fix admin setting authorization + cleanup trans

2026-04-15 13:32:41 +08:00 · 2022-07-18 17:50:05 +08:00
parent 1759f4abfc
commit e5d996cb75
10 changed files with 48 additions and 19 deletions
--- a/app/Filament/Resources/System/AgentAllowResource.php
+++ b/app/Filament/Resources/System/AgentAllowResource.php
@@ -36,11 +36,6 @@ class AgentAllowResource extends Resource
        return self::getNavigationLabel();
    }

-//    public static function getModelLabel(): string
-//    {
-//
-//    }
-

    public static function form(Form $form): Form
    {
--- a/app/Filament/Resources/System/AgentAllowResource/Pages/ListAgentAllows.php
+++ b/app/Filament/Resources/System/AgentAllowResource/Pages/ListAgentAllows.php
@@ -36,4 +36,5 @@ class ListAgentAllows extends PageList

        ];
    }
+
 }
--- a/app/Filament/Resources/System/SettingResource/Pages/EditSetting.php
+++ b/app/Filament/Resources/System/SettingResource/Pages/EditSetting.php
@@ -30,6 +30,8 @@ class EditSetting extends Page implements Forms\Contracts\HasForms

    public function mount()
    {
+        static::authorizeResourceAccess();
+
        $settings = Setting::get();
        $this->form->fill($settings);

@@ -67,6 +69,8 @@ class EditSetting extends Page implements Forms\Contracts\HasForms

    public function submit()
    {
+        static::authorizeResourceAccess();
+
        $formData = $this->form->getState();
        $notAutoloadNames = ['donation_custom'];
        $data = [];
--- a/app/Policies/SettingPolicy.php
+++ b/app/Policies/SettingPolicy.php
@@ -18,7 +18,7 @@ class SettingPolicy extends BasePolicy
     */
    public function viewAny(User $user)
    {
-        //
+        return $this->can($user);
    }

    /**
@@ -30,7 +30,7 @@ class SettingPolicy extends BasePolicy
     */
    public function view(User $user, Setting $setting)
    {
-        //
+        return $this->can($user);
    }

    /**
@@ -53,7 +53,7 @@ class SettingPolicy extends BasePolicy
     */
    public function update(User $user, Setting $setting)
    {
-        //
+        return $this->can($user);
    }

    /**
@@ -65,7 +65,7 @@ class SettingPolicy extends BasePolicy
     */
    public function delete(User $user, Setting $setting)
    {
-        //
+
    }

    /**
--- a/app/Repositories/UserRepository.php
+++ b/app/Repositories/UserRepository.php
@@ -162,7 +162,7 @@ class UserRepository extends BaseRepository
        if ($targetUser->enabled == User::ENABLED_NO) {
            throw new NexusException('Already disabled !');
        }
-        if ($targetUser->class >= $operator->class) {
+        if ($operator->class <= $targetUser->class) {
            throw new NexusException('No Permission !');
        }
        $banLog = [
@@ -186,7 +186,7 @@ class UserRepository extends BaseRepository
        if ($targetUser->enabled == User::ENABLED_YES) {
            throw new NexusException('Already enabled !');
        }
-        if ($targetUser->class >= $operator->class) {
+        if ($operator->class <= $targetUser->class) {
            throw new NexusException('No Permission !');
        }
        $update = [
@@ -303,7 +303,7 @@ class UserRepository extends BaseRepository
    {
        $operator = $this->getOperator($operator);
        $classRequire = Setting::get('authority.prfmanage');
-        if ($operator->class < $classRequire) {
+        if ($operator->class <= $classRequire) {
            throw new \RuntimeException("No permission.");
        }
        $user = User::query()->findOrFail($uid, User::$commonFields);