From e5d996cb75fb95e54098538583bef6ab7f974a67 Mon Sep 17 00:00:00 2001
From: xiaomlove <i353856593@163.com>
Date: Mon, 18 Jul 2022 17:50:05 +0800
Subject: [PATCH] fix admin setting authorization + cleanup trans

---
 README.md                                            |  4 ++--
 app/Filament/Resources/System/AgentAllowResource.php |  5 -----
 .../AgentAllowResource/Pages/ListAgentAllows.php     |  1 +
 .../System/SettingResource/Pages/EditSetting.php     |  4 ++++
 app/Policies/SettingPolicy.php                       |  8 ++++----
 app/Repositories/UserRepository.php                  |  6 +++---
 lang/chs/lang_docleanup.php                          |  9 +++++++++
 lang/cht/lang_docleanup.php                          |  9 +++++++++
 lang/en/lang_docleanup.php                           |  9 +++++++++
 public/docleanup.php                                 | 12 +++++++-----
 10 files changed, 48 insertions(+), 19 deletions(-)
 create mode 100644 lang/chs/lang_docleanup.php
 create mode 100644 lang/cht/lang_docleanup.php
 create mode 100644 lang/en/lang_docleanup.php

diff --git a/README.md b/README.md
index fa90400e..03ec857e 100644
--- a/README.md
+++ b/README.md
@@ -26,8 +26,8 @@
 
 ## 系统要求
 - PHP: 8.0，必须扩展：bcmath, ctype, curl, fileinfo, json, mbstring, openssl, pdo_mysql, tokenizer, xml, mysqli, gd, redis, pcntl, sockets, posix
-- Mysql: 5.7最新版或以上版本
-- Redis：2.0.0或以上版本
+- Mysql: 5.7 最新版或以上版本
+- Redis：2.0.0 或以上版本
 
 ## 快速开始
 安装 docker。  
diff --git a/app/Filament/Resources/System/AgentAllowResource.php b/app/Filament/Resources/System/AgentAllowResource.php
index 5b380c07..e1a323c3 100644
--- a/app/Filament/Resources/System/AgentAllowResource.php
+++ b/app/Filament/Resources/System/AgentAllowResource.php
@@ -36,11 +36,6 @@ class AgentAllowResource extends Resource
         return self::getNavigationLabel();
     }
 
-//    public static function getModelLabel(): string
-//    {
-//
-//    }
-
 
     public static function form(Form $form): Form
     {
diff --git a/app/Filament/Resources/System/AgentAllowResource/Pages/ListAgentAllows.php b/app/Filament/Resources/System/AgentAllowResource/Pages/ListAgentAllows.php
index e76240ef..6f6b4e36 100644
--- a/app/Filament/Resources/System/AgentAllowResource/Pages/ListAgentAllows.php
+++ b/app/Filament/Resources/System/AgentAllowResource/Pages/ListAgentAllows.php
@@ -36,4 +36,5 @@ class ListAgentAllows extends PageList
 
         ];
     }
+
 }
diff --git a/app/Filament/Resources/System/SettingResource/Pages/EditSetting.php b/app/Filament/Resources/System/SettingResource/Pages/EditSetting.php
index cc4ef5fa..e556f81b 100644
--- a/app/Filament/Resources/System/SettingResource/Pages/EditSetting.php
+++ b/app/Filament/Resources/System/SettingResource/Pages/EditSetting.php
@@ -30,6 +30,8 @@ class EditSetting extends Page implements Forms\Contracts\HasForms
 
     public function mount()
     {
+        static::authorizeResourceAccess();
+
         $settings = Setting::get();
         $this->form->fill($settings);
 
@@ -67,6 +69,8 @@ class EditSetting extends Page implements Forms\Contracts\HasForms
 
     public function submit()
     {
+        static::authorizeResourceAccess();
+
         $formData = $this->form->getState();
         $notAutoloadNames = ['donation_custom'];
         $data = [];
diff --git a/app/Policies/SettingPolicy.php b/app/Policies/SettingPolicy.php
index d6fd797d..017464f6 100644
--- a/app/Policies/SettingPolicy.php
+++ b/app/Policies/SettingPolicy.php
@@ -18,7 +18,7 @@ class SettingPolicy extends BasePolicy
      */
     public function viewAny(User $user)
     {
-        //
+        return $this->can($user);
     }
 
     /**
@@ -30,7 +30,7 @@ class SettingPolicy extends BasePolicy
      */
     public function view(User $user, Setting $setting)
     {
-        //
+        return $this->can($user);
     }
 
     /**
@@ -53,7 +53,7 @@ class SettingPolicy extends BasePolicy
      */
     public function update(User $user, Setting $setting)
     {
-        //
+        return $this->can($user);
     }
 
