separate route permission + token manage

2026-04-14 12:30:49 +08:00 · 2025-04-17 18:59:03 +07:00
parent 263901bc54
commit 432c57f886
27 changed files with 203 additions and 54 deletions
--- a/app/Auth/Permission.php
+++ b/app/Auth/Permission.php
@@ -64,4 +64,19 @@ class Permission
    {
        return user_can(PermissionEnum::TORRENT_SET_SPECIAL_TAG->value);
    }
+
+    public static function canManageUserBasicInfo(): bool
+    {
+        return user_can(PermissionEnum::MANAGE_USER_BASIC_INFO->value);
+    }
+
+    public static function canManageUserConfidentialInfo(): bool
+    {
+        return user_can(PermissionEnum::MANAGE_USER_CONFIDENTIAL_INFO->value);
+    }
+
+    public static function canViewUserConfidentialInfo(): bool
+    {
+        return user_can(PermissionEnum::VIEW_USER_CONFIDENTIAL_INFO->value);
+    }
 }
--- a/app/Console/Commands/Test.php
+++ b/app/Console/Commands/Test.php
@@ -2,9 +2,11 @@

 namespace App\Console\Commands;

+use App\Models\ExamUser;
 use App\Models\PersonalAccessToken;
 use App\Models\Torrent;
 use App\Models\User;
+use App\Repositories\ExamRepository;
 use App\Repositories\UploadRepository;
 use Illuminate\Console\Command;
 use NexusPlugin\Menu\Filament\MenuItemResource\Pages\ManageMenuItems;
@@ -53,12 +55,9 @@ class Test extends Command
     */
    public function handle()
    {
-        $a = ['acb' => 2];
-
-        if ($a = isset($a['ab'])) {
-            $this->info("isset ab = true");
-        }
-        dd($a);
+       $rep = new ExamRepository();
+       $result = $rep->getUserExamProgress(10041, ExamUser::STATUS_NORMAL);
+       dd($result);
    }

 }
--- a/app/Enums/Permission/PermissionEnum.php
+++ b/app/Enums/Permission/PermissionEnum.php
@@ -5,9 +5,6 @@ namespace App\Enums\Permission;
 enum PermissionEnum: string {
    case UPLOAD_TO_SPECIAL_SECTION = 'uploadspecial';
    case BE_ANONYMOUS = 'beanonymous';
-
-    case TORRENT_LIST = 'torrent:list';
-    case TORRENT_VIEW = 'torrent:view';
    case TORRENT_VIEW_SPECIAL = 'view_special_torrent';
    case TORRENT_SET_HR = 'torrent_hr';
    case TORRENT_SET_PRICE = 'torrent-set-price';
@@ -16,6 +13,8 @@ enum PermissionEnum: string {
    case TORRENT_APPROVAL_ALLOW_AUTOMATIC = 'torrent-approval-allow-automatic';
    case TORRENT_SET_SPECIAL_TAG = 'torrent-set-special-tag';
    case UPLOAD = 'upload';
+    case MANAGE_USER_BASIC_INFO = "prfmanage";
+    case MANAGE_USER_CONFIDENTIAL_INFO = "cruprfmanage";
+    case VIEW_USER_CONFIDENTIAL_INFO = "userprofile";

