Moved admin links to footer and simplified checks for user permissions
This commit is contained in:
Dave Earley
parent
ba0831e79e
commit
6104b0e3d8
|
|
@ -2,6 +2,9 @@
|
|||
|
||||
namespace App\Attendize;
|
||||
|
||||
use Auth;
|
||||
use PhpSpec\Exception\Exception;
|
||||
|
||||
class Utils
|
||||
{
|
||||
|
||||
|
|
@ -61,6 +64,32 @@ class Utils
|
|||
return file_exists(storage_path().'/framework/down');
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if a user has admin access to events etc.
|
||||
*
|
||||
* @todo - This is a temp fix until user roles etc. are implemented
|
||||
* @param $object
|
||||
* @return bool
|
||||
*/
|
||||
public static function userOwns($object)
|
||||
{
|
||||
if(!Auth::check()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
try {
|
||||
|
||||
if(Auth::user()->account_id === $object->account_id) {
|
||||
return true;
|
||||
}
|
||||
|
||||
} catch(Exception $e) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
public static function file_upload_max_size()
|
||||
{
|
||||
static $max_size = -1;
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
namespace App\Http\Controllers;
|
||||
|
||||
use App\Attendize\Utils;
|
||||
use App\Models\Affiliate;
|
||||
use App\Models\Event;
|
||||
use App\Models\EventStats;
|
||||
|
|
@ -26,7 +27,7 @@ class EventViewController extends Controller
|
|||
{
|
||||
$event = Event::findOrFail($event_id);
|
||||
|
||||
if (Auth::user()->account_id !== $event->account_id && !$event->is_live) {
|
||||
if (!Utils::userOwns($event) && !$event->is_live) {
|
||||
return view('Public.ViewEvent.EventNotLivePage');
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
namespace App\Http\Controllers;
|
||||
|
||||
use App\Attendize\Utils;
|
||||
use App\Models\Organiser;
|
||||
use Carbon\Carbon;
|
||||
use Auth;
|
||||
|
|
@ -21,7 +22,7 @@ class OrganiserViewController extends Controller
|
|||
{
|
||||
$organiser = Organiser::findOrFail($organiser_id);
|
||||
|
||||
if(!$organiser->enable_organiser_page && Auth::user()->account_id !== $organiser->account_id) {
|
||||
if(!$organiser->enable_organiser_page && !Utils::userOwns($organiser)) {
|
||||
abort(404);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -279,7 +279,7 @@ class Event extends MyBaseModel
|
|||
{
|
||||
return $this->sales_volume + $this->organiser_fees_volume;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* The attributes that should be mutated to dates.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@
|
|||
{{--See https://www.attendize.com/licence.php for more information.--}}
|
||||
@include('Shared.Partials.PoweredBy')
|
||||
|
||||
@if(Auth::user()->account_id === $event->account_id)
|
||||
@if(Utils::userOwns($event))
|
||||
•
|
||||
<a class="adminLink " href="{{route('showEventDashboard' , ['event_id' => $event->id])}}">Event
|
||||
Dashboard</a>
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@
|
|||
{{--See https://github.com/Attendize/Attendize/blob/master/LICENSE for more information.--}}
|
||||
@include('Shared.Partials.PoweredBy')
|
||||
|
||||
@if(Auth::user()->account_id === $organiser->account_id)
|
||||
@if(Utils::userOwns($organiser))
|
||||
•
|
||||
<a class="adminLink"
|
||||
href="{{route('showOrganiserDashboard' , ['organiser_id' => $organiser->id])}}">Organiser
|
||||
|
|
|
|||
Loading…
Reference in New Issue