- Patching User Privilege For Protected Module

crocodic-studio · Feb 16, 2017 · fd6afab · fd6afab
1 parent 733f0fc
commit fd6afab
Show file tree

Hide file tree

Showing 6 changed files with 150 additions and 5 deletions.
diff --git a/src/controllers/ApiCustomController.php b/src/controllers/ApiCustomController.php
@@ -33,6 +33,12 @@ public function cbInit() {
 
 	function getIndex() {		
 		$this->cbLoader();
+
+		if(!CRUDBooster::isSuperadmin()) {
+			CRUDBooster::insertLog(trans("crudbooster.log_try_view",['name'=>'API Index','module'=>'API']));
+			CRUDBooster::redirect(CRUDBooster::adminPath(),trans('crudbooster.denied_access'));
+		}
+
 		$data = array();
 
 		$data['page_title'] = 'API Generator';
@@ -119,6 +125,12 @@ public function getScreetKey() {
 
 	public function getGenerator() {
 		$this->cbLoader();
+
+		if(!CRUDBooster::isSuperadmin()) {
+			CRUDBooster::insertLog(trans("crudbooster.log_try_view",['name'=>'API Index','module'=>'API']));
+			CRUDBooster::redirect(CRUDBooster::adminPath(),trans('crudbooster.denied_access'));
+		}
+
 		$data['page_title'] = 'API Generator';
 		$data['page_menu']  = Route::getCurrentRoute()->getActionName();
 
@@ -137,6 +149,12 @@ public function getGenerator() {
 
 	public function getEditApi($id) {
 		$this->cbLoader();
+
+		if(!CRUDBooster::isSuperadmin()) {
+			CRUDBooster::insertLog(trans("crudbooster.log_try_view",['name'=>'API Edit','module'=>'API']));
+			CRUDBooster::redirect(CRUDBooster::adminPath(),trans('crudbooster.denied_access'));
+		}
+
 		$row = DB::table('cms_apicustom')->where('id',$id)->first();
 
 		$data['row']        = $row;

diff --git a/src/controllers/MenusController.php b/src/controllers/MenusController.php
@@ -128,6 +128,12 @@ public function cbInit() {
 
 	  public function getIndex() {
 	  	$this->cbLoader();
+
+	  	$module = CRUDBooster::getCurrentModule();
+	  	if(!CRUDBooster::isView() && $this->global_privilege==FALSE) {
+			CRUDBooster::insertLog(trans('crudbooster.log_try_view',['module'=>$module->name]));
+			CRUDBooster::redirect(CRUDBooster::adminPath(),trans('crudbooster.denied_access'));			
+		}
 
 	  	$privileges = DB::table('cms_privileges')->get();
 

diff --git a/src/controllers/ModulsController.php b/src/controllers/ModulsController.php
@@ -124,11 +124,28 @@ public function getCheckSlug($slug) {
 	}
 
 	public function getAdd() {
+		$this->cbLoader();
+
+		$module = CRUDBooster::getCurrentModule();
+
+		if(!CRUDBooster::isView() && $this->global_privilege==FALSE) {
+			CRUDBooster::insertLog(trans('crudbooster.log_try_view',['module'=>$module->name]));
+			CRUDBooster::redirect(CRUDBooster::adminPath(),trans('crudbooster.denied_access'));			
+		}
+
 		return redirect()->route("ModulsControllerGetStep1");
 	}
 
 	public function getStep1($id=0) {
 		$this->cbLoader();
+
+		$module = CRUDBooster::getCurrentModule();
+
+		if(!CRUDBooster::isView() && $this->global_privilege==FALSE) {
+			CRUDBooster::insertLog(trans('crudbooster.log_try_view',['module'=>$module->name]));
+			CRUDBooster::redirect(CRUDBooster::adminPath(),trans('crudbooster.denied_access'));			
+		}
+
 		$tables = CRUDBooster::listTables();
 		$tables_list = array();		
 		foreach($tables as $tab) {
@@ -151,6 +168,14 @@ public function getStep1($id=0) {
 