-    case USER_VIEW = "user:view";
 }
--- a/app/Enums/Permission/RoutePermissionEnum.php
+++ b/app/Enums/Permission/RoutePermissionEnum.php
@@ -0,0 +1,10 @@
+<?php
+
+namespace App\Enums\Permission;
+
+enum RoutePermissionEnum: string {
+    case TORRENT_LIST = 'torrent:list';
+    case TORRENT_VIEW = 'torrent:view';
+    case TORRENT_UPLOAD = 'torrent:upload';
+    case USER_VIEW = "user:view";
+}
--- a/app/Exceptions/Handler.php
+++ b/app/Exceptions/Handler.php
@@ -101,6 +101,7 @@ class Handler extends ExceptionHandler
        if (config('app.debug')) {
            $data['trace'] = $trace;
        }
+//        dd($e);
        if ($e instanceof \Error || $e instanceof \ErrorException) {
            do_log(sprintf(get_class($e) . ": %s, trace: %s", $msg, $e->getTraceAsString()), "error");
        }
--- a/app/Filament/Resources/User/HitAndRunResource.php
+++ b/app/Filament/Resources/User/HitAndRunResource.php
@@ -80,7 +80,7 @@ class HitAndRunResource extends Resource
                    ->form([
                        Forms\Components\DatePicker::make('created_at_begin')
                            ->maxDate(now())
-                            ->label(__('hr.created_at_begin'))
+                            ->label(__('label.created_at_begin'))
                        ,
                    ])->query(function (Builder $query, array $data) {
                        return $query->when($data['created_at_begin'], fn (Builder $query, $value) => $query->where("created_at", '>=', $value));
@@ -90,7 +90,7 @@ class HitAndRunResource extends Resource
                    ->form([
                        Forms\Components\DatePicker::make('created_at_end')
                            ->maxDate(now())
-                            ->label(__('hr.created_at_end'))
+                            ->label(__('label.created_at_end'))
                        ,
                    ])->query(function (Builder $query, array $data) {
                        return $query->when($data['created_at_end'], fn (Builder $query, $value) => $query->where("created_at", '<=', $value));
--- a/app/Filament/Resources/User/TokenResource.php
+++ b/app/Filament/Resources/User/TokenResource.php
@@ -0,0 +1,84 @@
+<?php
+
+namespace App\Filament\Resources\User;
+
+use App\Filament\Resources\User\TokenResource\Pages;
+use App\Filament\Resources\User\TokenResource\RelationManagers;
+use App\Models\PersonalAccessToken;
+use Filament\Forms;
+use Filament\Forms\Form;
+use Filament\Resources\Resource;
+use Filament\Tables;
+use Filament\Tables\Table;
+use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Database\Eloquent\SoftDeletingScope;
+use Illuminate\Support\HtmlString;
+
+class TokenResource extends Resource
+{
+    protected static ?string $model = PersonalAccessToken::class;
+
+    protected static ?string $navigationIcon = 'heroicon-o-rectangle-stack';
+
+    protected static ?string $navigationGroup = 'User';
+
+    protected static ?int $navigationSort = 6;
+
+    public static function getNavigationLabel(): string
+    {
+        return __('admin.sidebar.token');
+    }
+
+    public static function getBreadcrumb(): string
+    {
+        return self::getNavigationLabel();
+    }
+
+    public static function form(Form $form): Form
+    {
+        return $form
+            ->schema([
+                //
+            ]);
+    }
+
+    public static function table(Table $table): Table
+    {
+        return $table
+            ->columns([
+                Tables\Columns\TextColumn::make('id'),
+                Tables\Columns\TextColumn::make('name')->label(__('label.name')),
+                Tables\Columns\TextColumn::make('abilities')
+                    ->label(__('token.permission'))
+                    ->formatStateUsing(fn ($record): string => $record->abilitiesText)
+                ,
+                Tables\Columns\TextColumn::make('token')->label(__('token.token')),
+                Tables\Columns\TextColumn::make('tokenable_id')
+                    ->label(__('label.username'))
+                    ->formatStateUsing(fn ($state) => username_for_admin($state))
+                ,
+                Tables\Columns\TextColumn::make('last_used_at')->label(__('token.last_used_at')),
+                Tables\Columns\TextColumn::make('expires_at')->label(__('label.expire_at')),
+                Tables\Columns\TextColumn::make('created_at')->label(__('label.created_at')),
+            ])
+            ->filters([
+                //
+            ])
+            ->actions([
+//                Tables\Actions\EditAction::make(),
+                Tables\Actions\DeleteAction::make(),
+            ])
+            ->bulkActions([
+                Tables\Actions\BulkActionGroup::make([
+                    Tables\Actions\DeleteBulkAction::make(),
+                ]),
+            ]);
+    }
+
+    public static function getPages(): array
+    {
+        return [
+            'index' => Pages\ManageTokens::route('/'),
+        ];
+    }
+}
--- a/app/Filament/Resources/User/TokenResource/Pages/ManageTokens.php
+++ b/app/Filament/Resources/User/TokenResource/Pages/ManageTokens.php
@@ -0,0 +1,20 @@
+<?php
+
+namespace App\Filament\Resources\User\TokenResource\Pages;
+
+use App\Filament\PageListSingle;
+use App\Filament\Resources\User\TokenResource;
+use Filament\Actions;
+use Filament\Resources\Pages\ManageRecords;
+
+class ManageTokens extends PageListSingle
+{
+    protected static string $resource = TokenResource::class;
+
+    protected function getHeaderActions(): array
+    {
+        return [
+//            Actions\CreateAction::make(),
+        ];
+    }
+}
--- a/app/Http/Resources/ExamResource.php
+++ b/app/Http/Resources/ExamResource.php
@@ -41,8 +41,8 @@ class ExamResource extends JsonResource
    {
        $filters = $exam->filters;
        foreach (Exam::$filters as $key => $value) {
-            if (!isset($filters->$key)) {
-                $filters->$key = [];
+            if (!isset($filters[$key])) {
+                $filters[$key] = [];
            }
        }
        return $filters;
--- a/app/Http/Resources/UserResource.php
+++ b/app/Http/Resources/UserResource.php
@@ -2,7 +2,9 @@

