Before\CsrfFilter');
|
||||||
|
|||||||
Reference in New Issue
Block a user