 	public function getStep2($id) {
 		$this->cbLoader();
+
+		$module = CRUDBooster::getCurrentModule();
+
+		if(!CRUDBooster::isView() && $this->global_privilege==FALSE) {
+			CRUDBooster::insertLog(trans('crudbooster.log_try_view',['module'=>$module->name]));
+			CRUDBooster::redirect(CRUDBooster::adminPath(),trans('crudbooster.denied_access'));			
+		}
+
 		$row = DB::table('cms_moduls')->where('id',$id)->first();
 
 		$columns = CRUDBooster::getTableColumns($row->table_name);
@@ -183,6 +208,14 @@ public function getStep2($id) {
 
 	public function postStep2() {
 		$this->cbLoader();
+
+		$module = CRUDBooster::getCurrentModule();
+
+		if(!CRUDBooster::isView() && $this->global_privilege==FALSE) {
+			CRUDBooster::insertLog(trans('crudbooster.log_try_view',['module'=>$module->name]));
+			CRUDBooster::redirect(CRUDBooster::adminPath(),trans('crudbooster.denied_access'));			
+		}
+
 		$name       = Request::get('name');
 		$table_name = Request::get('table');
 		$icon       = Request::get('icon');
@@ -287,6 +320,14 @@ public function postStep2() {
 
 	public function postStep3() {
 		$this->cbLoader();
+
+		$module = CRUDBooster::getCurrentModule();
+
+		if(!CRUDBooster::isView() && $this->global_privilege==FALSE) {
+			CRUDBooster::insertLog(trans('crudbooster.log_try_view',['module'=>$module->name]));
+			CRUDBooster::redirect(CRUDBooster::adminPath(),trans('crudbooster.denied_access'));			
+		}
+
 		$column      = Request::input('column');
 		$name        = Request::input('name');
 		$join_table  = Request::input('join_table');
@@ -354,6 +395,14 @@ public function postStep3() {
 
 	public function getStep3($id) {
 		$this->cbLoader();
+
+		$module = CRUDBooster::getCurrentModule();
+
+		if(!CRUDBooster::isView() && $this->global_privilege==FALSE) {
+			CRUDBooster::insertLog(trans('crudbooster.log_try_view',['module'=>$module->name]));
+			CRUDBooster::redirect(CRUDBooster::adminPath(),trans('crudbooster.denied_access'));			
+		}
+
 		$row = DB::table('cms_moduls')->where('id',$id)->first();
 
 		$columns = CRUDBooster::getTableColumns($row->table_name);
@@ -379,7 +428,8 @@ public function getTypeInfo($type='text') {
 	}
 
 	public function postStep4() {
-		$this->cbLoader();
+		$this->cbLoader();	
+
 		$post = Request::all();
 		$id = $post['id'];
 
@@ -432,6 +482,14 @@ public function postStep4() {
 
 	public function getStep4($id) {
 		$this->cbLoader();
+
+		$module = CRUDBooster::getCurrentModule();
+
+		if(!CRUDBooster::isView() && $this->global_privilege==FALSE) {
+			CRUDBooster::insertLog(trans('crudbooster.log_try_view',['module'=>$module->name]));
+			CRUDBooster::redirect(CRUDBooster::adminPath(),trans('crudbooster.denied_access'));			
+		}
+
 		$row = DB::table('cms_moduls')->where('id',$id)->first();
 
 		$data = [];
@@ -495,6 +553,12 @@ public function postStepFinish() {
 
 	public function postAddSave() {
 		$this->cbLoader();
+
+		if(!CRUDBooster::isCreate() && $this->global_privilege==FALSE) {			
+			CRUDBooster::insertLog(trans('crudbooster.log_try_add_save',['name'=>Request::input($this->title_field),'module'=>CRUDBooster::getCurrentModule()->name ]));			
+			CRUDBooster::redirect(CRUDBooster::adminPath(),trans("crudbooster.denied_access"));
+		}
+
 		$this->validation();					
 		$this->input_assignment();	
 
