Merge pull request #1454 from knom/2.x

Enable/Disable Items with authentification headers

Author: KodeStar

.env.example

@@ -48,3 +48,9 @@ PUSHER_APP_CLUSTER=mt1
 
 MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
 MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
+
+AUTH_ROLES_ENABLE=false
+AUTH_ROLES_HEADER="remote-groups"
+AUTH_ROLES_HTTP_HEADER="HTTP_REMOTE_GROUPS"
+AUTH_ROLES_ADMIN="admin"
+AUTH_ROLES_DELIMITER=","

.vscode/launch.json

@@ -0,0 +1,15 @@
+{
+    "version": "0.2.0",
+    "configurations": [
+      {
+        "name": "Listen for Xdebug",
+        "type": "php",
+        "request": "launch",
+        "port": 9003,
+        "pathMappings": {
+          "/var/www/html": "${workspaceFolder}"
+        }
+      }
+    ]
+  }
+  

.vscode/tasks.json

@@ -0,0 +1,16 @@
+{
+    "version": "2.0.0",
+    "tasks": [
+      {
+        "label": "Start Docker Compose",
+        "type": "shell",
+        "command": "docker-compose up --build",
+        "group": {
+          "kind": "build",
+          "isDefault": true
+        },
+        "problemMatcher": []
+      }
+    ]
+  }
+  

app/Http/Controllers/ItemController.php

@@ -33,34 +33,59 @@ public function __construct()
     /**
      * Display a listing of the resource on the dashboard.
      */
-    public function dash(): View
+    public function dash(Request $request): View
     {
         $treat_tags_as = \App\Setting::fetch('treat_tags_as');
 
         $data["treat_tags_as"] = $treat_tags_as;
 
-        if ($treat_tags_as == 'categories') {
-            $data['categories'] = Item::whereHas('children')->with('children', function ($query) {
-                $query->pinned()->orderBy('order', 'asc');
-            })->pinned()->orderBy('order', 'asc')->get();
-
-        } elseif ($treat_tags_as == 'tags') {
-            $data['apps'] = Item::with('parents')->where('type', 0)->pinned()->orderBy('order', 'asc')->get();
-            $data['all_apps'] = Item::where('type', 0)->orderBy('order', 'asc')->get();
-            $data['taglist'] = Item::where('id', 0)->orWhere(function($query) {
-                $query->where('type', 1)->pinned();
-            })->orderBy('order', 'asc')->get();
+        if (config('app.auth_roles_enable')) {
+            $roles = explode(config('app.auth_roles_delimiter'), $request->header(config('app.auth_roles_header')));
+            if ($treat_tags_as == 'categories') {
+                $data['categories'] = Item::whereHas('children')->with('children', function ($query) {
+                    $query->pinned()->orderBy('order', 'asc');
+                })->pinned()->orderBy('order', 'asc')->get();
+
+            } elseif ($treat_tags_as == 'tags') {
+                $data['apps'] = Item::with('parents')->where('type', 0)->pinned()->orderBy('order', 'asc')->get();
+                $data['all_apps'] = Item::where('type', 0)->orderBy('order', 'asc')->get();
+                $data['taglist'] = Item::where('id', 0)->orWhere(function($query) {
+                    $query->where('type', 1)->pinned();
+                })->orderBy('order', 'asc')->get();
+            } else {
+
+                $data['apps'] = Item::whereHas('parents', function ($query) {
+                    $query->where('id', 0);
+                })->whereIn('role', $roles)->orWhere('type', 1)->pinned()->orderBy('order', 'asc')->get();
+        
+                $data['all_apps'] = Item::whereHas('parents', function ($query) {
+                    $query->where('id', 0);
+                })->orWhere('type', 1)->orderBy('order', 'asc')->get();
+            }
         } else {
-
-            $data['apps'] = Item::whereHas('parents', function ($query) {
-                $query->where('id', 0);
-            })->orWhere('type', 1)->pinned()->orderBy('order', 'asc')->get();
-
-            $data['all_apps'] = Item::whereHas('parents', function ($query) {
-                $query->where('id', 0);
-            })->orWhere(function ($query) {
-                $query->where('type', 1)->whereNot('id', 0);
-            })->orderBy('order', 'asc')->get();
+            if ($treat_tags_as == 'categories') {
+                $data['categories'] = Item::whereHas('children')->with('children', function ($query) {
+                    $query->pinned()->orderBy('order', 'asc');
+                })->pinned()->orderBy('order', 'asc')->get();
+
+            } elseif ($treat_tags_as == 'tags') {
+                $data['apps'] = Item::with('parents')->where('type', 0)->pinned()->orderBy('order', 'asc')->get();
+                $data['all_apps'] = Item::where('type', 0)->orderBy('order', 'asc')->get();
+                $data['taglist'] = Item::where('id', 0)->orWhere(function($query) {
+                    $query->where('type', 1)->pinned();
+                })->orderBy('order', 'asc')->get();
+            } else {
+
+                $data['apps'] = Item::whereHas('parents', function ($query) {
+                    $query->where('id', 0);
+                })->orWhere('type', 1)->pinned()->orderBy('order', 'asc')->get();
+
+                $data['all_apps'] = Item::whereHas('parents', function ($query) {
+                    $query->where('id', 0);
+                })->orWhere(function ($query) {
+                    $query->where('type', 1)->whereNot('id', 0);
+                })->orderBy('order', 'asc')->get();
+            }
         }
 