     /**
@@ -65,7 +65,7 @@ class SettingPolicy extends BasePolicy
      */
     public function delete(User $user, Setting $setting)
     {
-        //
+
     }
 
     /**
diff --git a/app/Repositories/UserRepository.php b/app/Repositories/UserRepository.php
index be1180ce..8e4d6074 100644
--- a/app/Repositories/UserRepository.php
+++ b/app/Repositories/UserRepository.php
@@ -162,7 +162,7 @@ class UserRepository extends BaseRepository
         if ($targetUser->enabled == User::ENABLED_NO) {
             throw new NexusException('Already disabled !');
         }
-        if ($targetUser->class >= $operator->class) {
+        if ($operator->class <= $targetUser->class) {
             throw new NexusException('No Permission !');
         }
         $banLog = [
@@ -186,7 +186,7 @@ class UserRepository extends BaseRepository
         if ($targetUser->enabled == User::ENABLED_YES) {
             throw new NexusException('Already enabled !');
         }
-        if ($targetUser->class >= $operator->class) {
+        if ($operator->class <= $targetUser->class) {
             throw new NexusException('No Permission !');
         }
         $update = [
@@ -303,7 +303,7 @@ class UserRepository extends BaseRepository
     {
         $operator = $this->getOperator($operator);
         $classRequire = Setting::get('authority.prfmanage');
-        if ($operator->class < $classRequire) {
+        if ($operator->class <= $classRequire) {
             throw new \RuntimeException("No permission.");
         }
         $user = User::query()->findOrFail($uid, User::$commonFields);
diff --git a/lang/chs/lang_docleanup.php b/lang/chs/lang_docleanup.php
new file mode 100644
index 00000000..fea84e44
--- /dev/null
+++ b/lang/chs/lang_docleanup.php
@@ -0,0 +1,9 @@
+<?php
+
+$lang_docleanup = [
+    'title' => '执行清理',
+    'running' => '清理进行中，请稍候...',
+    'force' => '如需要强制彻底清理，点击<a href="docleanup.php?forceall=1">这里</a>',
+    'time_consumed' => '耗时：%f 秒',
+    'done' => '完成',
+];
diff --git a/lang/cht/lang_docleanup.php b/lang/cht/lang_docleanup.php
new file mode 100644
index 00000000..0488a520
--- /dev/null
+++ b/lang/cht/lang_docleanup.php
@@ -0,0 +1,9 @@
+<?php
+
+$lang_docleanup = [
+    'title' => '執行清理',
+    'running' => '清理進行中，請稍候...',
+    'force' => '如需要強製徹底清理，點擊<a href="docleanup.php?forceall=1">這裏</a>',
+    'time_consumed' => '耗時：%f 秒',
+    'done' => '完成',
+];
diff --git a/lang/en/lang_docleanup.php b/lang/en/lang_docleanup.php
new file mode 100644
index 00000000..698aeea7
--- /dev/null
+++ b/lang/en/lang_docleanup.php
@@ -0,0 +1,9 @@
+<?php
+
+$lang_docleanup = [
+    'title' => 'Do Clean-up',
+    'running' => 'clean-up in progress...please wait',
+    'force' => 'If you need to force a complete cleaning, click<a href="docleanup.php?forceall=1">here</a>',
+    'time_consumed' => 'Time consumed：%f sec',
+    'done' => 'Done',
+];
diff --git a/public/docleanup.php b/public/docleanup.php
index 95821b94..6bfe1746 100644
--- a/public/docleanup.php
+++ b/public/docleanup.php
@@ -6,16 +6,18 @@ dbconn();
 if (get_user_class() < UC_SYSOP) {
 die('forbidden');
 }
-echo "<html><head><title>Do Clean-up</title></head><body>";
+require get_langfile_path();
+
+echo "<html><head><title>".$lang_docleanup['title']."</title></head><body>";
 echo "<p>";
-echo "clean-up in progress...please wait<br />";
+echo $lang_docleanup['running'] . "<br />";
 ob_flush();
 flush();
 if (isset($_GET['forceall']) && $_GET['forceall']) {
 	$forceall = 1;
 } else {
 	$forceall = 0;
-echo "you may force full clean-up by adding the parameter 'forceall=1' to URL<br />";
+    echo $lang_docleanup['force'] . '<br />';
 }
 echo "</p>";
 $tstart = getmicrotime();
@@ -23,6 +25,6 @@ require_once("include/cleanup.php");
 print("<p>".docleanup($forceall, 1)."</p>");
 $tend = getmicrotime();
 $totaltime = ($tend - $tstart);
-printf ("Time consumed:  %f sec<br />", $totaltime);
-echo "Done<br />";
+printf ($lang_docleanup['time_consumed']."<br />", $totaltime);
+echo $lang_docleanup['done']."<br />";
 echo "</body></html>";