separate route permission + token manage

2026-04-28 06:57:22 +08:00 · 2025-04-17 18:59:03 +07:00
parent 263901bc54
commit 432c57f886
27 changed files with 203 additions and 54 deletions
@@ -64,4 +64,19 @@ class Permission
    {
        return user_can(PermissionEnum::TORRENT_SET_SPECIAL_TAG->value);
    }
    public static function canManageUserBasicInfo(): bool
    {
        return user_can(PermissionEnum::MANAGE_USER_BASIC_INFO->value);
    }
    public static function canManageUserConfidentialInfo(): bool
    {
        return user_can(PermissionEnum::MANAGE_USER_CONFIDENTIAL_INFO->value);
    }
    public static function canViewUserConfidentialInfo(): bool
    {
        return user_can(PermissionEnum::VIEW_USER_CONFIDENTIAL_INFO->value);
    }
 }
@@ -2,9 +2,11 @@
 namespace App\Console\Commands;
 use App\Models\ExamUser;
 use App\Models\PersonalAccessToken;
 use App\Models\Torrent;
 use App\Models\User;
 use App\Repositories\ExamRepository;
 use App\Repositories\UploadRepository;
 use Illuminate\Console\Command;
 use NexusPlugin\Menu\Filament\MenuItemResource\Pages\ManageMenuItems;
@@ -53,12 +55,9 @@ class Test extends Command
     */
    public function handle()
    {
-        $a = ['acb' => 2];
+       $rep = new ExamRepository();
-
+       $result = $rep->getUserExamProgress(10041, ExamUser::STATUS_NORMAL);
-        if ($a = isset($a['ab'])) {
+       dd($result);
            $this->info("isset ab = true");
        }
        dd($a);
    }
 }
@@ -5,9 +5,6 @@ namespace App\Enums\Permission;
 enum PermissionEnum: string {
    case UPLOAD_TO_SPECIAL_SECTION = 'uploadspecial';
    case BE_ANONYMOUS = 'beanonymous';
    case TORRENT_LIST = 'torrent:list';
    case TORRENT_VIEW = 'torrent:view';
    case TORRENT_VIEW_SPECIAL = 'view_special_torrent';
    case TORRENT_SET_HR = 'torrent_hr';
    case TORRENT_SET_PRICE = 'torrent-set-price';
@@ -16,6 +13,8 @@ enum PermissionEnum: string {
    case TORRENT_APPROVAL_ALLOW_AUTOMATIC = 'torrent-approval-allow-automatic';
    case TORRENT_SET_SPECIAL_TAG = 'torrent-set-special-tag';
    case UPLOAD = 'upload';
    case MANAGE_USER_BASIC_INFO = "prfmanage";
    case MANAGE_USER_CONFIDENTIAL_INFO = "cruprfmanage";
    case VIEW_USER_CONFIDENTIAL_INFO = "userprofile";
    case USER_VIEW = "user:view";
 }
@@ -0,0 +1,10 @@
 <?php
 namespace App\Enums\Permission;
 enum RoutePermissionEnum: string {
    case TORRENT_LIST = 'torrent:list';
    case TORRENT_VIEW = 'torrent:view';
    case TORRENT_UPLOAD = 'torrent:upload';
    case USER_VIEW = "user:view";
 }
@@ -101,6 +101,7 @@ class Handler extends ExceptionHandler
        if (config('app.debug')) {
            $data['trace'] = $trace;
        }
 //        dd($e);
        if ($e instanceof \Error || $e instanceof \ErrorException) {
            do_log(sprintf(get_class($e) . ": %s, trace: %s", $msg, $e->getTraceAsString()), "error");
        }
@@ -80,7 +80,7 @@ class HitAndRunResource extends Resource
                    ->form([
                        Forms\Components\DatePicker::make('created_at_begin')
                            ->maxDate(now())
-                            ->label(__('hr.created_at_begin'))
+                            ->label(__('label.created_at_begin'))
                        ,
                    ])->query(function (Builder $query, array $data) {
                        return $query->when($data['created_at_begin'], fn (Builder $query, $value) => $query->where("created_at", '>=', $value));
@@ -90,7 +90,7 @@ class HitAndRunResource extends Resource
                    ->form([
                        Forms\Components\DatePicker::make('created_at_end')
                            ->maxDate(now())
-                            ->label(__('hr.created_at_end'))
+                            ->label(__('label.created_at_end'))
                        ,
                    ])->query(function (Builder $query, array $data) {
                        return $query->when($data['created_at_end'], fn (Builder $query, $value) => $query->where("created_at", '<=', $value));
@@ -0,0 +1,84 @@