 namespace App\Http\Resources;

+use App\Auth\Permission;
 use Illuminate\Http\Resources\Json\JsonResource;
+use Illuminate\Support\Facades\Gate;

 class UserResource extends JsonResource
 {
@@ -18,7 +20,7 @@ class UserResource extends JsonResource
        $out = [
            'id' => $this->id,
            'username' => $this->username,
-            'email' => $this->email,
+            'email' => $this->when(Gate::allows("viewEmail", $this->resource), $this->email),
            'status' => $this->status,
            'enabled' => $this->enabled,
            'added' => format_datetime($this->added),
--- a/app/Models/PersonalAccessToken.php
+++ b/app/Models/PersonalAccessToken.php
@@ -13,7 +13,7 @@ class PersonalAccessToken extends SanctumPersonalAccessToken
        $result = [];
        foreach ($this->abilities as $ability) {
            if ($ability != '*') {
-                $result[] = nexus_trans("permission.{$ability}.text");
+                $result[] = nexus_trans("route-permission.{$ability}.text");
            }
        }
        return implode(', ', $result);
--- a/app/Policies/UserPolicy.php
+++ b/app/Policies/UserPolicy.php
@@ -2,8 +2,10 @@

 namespace App\Policies;

+use App\Auth\Permission;
 use App\Models\User;
 use Illuminate\Auth\Access\HandlesAuthorization;
+use Illuminate\Auth\Access\Response;

 class UserPolicy extends BasePolicy
 {
@@ -29,7 +31,13 @@ class UserPolicy extends BasePolicy
     */
    public function view(User $user, User $model)
    {
-        return true;
+        return $model->privacy != "strong" || $user->id == $model->id|| Permission::canManageUserBasicInfo();
+    }
+
+    public function viewEmail(User $user, User $model)
+    {
+        do_log(sprintf("user: %s, model: %s", $user->id, $model->id));
+        return $model->privacy == "low" || $user->id == $model->id || Permission::canViewUserConfidentialInfo();
    }

    /**
--- a/app/Providers/Filament/AppPanelProvider.php
+++ b/app/Providers/Filament/AppPanelProvider.php
@@ -73,7 +73,8 @@ class AppPanelProvider extends PanelProvider
            ])
            ->authMiddleware([
                \App\Http\Middleware\Filament::class,
-            ]);
+            ])
+            ;
    }

    public function boot()
--- a/app/Repositories/TokenRepository.php
+++ b/app/Repositories/TokenRepository.php
@@ -1,22 +1,22 @@
 <?php
 namespace App\Repositories;

