lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-24 03:57:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

admin permission control

Browse Source
This commit is contained in:
xiaomlove
2022-07-18 01:37:50 +08:00
parent c147ba528f
commit ffd25a1dae
5 changed files with 39 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Filament/Resources/User/UserResource/Pages/UserProfile.php
+16 -10
View File
@@ -48,17 +48,19 @@ class UserProfile extends Page
protected function getActions(): array protected function getActions(): array
{ {
$actions = []; $actions = [];
if ($this->record->two_step_secret) { if (Auth::user()->class > $this->record->class) {
$actions[] = $this->buildDisableTwoStepAuthenticationAction(); $actions[] = $this->buildAssignExamAction();
$actions[] = $this->buildGrantMedalAction();
$actions[] = $this->buildChangeBonusEtcAction();
if ($this->record->two_step_secret) {
$actions[] = $this->buildDisableTwoStepAuthenticationAction();
}
if ($this->record->status == User::STATUS_PENDING) {
$actions[] = $this->buildConfirmAction();
}
$actions[] = $this->buildResetPasswordAction();
$actions[] = $this->buildEnableDisableAction();
} }
if ($this->record->status == User::STATUS_PENDING) {
$actions[] = $this->buildConfirmAction();
}
$actions[] = $this->buildResetPasswordAction();
$actions[] = $this->buildAssignExamAction();
$actions[] = $this->buildGrantMedalAction();
$actions[] = $this->buildChangeBonusEtcAction();
$actions[] = $this->buildEnableDisableAction();
return $actions; return $actions;
} }
@@ -219,6 +221,10 @@ class UserProfile extends Page
->modalHeading(__('admin.resources.user.actions.confirm_btn')) ->modalHeading(__('admin.resources.user.actions.confirm_btn'))
->requiresConfirmation() ->requiresConfirmation()
->action(function () { ->action(function () {
if (Auth::user()->class <= $this->record->class) {
$this->notify('danger', 'No permission!');
return;
}
$this->record->status = User::STATUS_CONFIRMED; $this->record->status = User::STATUS_CONFIRMED;
$this->record->info= null; $this->record->info= null;
$this->record->save(); $this->record->save();
app/Repositories/ExamRepository.php
+4
View File
@@ -16,6 +16,7 @@ use Illuminate\Database\Eloquent\Builder;
use Illuminate\Database\Eloquent\Model; use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Query\JoinClause; use Illuminate\Database\Query\JoinClause;
use Illuminate\Support\Arr; use Illuminate\Support\Arr;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\DB; use Illuminate\Support\Facades\DB;
class ExamRepository extends BaseRepository class ExamRepository extends BaseRepository
@@ -292,6 +293,9 @@ class ExamRepository extends BaseRepository
$logPrefix = "uid: $uid, examId: $examId, begin: $begin, end: $end"; $logPrefix = "uid: $uid, examId: $examId, begin: $begin, end: $end";
$exam = Exam::query()->find($examId); $exam = Exam::query()->find($examId);
$user = User::query()->findOrFail($uid); $user = User::query()->findOrFail($uid);
if (Auth::user()->Class <= $user->class) {
throw new NexusException("No permission !");
}
if (!$this->isExamMatchUser($exam, $user)) { if (!$this->isExamMatchUser($exam, $user)) {
throw new NexusException("Exam: {$exam->id} no match this user."); throw new NexusException("Exam: {$exam->id} no match this user.");
} }
app/Repositories/MedalRepository.php
+4
View File
@@ -5,6 +5,7 @@ use App\Models\Medal;
use App\Models\User; use App\Models\User;
use App\Models\UserMedal; use App\Models\UserMedal;
use Carbon\Carbon; use Carbon\Carbon;
use Illuminate\Support\Facades\Auth;
use Nexus\Database\NexusDB; use Nexus\Database\NexusDB;
class MedalRepository extends BaseRepository class MedalRepository extends BaseRepository
@@ -56,6 +57,9 @@ class MedalRepository extends BaseRepository
public function grantToUser(int $uid, int $medalId, $duration = null) public function grantToUser(int $uid, int $medalId, $duration = null)