 <?php
 namespace App\Filament\Resources\User;
 use App\Filament\Resources\User\TokenResource\Pages;
 use App\Filament\Resources\User\TokenResource\RelationManagers;
 use App\Models\PersonalAccessToken;
 use Filament\Forms;
 use Filament\Forms\Form;
 use Filament\Resources\Resource;
 use Filament\Tables;
 use Filament\Tables\Table;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\SoftDeletingScope;
 use Illuminate\Support\HtmlString;
 class TokenResource extends Resource
 {
    protected static ?string $model = PersonalAccessToken::class;
    protected static ?string $navigationIcon = 'heroicon-o-rectangle-stack';
    protected static ?string $navigationGroup = 'User';
    protected static ?int $navigationSort = 6;
    public static function getNavigationLabel(): string
    {
        return __('admin.sidebar.token');
    }
    public static function getBreadcrumb(): string
    {
        return self::getNavigationLabel();
    }
    public static function form(Form $form): Form
    {
        return $form
            ->schema([
                //
            ]);
    }
    public static function table(Table $table): Table
    {
        return $table
            ->columns([
                Tables\Columns\TextColumn::make('id'),
                Tables\Columns\TextColumn::make('name')->label(__('label.name')),
                Tables\Columns\TextColumn::make('abilities')
                    ->label(__('token.permission'))
                    ->formatStateUsing(fn ($record): string => $record->abilitiesText)
                ,
                Tables\Columns\TextColumn::make('token')->label(__('token.token')),
                Tables\Columns\TextColumn::make('tokenable_id')
                    ->label(__('label.username'))
                    ->formatStateUsing(fn ($state) => username_for_admin($state))
                ,
                Tables\Columns\TextColumn::make('last_used_at')->label(__('token.last_used_at')),
                Tables\Columns\TextColumn::make('expires_at')->label(__('label.expire_at')),
                Tables\Columns\TextColumn::make('created_at')->label(__('label.created_at')),
            ])
            ->filters([
                //
            ])
            ->actions([
 //                Tables\Actions\EditAction::make(),
                Tables\Actions\DeleteAction::make(),
            ])
            ->bulkActions([
                Tables\Actions\BulkActionGroup::make([
                    Tables\Actions\DeleteBulkAction::make(),
                ]),
            ]);
    }
    public static function getPages(): array
    {
        return [
            'index' => Pages\ManageTokens::route('/'),
        ];
    }
 }
@@ -0,0 +1,20 @@
 <?php
 namespace App\Filament\Resources\User\TokenResource\Pages;
 use App\Filament\PageListSingle;
 use App\Filament\Resources\User\TokenResource;
 use Filament\Actions;
 use Filament\Resources\Pages\ManageRecords;
 class ManageTokens extends PageListSingle
 {
    protected static string $resource = TokenResource::class;
    protected function getHeaderActions(): array
    {
        return [
 //            Actions\CreateAction::make(),
        ];
    }
 }
@@ -41,8 +41,8 @@ class ExamResource extends JsonResource
    {
        $filters = $exam->filters;
        foreach (Exam::$filters as $key => $value) {
-            if (!isset($filters->$key)) {
+            if (!isset($filters[$key])) {
-                $filters->$key = [];
+                $filters[$key] = [];
            }
        }
        return $filters;
@@ -2,7 +2,9 @@
 namespace App\Http\Resources;
 use App\Auth\Permission;
 use Illuminate\Http\Resources\Json\JsonResource;
 use Illuminate\Support\Facades\Gate;
 class UserResource extends JsonResource
 {
@@ -18,7 +20,7 @@ class UserResource extends JsonResource
        $out = [
            'id' => $this->id,
            'username' => $this->username,
-            'email' => $this->email,
+            'email' => $this->when(Gate::allows("viewEmail", $this->resource), $this->email),
            'status' => $this->status,