-use App\Enums\Permission\PermissionEnum;
+use App\Enums\Permission\RoutePermissionEnum;

 class TokenRepository extends BaseRepository
 {
    private static array $userTokenPermissions = [
-        PermissionEnum::TORRENT_LIST,
-        PermissionEnum::TORRENT_VIEW,
-        PermissionEnum::UPLOAD,
-        PermissionEnum::USER_VIEW,
+        RoutePermissionEnum::TORRENT_LIST,
+        RoutePermissionEnum::TORRENT_VIEW,
+        RoutePermissionEnum::TORRENT_UPLOAD,
+        RoutePermissionEnum::USER_VIEW,
    ];

    public function listUserTokenPermissions(): array
    {
        $result = [];
        foreach (self::$userTokenPermissions as $permission) {
-            $result[$permission->value] = nexus_trans("permission.{$permission->value}.text");
+            $result[$permission->value] = nexus_trans("route-permission.{$permission->value}.text");
        }
        return $result;
    }
--- a/app/Repositories/UserRepository.php
+++ b/app/Repositories/UserRepository.php
@@ -26,6 +26,7 @@ use Illuminate\Support\Arr;
 use Illuminate\Support\Collection;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Support\Str;
 use Nexus\Database\NexusDB;

@@ -69,7 +70,9 @@ class UserRepository extends BaseRepository
            ->allowIncludeCounts($allowIncludeCounts)
            ->allowIncludeFields($allowIncludeFields)
        ;
-        $user = $apiQueryBuilder->build()->findOrFail($id);
+        $query = $apiQueryBuilder->build();
+        $user = $query->findOrFail($id);
+        Gate::authorize('view', $user);
        return $this->appendIncludeFields($apiQueryBuilder, $currentUser, $user);
    }

--- a/include/globalfunctions.php
+++ b/include/globalfunctions.php
@@ -1382,7 +1382,7 @@ function send_admin_fail_notification(string $msg = ""): void {
    \Filament\Notifications\Notification::make()->danger()->title($msg ?: "Fail!")->send();
 }

-function ability(\App\Enums\Permission\PermissionEnum $permission): string {
+function ability(\App\Enums\Permission\RoutePermissionEnum $permission): string {
    return sprintf("ability:%s", $permission->value);
 }

--- a/resources/lang/en/admin.php
+++ b/resources/lang/en/admin.php
@@ -42,6 +42,7 @@ return [
        'oauth_access_token' => 'Access tokens',
        'oauth_auth_code' => 'Auth codes',
        'oauth_refresh_token' => 'Refresh tokens',
+        'token' => 'Access tokens',
    ],
    'resources' => [
        'agent_allow' => [
--- a/resources/lang/en/permission.php
+++ b/resources/lang/en/permission.php
@@ -217,8 +217,4 @@ return [
        'text' => 'Allow Userbar',
        'desc' => ' Get his userba',
    ],
-    'torrent:list' => [
-        'text' => 'Get torrent list',
-        'desc' => 'Get torrent list',
-    ],
 ];
--- a/resources/lang/en/token.php
+++ b/resources/lang/en/token.php
@@ -5,4 +5,6 @@ return array (
  'permission' => 'Permissions',
  'maximum_allow_number_reached' => 'The number reaches the upper limit',
  'create_success_tip' => 'The token was created successfully, this data is displayed only once, please save it properly<br/><br/>:token',
+  'last_used_at' => 'Recent usage time',
+  'token' => 'summary',
 );
--- a/resources/lang/zh_CN/admin.php
+++ b/resources/lang/zh_CN/admin.php
@@ -40,6 +40,7 @@ return [
        'oauth_access_token' => '访问令牌',
        'oauth_auth_code' => '授权码',
        'oauth_refresh_token' => '刷新令牌',
+        'token' => '访问令牌',
    ],
    'resources' => [
        'agent_allow' => [
--- a/resources/lang/zh_CN/permission.php
+++ b/resources/lang/zh_CN/permission.php
@@ -217,18 +217,4 @@ return [
        'text' => '允许个性条',
        'desc' => '允许用户使用个性条',
    ],
-
-    //新加
-    'torrent:list' => [
-        'text' => '获取种子列表',
-        'desc' => '获取种子列表',
-    ],
-    'torrent:view' => [
-        'text' => '查看种子详情',
-        'desc' => '查看种子详情',
-    ],
-    'user:view' => [
-        'text' => '查看用户基本信息',
-        'desc' => '查看用户基本信息',
-    ],
 ];
--- a/resources/lang/zh_CN/route-permission.php
+++ b/resources/lang/zh_CN/route-permission.php
@@ -0,0 +1,20 @@
+<?php
+
+return [
+    'torrent:upload' => [
+        'text' => '发布种子',
+        'desc' => '发布种子',
+    ],
+    'torrent:list' => [
+        'text' => '获取种子列表',
+        'desc' => '获取种子列表',
+    ],
+    'torrent:view' => [
+        'text' => '查看种子详情',
+        'desc' => '查看种子详情',
+    ],
+    'user:view' => [
+        'text' => '查看用户基本信息',
+        'desc' => '查看用户基本信息',
+    ],
+];
--- a/resources/lang/zh_CN/token.php
+++ b/resources/lang/zh_CN/token.php
@@ -5,4 +5,6 @@ return [
    "permission" => "权限",
    "maximum_allow_number_reached" => "数量达到上限",
    "create_success_tip" => "token 创建成功，此数据只展示一次，请妥善保存<br/><br/>:token",
+    "last_used_at" => "最近使用时间",
+    "token" => "摘要",
 ];
--- a/resources/lang/zh_TW/admin.php
+++ b/resources/lang/zh_TW/admin.php
@@ -42,6 +42,7 @@ return [
        'oauth_access_token' => '訪問令牌',
        'oauth_auth_code' => '授權碼',
        'oauth_refresh_token' => '刷新令牌',
+        'token' => '訪問令牌',
    ],
    'resources' => [
        'agent_allow' => [
--- a/resources/lang/zh_TW/permission.php
+++ b/resources/lang/zh_TW/permission.php
@@ -217,8 +217,4 @@ return [
        'text' => '允許個性條',
        'desc' => '允許用戶使用個性條',
    ],
-    'torrent:list' => [
-        'text' => '獲取種子列表',
-        'desc' => '獲取種子列表',
-    ],
 ];
--- a/resources/lang/zh_TW/token.php
+++ b/resources/lang/zh_TW/token.php
@@ -5,4 +5,6 @@ return array (
  'permission' => '權限',
  'maximum_allow_number_reached' => '數量達到上限',
  'create_success_tip' => 'token 創建成功，此數據只展示一次，請妥善保存<br/><br/>:token',
+  'last_used_at' => '最近使用時間',
+  'token' => '摘要',
 );
--- a/routes/api.php
+++ b/routes/api.php
@@ -2,7 +2,7 @@