{ {
$user = User::query()->findOrFail($uid, User::$commonFields); $user = User::query()->findOrFail($uid, User::$commonFields);
if (Auth::user()->class <= $user->class) {
throw new \LogicException("No permission!");
}
$medal = Medal::query()->findOrFail($medalId); $medal = Medal::query()->findOrFail($medalId);
$exists = $user->valid_medals()->where('medal_id', $medalId)->exists(); $exists = $user->valid_medals()->where('medal_id', $medalId)->exists();
do_log(last_query()); do_log(last_query());
app/Repositories/UserRepository.php
+14 -1
View File
@@ -11,6 +11,7 @@ use App\Models\User;
use App\Models\UserBanLog; use App\Models\UserBanLog;
use Carbon\Carbon; use Carbon\Carbon;
use Illuminate\Database\Eloquent\Builder; use Illuminate\Database\Eloquent\Builder;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\DB; use Illuminate\Support\Facades\DB;
use Nexus\Database\NexusDB; use Nexus\Database\NexusDB;
@@ -132,7 +133,10 @@ class UserRepository extends BaseRepository
if ($password != $passwordConfirmation) { if ($password != $passwordConfirmation) {
throw new \InvalidArgumentException("password confirmation != password"); throw new \InvalidArgumentException("password confirmation != password");
} }
$user = User::query()->findOrFail($id, ['id', 'username']); $user = User::query()->findOrFail($id, ['id', 'username', 'class']);
if (Auth::user()->class <= $user->class) {
throw new \LogicException("Sorry, you don't have enough permission to reset this user's password.");
}
$secret = mksecret(); $secret = mksecret();
$passhash = md5($secret . $password . $secret); $passhash = md5($secret . $password . $secret);
$update = [ $update = [
@@ -182,6 +186,9 @@ class UserRepository extends BaseRepository
if ($targetUser->enabled == User::ENABLED_YES) { if ($targetUser->enabled == User::ENABLED_YES) {
throw new NexusException('Already enabled !'); throw new NexusException('Already enabled !');
} }
if ($targetUser->class >= $operator->class) {
throw new NexusException('No Permission !');
}
$update = [ $update = [
'enabled' => User::ENABLED_YES 'enabled' => User::ENABLED_YES
]; ];
@@ -226,6 +233,9 @@ class UserRepository extends BaseRepository
} }
$sourceField = $fieldMap[$field]; $sourceField = $fieldMap[$field];
$targetUser = User::query()->findOrFail($uid, User::$commonFields); $targetUser = User::query()->findOrFail($uid, User::$commonFields);
if (Auth::user()->Class <= $targetUser->class) {
throw new NexusException("No permission !");
}
$old = $targetUser->{$sourceField}; $old = $targetUser->{$sourceField};
$valueAtomic = $value; $valueAtomic = $value;
$formatSize = false; $formatSize = false;
@@ -310,6 +320,9 @@ class UserRepository extends BaseRepository
throw new \RuntimeException("No permission."); throw new \RuntimeException("No permission.");
} }
$user = User::query()->findOrFail($uid, User::$commonFields); $user = User::query()->findOrFail($uid, User::$commonFields);
if ($operator->class <= $user->class) {
throw new \RuntimeException("No permission!");
}
$user->two_step_secret = ''; $user->two_step_secret = '';
return $user->save(); return $user->save();
} }
include/constants.php
+1 -1
View File
@@ -1,6 +1,6 @@
<?php <?php
defined('VERSION_NUMBER') || define('VERSION_NUMBER', '1.7.18'); defined('VERSION_NUMBER') || define('VERSION_NUMBER', '1.7.18');
defined('RELEASE_DATE') || define('RELEASE_DATE', '2022-07-12'); defined('RELEASE_DATE') || define('RELEASE_DATE', '2022-07-18');
defined('IN_TRACKER') || define('IN_TRACKER', true); defined('IN_TRACKER') || define('IN_TRACKER', true);
defined('PROJECTNAME') || define("PROJECTNAME","NexusPHP"); defined('PROJECTNAME') || define("PROJECTNAME","NexusPHP");
defined('NEXUSPHPURL') || define("NEXUSPHPURL","https://nexusphp.org"); defined('NEXUSPHPURL') || define("NEXUSPHPURL","https://nexusphp.org");