@@ -592,6 +656,14 @@ public function postAddSave() {
 
 	public function postEditSave($id) {
 		$this->cbLoader();
+
+		$row = DB::table($this->table)->where($this->primary_key,$id)->first();	
+
+		if(!CRUDBooster::isUpdate() && $this->global_privilege==FALSE) {			
+			CRUDBooster::insertLog(trans("crudbooster.log_try_add",['name'=>$row->{$this->title_field},'module'=>CRUDBooster::getCurrentModule()->name]));
+			CRUDBooster::redirect(CRUDBooster::adminPath(),trans('crudbooster.denied_access'));			
+		}
+
 		$this->validation();
 		$this->input_assignment();
 

diff --git a/src/controllers/PrivilegesController.php b/src/controllers/PrivilegesController.php
@@ -45,6 +45,11 @@ public function getAdd()
 	{
 		$this->cbLoader();
 
+		if(!CRUDBooster::isCreate() && $this->global_privilege==FALSE) {			
+			CRUDBooster::insertLog(trans('crudbooster.log_try_add',['module'=>CRUDBooster::getCurrentModule()->name ]));			
+			CRUDBooster::redirect(CRUDBooster::adminPath(),trans("crudbooster.denied_access"));
+		}
+
 		$id = 0; 
 		$data['page_title'] = "Add Data";	
 		$data['moduls'] = DB::table("cms_moduls")
@@ -65,6 +70,11 @@ public function getAdd()
 	public function postAddSave() {
 		$this->cbLoader();
 
+		if(!CRUDBooster::isCreate() && $this->global_privilege==FALSE) {			
+			CRUDBooster::insertLog(trans('crudbooster.log_try_add_save',['name'=>Request::input($this->title_field),'module'=>CRUDBooster::getCurrentModule()->name ]));			
+			CRUDBooster::redirect(CRUDBooster::adminPath(),trans("crudbooster.denied_access"));
+		}
+
 		$this->validation($request);				
 		$this->input_assignment($request);		
 
@@ -107,7 +117,12 @@ public function getEdit($id)
 	{
 		$this->cbLoader();
 
-		$row = DB::table($this->table)->where("id",$id)->first();
+		$row = DB::table($this->table)->where("id",$id)->first();		
+
+		if(!CRUDBooster::isRead() && $this->global_privilege==FALSE) {			
+			CRUDBooster::insertLog(trans("crudbooster.log_try_edit",['name'=>$row->{$this->title_field},'module'=>CRUDBooster::getCurrentModule()->name]));
+			CRUDBooster::redirect(CRUDBooster::adminPath(),trans('crudbooster.denied_access'));			
+		}
 
 		$page_title = trans('crudbooster.edit_data_page_title',['module'=>'Privilege','name'=>$row->name]);
 
@@ -122,11 +137,16 @@ public function getEdit($id)
 	public function postEditSave($id) {
 		$this->cbLoader();
 
+		$row = CRUDBooster::first($this->table,$id);
+
+		if(!CRUDBooster::isUpdate() && $this->global_privilege==FALSE) {			
+			CRUDBooster::insertLog(trans("crudbooster.log_try_add",['name'=>$row->{$this->title_field},'module'=>CRUDBooster::getCurrentModule()->name]));
+			CRUDBooster::redirect(CRUDBooster::adminPath(),trans('crudbooster.denied_access'));			
+		}
+
 		$this->validation($request);
 		$this->input_assignment($request,$id);
 
-		$row = CRUDBooster::first($this->table,$id);
-
 		DB::table($this->table)->where($this->primary_key,$id)->update($this->arr);
 
 		$priv = Request::input("privileges");
@@ -166,6 +186,12 @@ public function getDelete($id) {
 		$this->cbLoader();
 