 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Route;
-use App\Enums\Permission\PermissionEnum;
+use App\Enums\Permission\RoutePermissionEnum;

 /*
 |--------------------------------------------------------------------------
@@ -48,12 +48,12 @@ Route::group(['middleware' => ['auth:sanctum']], function () {
 //        Route::resource('forums', \App\Http\Controllers\ForumController::class);
 //        Route::resource('topics', \App\Http\Controllers\TopicController::class);

-        Route::get('sections', [\App\Http\Controllers\UploadController::class, 'sections'])->middleware(ability(PermissionEnum::UPLOAD));
-        Route::get('torrents/{section?}', [\App\Http\Controllers\TorrentController::class, 'index'])->middleware(ability(PermissionEnum::TORRENT_LIST));
-        Route::post('upload', [\App\Http\Controllers\TorrentController::class, 'store'])->middleware(ability(PermissionEnum::UPLOAD));
-        Route::get('detail/{id}', [\App\Http\Controllers\TorrentController::class, 'show'])->middleware(ability(PermissionEnum::TORRENT_VIEW));
+        Route::get('sections', [\App\Http\Controllers\UploadController::class, 'sections'])->middleware(ability(RoutePermissionEnum::TORRENT_UPLOAD));
+        Route::get('torrents/{section?}', [\App\Http\Controllers\TorrentController::class, 'index'])->middleware(ability(RoutePermissionEnum::TORRENT_LIST));
+        Route::post('upload', [\App\Http\Controllers\TorrentController::class, 'store'])->middleware(ability(RoutePermissionEnum::TORRENT_UPLOAD));
+        Route::get('detail/{id}', [\App\Http\Controllers\TorrentController::class, 'show'])->middleware(ability(RoutePermissionEnum::TORRENT_VIEW));

-        Route::get('/profile/{id?}', [\App\Http\Controllers\UserController::class, 'show'])->middleware(ability(PermissionEnum::USER_VIEW));
+        Route::get('/profile/{id?}', [\App\Http\Controllers\UserController::class, 'show'])->middleware(ability(RoutePermissionEnum::USER_VIEW));


    });