Skip to content

Commit 0043263

Browse files
inv-hareeshinv-hareesh
committed
bug fix for Users can edit and rename shelves #5458 
1 parent d938565 commit 0043263

File tree

1 file changed

+43
-0
lines changed

1 file changed

+43
-0
lines changed

app/Entities/Controllers/BookshelfController.php

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@
1616
use Exception;
1717
use Illuminate\Http\Request;
1818
use Illuminate\Validation\ValidationException;
19+
use Illuminate\Support\Facades\Auth;
1920

2021
class BookshelfController extends Controller
2122
{
@@ -68,6 +69,13 @@ public function index(Request $request)
6869
*/
6970
public function create()
7071
{
72+
$user = Auth::user();
73+
$roles = $user->roles;
74+
75+
// Check if the user has the "Admin" role
76+
if (!$roles->contains('display_name', 'Admin')) {
77+
return redirect()->back()->with('error', 'You do not have permission to create bookshelf.');
78+
}
7179
$this->checkPermission('bookshelf-create-all');
7280
$books = $this->bookQueries->visibleForList()->orderBy('name')->get(['name', 'id', 'slug', 'created_at', 'updated_at']);
7381
$this->setPageTitle(trans('entities.shelves_create'));
@@ -83,6 +91,13 @@ public function create()
8391
*/
8492
public function store(Request $request)
8593
{
94+
$user = Auth::user();
95+
$roles = $user->roles;
96+
97+
// Check if the user has the "Admin" role
98+
if (!$roles->contains('display_name', 'Admin')) {
99+
return redirect()->back()->with('error', 'You do not have permission to store bookshelf.');
100+
}
86101
$this->checkPermission('bookshelf-create-all');
87102
$validated = $this->validate($request, [
88103
'name' => ['required', 'string', 'max:255'],
@@ -142,6 +157,13 @@ public function show(Request $request, ActivityQueries $activities, string $slug
142157
*/
143158
public function edit(string $slug)
144159
{
160+
$user = Auth::user();
161+
$roles = $user->roles;
162+
163+
// Check if the user has the "Admin" role
164+
if (!$roles->contains('display_name', 'Admin')) {
165+
return redirect()->back()->with('error', 'You do not have permission to edit bookshelf.');
166+
}
145167
$shelf = $this->queries->findVisibleBySlugOrFail($slug);
146168
$this->checkOwnablePermission('bookshelf-update', $shelf);
147169

@@ -168,6 +190,13 @@ public function edit(string $slug)
168190
*/
169191
public function update(Request $request, string $slug)
170192
{
193+
$user = Auth::user();
194+
$roles = $user->roles;
195+
196+
// Check if the user has the "Admin" role
197+
if (!$roles->contains('display_name', 'Admin')) {
198+
return redirect()->back()->with('error', 'You do not have permission to update bookshelf.');
199+
}
171200
$shelf = $this->queries->findVisibleBySlugOrFail($slug);
172201
$this->checkOwnablePermission('bookshelf-update', $shelf);
173202
$validated = $this->validate($request, [
@@ -194,6 +223,13 @@ public function update(Request $request, string $slug)
194223
*/
195224
public function showDelete(string $slug)
196225
{
226+
$user = Auth::user();
227+
$roles = $user->roles;
228+
229+
// Check if the user has the "Admin" role
230+
if (!$roles->contains('display_name', 'Admin')) {
231+
return redirect()->back()->with('error', 'You do not have permission to delete bookshelf.');
232+
}
197233
$shelf = $this->queries->findVisibleBySlugOrFail($slug);
198234
$this->checkOwnablePermission('bookshelf-delete', $shelf);
199235

@@ -209,6 +245,13 @@ public function showDelete(string $slug)
209245
*/
210246
public function destroy(string $slug)
211247
{
248+
$user = Auth::user();
249+
$roles = $user->roles;
250+
251+
// Check if the user has the "Admin" role
252+
if (!$roles->contains('display_name', 'Admin')) {
253+
return redirect()->back()->with('error', 'You do not have permission to destroy bookshelf.');
254+
}
212255
$shelf = $this->queries->findVisibleBySlugOrFail($slug);
213256
$this->checkOwnablePermission('bookshelf-delete', $shelf);
214257

0 commit comments

Comments
 (0)