mirror of https://github.com/4xmen/xshop.git
parent
69fbe25a09
commit
806d382186
@ -0,0 +1,138 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Controllers\Admin;
|
||||
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Models\Access;
|
||||
use App\Models\User;
|
||||
use Illuminate\Database\Eloquent\Model;
|
||||
use function Xmen\StarterKit\Helpers\logAdmin;
|
||||
use Xmen\StarterKit\Requests\UserSaveRequest;
|
||||
|
||||
class UserController extends Controller
|
||||
{
|
||||
private $name = 'User';
|
||||
|
||||
/**
|
||||
* Display a listing of the resource.
|
||||
*
|
||||
* @return \Illuminate\Http\Response
|
||||
*/
|
||||
public function index()
|
||||
{
|
||||
$users = User::orderBy('name')->paginate(20);
|
||||
|
||||
return view('starter-kit::admin.user.userList', compact('users'));
|
||||
}
|
||||
|
||||
/**
|
||||
* Show the form for creating a new resource.
|
||||
*
|
||||
* @return \Illuminate\Http\Response
|
||||
*/
|
||||
public function create()
|
||||
{
|
||||
return view('starter-kit::admin.user.userForm');
|
||||
}
|
||||
|
||||
public function createOrUpdate(User $user, UserSaveRequest $req)
|
||||
{
|
||||
$user->name = $req->input('name');
|
||||
$user->email = $req->input('email');
|
||||
if (trim($req->input('password')) != '') {
|
||||
$user->password = bcrypt($req->input('password'));
|
||||
}
|
||||
$user->mobile = $req->input('mobile');
|
||||
$user->syncRoles($req->input('role'));
|
||||
$user->save();
|
||||
$user->accesses()->delete();
|
||||
foreach ($req->input('acl', []) as $route) {
|
||||
$a = new Access();
|
||||
$a->route = $route;
|
||||
$a->user_id = $user->id;
|
||||
$a->save();
|
||||
$routes = explode('.', $route);
|
||||
if ($routes[2] == 'store' || $routes[2] == 'update') {
|
||||
$routes[2] = $routes[2] == 'store' ? 'create' : 'edit';
|
||||
$a = new Access();
|
||||
$a->route = implode('.', $routes);
|
||||
$a->user_id = $user->id;
|
||||
$a->save();
|
||||
}
|
||||
}
|
||||
return $user;
|
||||
}
|
||||
|
||||
/**
|
||||
* Store a newly created resource in storage.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @return \Illuminate\Http\Response
|
||||
*/
|
||||
public function store(UserSaveRequest $request)
|
||||
{
|
||||
$user = new User();
|
||||
$user = $this->createOrUpdate($user, $request);
|
||||
logAdmin(__METHOD__, User::class, $user->id);
|
||||
|
||||
return redirect()->route('admin.user.all')->with(['message' => $user->name . ' ' . __($this->name) . ' ' . __(' created')]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Display the specified resource.
|
||||
*
|
||||
* @param int $id
|
||||
* @return \Illuminate\Http\Response
|
||||
*/
|
||||
public function show($id)
|
||||
{
|
||||
}
|
||||
|
||||
public function edit(User $user)
|
||||
{
|
||||
$routes = [];
|
||||
foreach (\Route::getRoutes()->getRoutes() as $route) {
|
||||
$action = $route->getAction();
|
||||
if (array_key_exists('as', $action)) {
|
||||
$routeName = explode('.', $action['as']);
|
||||
if (isset($routeName[2]) && $routeName[0] == 'admin') {
|
||||
if (!isset($routes[$routeName[1]])) {
|
||||
$routes[$routeName[1]] = [];
|
||||
if ($routeName[2] != 'edit' && $routeName[2] != 'create')
|
||||
$routes[$routeName[1]][] = $routeName[2];
|
||||
|
||||
} else {
|
||||
if ($routeName[2] != 'edit' && $routeName[2] != 'create')
|
||||
$routes[$routeName[1]][] = $routeName[2];
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
unset($routes['home'], $routes['user'], $routes['ckeditor']);
|
||||
return view('starter-kit::admin.user.userForm', compact('user', 'routes'));
|
||||
}
|
||||
|
||||
public function update(UserSaveRequest $request, User $user)
|
||||
{
|
||||
$this->createOrUpdate($user, $request);
|
||||
logAdmin(__METHOD__, User::class, $user->id);
|
||||
|
||||
return redirect()->route('admin.user.all')->with(['message' => $user->name . ' ' . __($this->name) . ' ' . __(' edited')]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Remove the specified resource from storage.