            'enabled' => $this->enabled,
            'added' => format_datetime($this->added),
@@ -13,7 +13,7 @@ class PersonalAccessToken extends SanctumPersonalAccessToken
        $result = [];
        foreach ($this->abilities as $ability) {
            if ($ability != '*') {
-                $result[] = nexus_trans("permission.{$ability}.text");
+                $result[] = nexus_trans("route-permission.{$ability}.text");
            }
        }
        return implode(', ', $result);
@@ -2,8 +2,10 @@
 namespace App\Policies;
 use App\Auth\Permission;
 use App\Models\User;
 use Illuminate\Auth\Access\HandlesAuthorization;
 use Illuminate\Auth\Access\Response;
 class UserPolicy extends BasePolicy
 {
@@ -29,7 +31,13 @@ class UserPolicy extends BasePolicy
     */
    public function view(User $user, User $model)
    {
-        return true;
+        return $model->privacy != "strong" || $user->id == $model->id|| Permission::canManageUserBasicInfo();
    }
    public function viewEmail(User $user, User $model)
    {
        do_log(sprintf("user: %s, model: %s", $user->id, $model->id));
        return $model->privacy == "low" || $user->id == $model->id || Permission::canViewUserConfidentialInfo();
    }
    /**
@@ -73,7 +73,8 @@ class AppPanelProvider extends PanelProvider
            ])
            ->authMiddleware([
                \App\Http\Middleware\Filament::class,
-            ]);
+            ])
            ;
    }
    public function boot()
@@ -1,22 +1,22 @@
 <?php
 namespace App\Repositories;
-use App\Enums\Permission\PermissionEnum;
+use App\Enums\Permission\RoutePermissionEnum;
 class TokenRepository extends BaseRepository
 {
    private static array $userTokenPermissions = [
-        PermissionEnum::TORRENT_LIST,
+        RoutePermissionEnum::TORRENT_LIST,
-        PermissionEnum::TORRENT_VIEW,
+        RoutePermissionEnum::TORRENT_VIEW,
-        PermissionEnum::UPLOAD,
+        RoutePermissionEnum::TORRENT_UPLOAD,
-        PermissionEnum::USER_VIEW,
+        RoutePermissionEnum::USER_VIEW,
    ];
    public function listUserTokenPermissions(): array
    {
        $result = [];
        foreach (self::$userTokenPermissions as $permission) {
-            $result[$permission->value] = nexus_trans("permission.{$permission->value}.text");
+            $result[$permission->value] = nexus_trans("route-permission.{$permission->value}.text");
        }
        return $result;
    }
@@ -26,6 +26,7 @@ use Illuminate\Support\Arr;
 use Illuminate\Support\Collection;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Gate;
 use Illuminate\Support\Str;
 use Nexus\Database\NexusDB;
@@ -69,7 +70,9 @@ class UserRepository extends BaseRepository
            ->allowIncludeCounts($allowIncludeCounts)
            ->allowIncludeFields($allowIncludeFields)
        ;
-        $user = $apiQueryBuilder->build()->findOrFail($id);
+        $query = $apiQueryBuilder->build();
        $user = $query->findOrFail($id);
        Gate::authorize('view', $user);
        return $this->appendIncludeFields($apiQueryBuilder, $currentUser, $user);
    }
@@ -1382,7 +1382,7 @@ function send_admin_fail_notification(string $msg = ""): void {
    \Filament\Notifications\Notification::make()->danger()->title($msg ?: "Fail!")->send();
 }
-function ability(\App\Enums\Permission\PermissionEnum $permission): string {
+function ability(\App\Enums\Permission\RoutePermissionEnum $permission): string {
    return sprintf("ability:%s", $permission->value);
 }
@@ -42,6 +42,7 @@ return [
        'oauth_access_token' => 'Access tokens',
        'oauth_auth_code' => 'Auth codes',
        'oauth_refresh_token' => 'Refresh tokens',
        'token' => 'Access tokens',
    ],
    'resources' => [
        'agent_allow' => [
@@ -217,8 +217,4 @@ return [
        'text' => 'Allow Userbar',
        'desc' => ' Get his userba',
    ],
    'torrent:list' => [
        'text' => 'Get torrent list',
        'desc' => 'Get torrent list',
    ],
 ];
@@ -5,4 +5,6 @@ return array (
  'permission' => 'Permissions',
  'maximum_allow_number_reached' => 'The number reaches the upper limit',