         //$data['all_apps'] = Item::doesntHave('parents')->get();

app/Http/Controllers/TagController.php

@@ -88,11 +88,16 @@ public function store(Request $request): RedirectResponse
      *
      * @param $slug
      */
-    public function show($slug): View
+    public function show($slug, Request $request): View
     {
         $item = Item::whereUrl($slug)->first();
         //print_r($item);
-        $data['apps'] = $item->children()->pinned()->orderBy('order', 'asc')->get();
+        if (config('app.auth_roles_enable')) {
+            $roles = explode(config('app.auth_roles_delimiter'), $request->header(config('app.auth_roles_header')));
+            $data['apps'] = $item->children()->whereIn('role', $roles)->pinned()->orderBy('order', 'asc')->get();
+        } else {
+            $data['apps'] = $item->children()->pinned()->orderBy('order', 'asc')->get();
+        }
         $data['tag'] = $item->id;
         $data['all_apps'] = $item->children;
 

app/Item.php

@@ -33,6 +33,7 @@
  * @property string|null $class
  * @property string|null $appid
  * @property string|null $appdescription
+ * @property string|null $role
  * @property-read \Illuminate\Database\Eloquent\Collection|Item[] $children
  * @property-read int|null $children_count
  * @property-read string $droppable
@@ -51,6 +52,7 @@
  * @method static Builder|Item pinned()
  * @method static Builder|Item query()
  * @method static Builder|Item whereAppdescription($value)
+ * @method static Builder|Item whereRole($value)
  * @method static Builder|Item whereAppid($value)
  * @method static Builder|Item whereClass($value)
  * @method static Builder|Item whereColour($value)
@@ -105,6 +107,7 @@ protected static function boot(): void
         'user_id',
         'tag_id',
         'appid',
+        'role',
     ];
 
 

app/Providers/AppServiceProvider.php

@@ -88,6 +88,11 @@ public function boot(): void
             $view->with('trianglify_seed', $trianglify_seed);
             $view->with('allusers', $allusers);
             $view->with('current_user', $current_user);
+            if (config('app.auth_roles_enable')){
+                $view->with('enable_auth_admin_controls', in_array(config('app.auth_roles_admin'),explode(config('app.auth_roles_delimiter'), $_SERVER[config('app.auth_roles_http_header')])));
+            } else {
+                $view->with('enable_auth_admin_controls', true);
+            }
         });
 
         $this->app['view']->addNamespace('SupportedApps', app_path('SupportedApps'));

config/app.php

@@ -192,4 +192,10 @@
         'Yaml' => Symfony\Component\Yaml\Yaml::class,
     ])->toArray(),
 
+    'auth_roles_enable' =>  (bool) env('AUTH_ROLES_ENABLE', false),
+    'auth_roles_header' =>  env('AUTH_ROLES_HEADER', 'remote-groups'),
+    'auth_roles_http_header' =>  env('AUTH_ROLES_HTTP_HEADER', 'HTTP_REMOTE_GROUPS'),
+    'auth_roles_admin' =>  env('AUTH_ROLES_ADMIN', 'admin'),
+    'auth_roles_delimiter' =>  env('AUTH_ROLES_DELIMITER', ','),
+
 ];

database/migrations/2023_01_27_121000_add_role_to_item.php

@@ -0,0 +1,32 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class AddRoleToItem extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('items', function (Blueprint $table) {
+            $table->text('role')->nullable();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('items', function (Blueprint $table) {
+            //
+        });
+    }
+}

docker/docker-compose.yml

@@ -0,0 +1,26 @@
+version: "3"
+services:
+  nginx:
+    build:
+      context: .
+      dockerfile: nginx/Dockerfile
+    ports: 
+      - "8080:80"
+    networks:
+      - internal
+    volumes:
+      - ../:/var/www/html
+  php:
+    build:
+      context: .
+      dockerfile: php/Dockerfile
+    networks:
+      - internal
+    environment:
+      XDEBUG_MODE: debug
+      XDEBUG_CONFIG: client_host=host.docker.internal client_port=9003
+    volumes:
+      - ../:/var/www/html
+networks:
+  internal:
+    driver: bridge