 		$row = DB::table($this->table)->where($this->primary_key,$id)->first();
+
+		if(!CRUDBooster::isDelete() && $this->global_privilege==FALSE) {			
+			CRUDBooster::insertLog(trans("crudbooster.log_try_delete",['name'=>$row->{$this->title_field},'module'=>CRUDBooster::getCurrentModule()->name]));			
+			CRUDBooster::redirect(CRUDBooster::adminPath(),trans('crudbooster.denied_access'));
+		}
+
 		DB::table($this->table)->where($this->primary_key,$id)->delete();
 		DB::table("cms_privileges_roles")->where("id_cms_privileges",$row->id)->delete();
 		CRUDBooster::redirect(CRUDBooster::mainpath(),trans("crudbooster.alert_delete_data_success"),'success');		

diff --git a/src/controllers/SettingsController.php b/src/controllers/SettingsController.php
@@ -65,6 +65,12 @@ function show_radio_data() {
 
 	function getShow() {
 		$this->cbLoader();
+
+		if(!CRUDBooster::isSuperadmin()) {
+			CRUDBooster::insertLog(trans("crudbooster.log_try_view",['name'=>'Setting','module'=>'Setting']));
+			CRUDBooster::redirect(CRUDBooster::adminPath(),trans('crudbooster.denied_access'));
+		}
+
 		$data['page_title'] = urldecode(Request::get('group'));		
 		return view('crudbooster::setting',$data);
 	} 
@@ -83,6 +89,12 @@ function getDeleteFileSetting() {
 
 
 	function postSaveSetting() {
+
+		if(!CRUDBooster::isSuperadmin()) {
+			CRUDBooster::insertLog(trans("crudbooster.log_try_view",['name'=>'Setting','module'=>'Setting']));
+			CRUDBooster::redirect(CRUDBooster::adminPath(),trans('crudbooster.denied_access'));
+		}
+
 		$group = Request::get('group_setting');
 		$setting = DB::table('cms_settings')->where('group_setting',$group)->get();
 		foreach($setting as $set) {

diff --git a/src/controllers/StatisticBuilderController.php b/src/controllers/StatisticBuilderController.php
@@ -38,7 +38,6 @@ public function cbInit() {
 
 			$this->col         = array();
 			$this->col[]       = array("label"=>"Name","name"=>"name" );
-			$this->col[]       = array("label"=>"Slug","name"=>"slug",'callback_php'=>'"<span class=\"badge badge-default\">statistic_builder/show/".$row->slug."</span>"');
 
 			$this->form        = array();
 			$this->form[]      = array("label"=>"Name","name"=>"name","type"=>"text","required"=>TRUE,"validation"=>"required|min:3|max:255","placeholder"=>"You can only enter the letter only");
@@ -71,6 +70,12 @@ public function getShow($slug) {
 
 	    public function getBuilder($id_cms_statistics) {
 	    	$this->cbLoader();
+
+	    	if(!CRUDBooster::isSuperadmin()) {
+				CRUDBooster::insertLog(trans("crudbooster.log_try_view",['name'=>'Builder','module'=>'Statistic']));
+				CRUDBooster::redirect(CRUDBooster::adminPath(),trans('crudbooster.denied_access'));
+			}
+
 	    	$page_title = 'Statistic Builder';	    		    	
 	    	return view('crudbooster::statistic_builder.builder',compact('page_title','id_cms_statistics'));
 	    }
@@ -142,6 +147,12 @@ public function postUpdateAreaComponent() {
 
 	    public function getEditComponent($componentID) {
 	    	$this->cbLoader();
+
+	    	if(!CRUDBooster::isSuperadmin()) {
+				CRUDBooster::insertLog(trans("crudbooster.log_try_view",['name'=>'Edit Component','module'=>'Statistic']));
+				CRUDBooster::redirect(CRUDBooster::adminPath(),trans('crudbooster.denied_access'));
+			}
+
 	    	$component_row = CRUDBooster::first('cms_statistic_components',['componentID'=>$componentID]);
 
 	    	$config = json_decode($component_row->config);