|
||||
*
|
||||
* @param int $user
|
||||
* @return \Illuminate\Http\Response
|
||||
*/
|
||||
public function destroy(User $user)
|
||||
{
|
||||
if (auth()->user()->hasRole('super-admin')) {
|
||||
$user->delete();
|
||||
logAdmin(__METHOD__, User::class, $user->id);
|
||||
return redirect()->back()->with(['message' => $user->name . ' ' . __($this->name) . ' ' . __(' deleted')]);
|
||||
}
|
||||
return redirect()->route('admin.user.all');
|
||||
}
|
||||
}
|
@ -0,0 +1,50 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
|
||||
|
||||
class Acl
|
||||
{
|
||||
|
||||
private $excepts = ['ckeditor', 'home'];
|
||||
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next
|
||||
* @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
|
||||
*/
|
||||
public function handle(Request $request, Closure $next)
|
||||
{
|
||||
$route = \Route::getCurrentRoute();
|
||||
// check admin page & user is not super admin
|
||||
if (auth()->check() && isset($route->action['as'])) {
|
||||
// explode user request to process
|
||||
$requestPath = explode('.', $route->action['as']);
|
||||
// ignore admin and not admin page
|
||||
if ($requestPath[0] == 'admin' && !auth()->user()->hasRole('super-admin')) {
|
||||
// check excpet and has 3 routes and has user acceess
|
||||
if (!in_array($requestPath[1], $this->excepts) &&
|
||||
isset($requestPath[2]) &&
|
||||
!auth()->user()->hasAccess($route->action['as'])) {
|
||||
return abort(403, __("You dont't have acccess this acction"));
|
||||
}
|
||||
// check delete or destroy with bulk action
|
||||
if ($requestPath[2] == 'bulk' && $request->input('bulk') == 'delete') {
|
||||
$requestPath[2] = 'delete';
|
||||
if (!auth()->user()->hasAccess(implode('.', $requestPath))) {
|
||||
$requestPath[2] = 'destroy';
|
||||
if (!auth()->user()->hasAccess(implode('.', $requestPath))) {
|
||||
return abort(403, __("You dont't have acccess this acction"));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return $next($request);
|
||||
}
|
||||
}
|
@ -0,0 +1,36 @@
|
||||
<?php
|
||||
|
||||
namespace App\Models;
|
||||
|
||||
use Illuminate\Database\Eloquent\Factories\HasFactory;
|
||||
use Illuminate\Database\Eloquent\Model;
|
||||
|
||||
/**
|
||||
* App\Models\Access
|
||||
*
|
||||
* @property int $id
|
||||
* @property int $user_id
|
||||
* @property string $route
|
||||
* @property int $owner
|
||||
* @property \Illuminate\Support\Carbon|null $created_at
|
||||
* @property \Illuminate\Support\Carbon|null $updated_at
|
||||
* @property-read \App\Models\User $user
|
||||
* @method static \Illuminate\Database\Eloquent\Builder|Access newModelQuery()
|
||||
* @method static \Illuminate\Database\Eloquent\Builder|Access newQuery()
|
||||
* @method static \Illuminate\Database\Eloquent\Builder|Access query()
|
||||
* @method static \Illuminate\Database\Eloquent\Builder|Access whereCreatedAt($value)
|
||||
* @method static \Illuminate\Database\Eloquent\Builder|Access whereId($value)
|
||||
* @method static \Illuminate\Database\Eloquent\Builder|Access whereOwner($value)
|
||||
* @method static \Illuminate\Database\Eloquent\Builder|Access whereRoute($value)
|
||||
* @method static \Illuminate\Database\Eloquent\Builder|Access whereUpdatedAt($value)
|
||||
* @method static \Illuminate\Database\Eloquent\Builder|Access whereUserId($value)
|
||||
* @mixin \Eloquent
|
||||
*/
|
||||
class Access extends Model
|
||||
{
|
||||
use HasFactory;
|
||||
|
||||
public function user(){
|
||||
return $this->belongsTo(User::class);
|
||||
}
|
||||
}
|
@ -0,0 +1,37 @@
|
||||
<?php
|
||||
|
||||
use Illuminate\Database\Migrations\Migration;
|
||||
use Illuminate\Database\Schema\Blueprint;
|
||||
use Illuminate\Support\Facades\Schema;
|
||||
|
||||
return new class extends Migration
|
||||
{
|
||||
/**
|
||||
* Run the migrations.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function up()
|
||||
{
|
||||
Schema::create('accesses', function (Blueprint $table) {
|
||||
$table->id();
|
||||
$table->unsignedBigInteger('user_id');
|
||||
$table->string('route');
|
||||
$table->boolean('owner')->default(false);
|
||||
$table->timestamps();
|
||||
|
||||
$table->foreign('user_id')->references('id')
|
||||
->on('users')->onDelete('cascade');
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Reverse the migrations.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function down()
|
||||
{
|
||||
Schema::dropIfExists('accesses');
|
||||
}
|
||||
};
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Loading…
Reference in New Issue