  'create_success_tip' => 'The token was created successfully, this data is displayed only once, please save it properly<br/><br/>:token',
  'last_used_at' => 'Recent usage time',
  'token' => 'summary',
 );
@@ -40,6 +40,7 @@ return [
        'oauth_access_token' => '访问令牌',
        'oauth_auth_code' => '授权码',
        'oauth_refresh_token' => '刷新令牌',
        'token' => '访问令牌',
    ],
    'resources' => [
        'agent_allow' => [
@@ -217,18 +217,4 @@ return [
        'text' => '允许个性条',
        'desc' => '允许用户使用个性条',
    ],
    //新加
    'torrent:list' => [
        'text' => '获取种子列表',
        'desc' => '获取种子列表',
    ],
    'torrent:view' => [
        'text' => '查看种子详情',
        'desc' => '查看种子详情',
    ],
    'user:view' => [
        'text' => '查看用户基本信息',
        'desc' => '查看用户基本信息',
    ],
 ];
@@ -0,0 +1,20 @@
 <?php
 return [
    'torrent:upload' => [
        'text' => '发布种子',
        'desc' => '发布种子',
    ],
    'torrent:list' => [
        'text' => '获取种子列表',
        'desc' => '获取种子列表',
    ],
    'torrent:view' => [
        'text' => '查看种子详情',
        'desc' => '查看种子详情',
    ],
    'user:view' => [
        'text' => '查看用户基本信息',
        'desc' => '查看用户基本信息',
    ],
 ];
@@ -5,4 +5,6 @@ return [
    "permission" => "权限",
    "maximum_allow_number_reached" => "数量达到上限",
    "create_success_tip" => "token 创建成功，此数据只展示一次，请妥善保存<br/><br/>:token",
    "last_used_at" => "最近使用时间",
    "token" => "摘要",
 ];
@@ -42,6 +42,7 @@ return [
        'oauth_access_token' => '訪問令牌',
        'oauth_auth_code' => '授權碼',
        'oauth_refresh_token' => '刷新令牌',
        'token' => '訪問令牌',
    ],
    'resources' => [
        'agent_allow' => [
@@ -217,8 +217,4 @@ return [
        'text' => '允許個性條',
        'desc' => '允許用戶使用個性條',
    ],
    'torrent:list' => [
        'text' => '獲取種子列表',
        'desc' => '獲取種子列表',
    ],
 ];
@@ -5,4 +5,6 @@ return array (
  'permission' => '權限',
  'maximum_allow_number_reached' => '數量達到上限',
  'create_success_tip' => 'token 創建成功，此數據只展示一次，請妥善保存<br/><br/>:token',
  'last_used_at' => '最近使用時間',
  'token' => '摘要',
 );
@@ -2,7 +2,7 @@
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Route;
-use App\Enums\Permission\PermissionEnum;
+use App\Enums\Permission\RoutePermissionEnum;
 /*
 |--------------------------------------------------------------------------
@@ -48,12 +48,12 @@ Route::group(['middleware' => ['auth:sanctum']], function () {
 //        Route::resource('forums', \App\Http\Controllers\ForumController::class);
 //        Route::resource('topics', \App\Http\Controllers\TopicController::class);
-        Route::get('sections', [\App\Http\Controllers\UploadController::class, 'sections'])->middleware(ability(PermissionEnum::UPLOAD));
+        Route::get('sections', [\App\Http\Controllers\UploadController::class, 'sections'])->middleware(ability(RoutePermissionEnum::TORRENT_UPLOAD));
-        Route::get('torrents/{section?}', [\App\Http\Controllers\TorrentController::class, 'index'])->middleware(ability(PermissionEnum::TORRENT_LIST));
+        Route::get('torrents/{section?}', [\App\Http\Controllers\TorrentController::class, 'index'])->middleware(ability(RoutePermissionEnum::TORRENT_LIST));
-        Route::post('upload', [\App\Http\Controllers\TorrentController::class, 'store'])->middleware(ability(PermissionEnum::UPLOAD));
+        Route::post('upload', [\App\Http\Controllers\TorrentController::class, 'store'])->middleware(ability(RoutePermissionEnum::TORRENT_UPLOAD));
-        Route::get('detail/{id}', [\App\Http\Controllers\TorrentController::class, 'show'])->middleware(ability(PermissionEnum::TORRENT_VIEW));
+        Route::get('detail/{id}', [\App\Http\Controllers\TorrentController::class, 'show'])->middleware(ability(RoutePermissionEnum::TORRENT_VIEW));
-        Route::get('/profile/{id?}', [\App\Http\Controllers\UserController::class, 'show'])->middleware(ability(PermissionEnum::USER_VIEW));
+        Route::get('/profile/{id?}', [\App\Http\Controllers\UserController::class, 'show'])->middleware(ability(RoutePermissionEnum::USER_VIEW));
    });