Fix permissions to access view of users, roles & permissions

README.md

@@ -25,19 +25,18 @@ These are all required dependencies that will be installed if needed.
 
 To get started, add a local repository to Composer:
 
-```js
+```json
 {
-  [...]
     "repositories": {
         "admin-panel": {
             "type": "path",
             "url": "/path-to-downloaded-file/fefo-p/admin-panel",
             "options": {
-            "symlink": true
+                "symlink": true
+            }
         }
-    },
-    [...]
-  }
+    }
+}
 ```
 
 ### -production-

routes/adminpanel.php

@@ -24,10 +24,8 @@
                 Route::get('/', 'index')->name('adminpanel.dashboard');
                 Route::get('/about', 'about')->name('adminpanel.about');
                 Route::get('/users', 'users')->name('adminpanel.users');
-                Route::get('/roles', 'roles')->name('adminpanel.roles')
-                     ->can('administer', Role::class);
-                Route::get('/permissions', 'permissions')->name('adminpanel.permissions')
-                     ->can('administer', Permission::class);
+                Route::get('/roles', 'roles')->name('adminpanel.roles');
+                Route::get('/permissions', 'permissions')->name('adminpanel.permissions');
             });
 
         });

src/AdminPanel.php

@@ -9,6 +9,7 @@
     use Illuminate\Support\Facades\Auth;
     use FefoP\AdminPanel\Models\Permission;
     use Illuminate\Support\Facades\Artisan;
+    use Illuminate\Auth\Access\AuthorizationException;
 
     class AdminPanel extends Controller
     {
@@ -45,6 +46,8 @@ public function about()
 
         public function users(Request $request)
         {
+            $this->authorize('viewAny', App\Models\User::class);
+
             $title       = 'Listado de Usuarios';
             $description = 'Listado de usuarios definidos en el sistema';
             $action      = [
@@ -68,6 +71,11 @@ public function users(Request $request)
 
         public function roles()
         {
+            $this->authorize('viewAny', FefoP\AdminPanel\Models\Role::class);
+            /*if (Auth::user()->cannot('adminpanel.rol.ver')) {
+                throw new AuthorizationException('No tienes permisos para acceder a este panel.');
+            }*/
+
             $title       = 'Listado de Roles';
             $description = 'Roles definidos en el sistema';
             $action      = [
@@ -86,6 +94,11 @@ public function roles()
 
         public function permissions()
         {
+            $this->authorize('viewAny', FefoP\AdminPanel\Models\Permission::class);
+            /*if (Auth::user()->cannot('adminpanel.permiso.ver')) {
+                throw new AuthorizationException('No tienes permisos para acceder a este panel.');
+            }*/
+
             $title       = 'Listado de Permisos';
             $description = 'Permisos definidos en el sistema';
             $action      = [

src/Policies/RolePolicy.php

@@ -20,7 +20,8 @@ class RolePolicy
          */
         public function administer( User $user )
         {
-            if ( $user->getAllPermissions()->pluck( 'name' )->contains( 'adminpanel.rol.editar' ) ) {
+            //if ( $user->getAllPermissions()->pluck( 'name' )->contains( 'adminpanel.rol.editar' ) ) {
+            if ($user->can('adminpanel.rol.editar')) {
                 return Response::allow( 'You can administer roles.' );
             }
 
@@ -36,7 +37,8 @@ public function administer( User $user )
          */
         public function viewAny( User $user )
         {
-            if ( $user->getAllPermissions()->pluck( 'name' )->contains( 'adminpanel.rol.ver' ) ) {
+            //if ( $user->getAllPermissions()->pluck( 'name' )->contains( 'adminpanel.rol.ver' ) ) {
+            if ($user->can('adminpanel.rol.ver')) {
                 return Response::allow( 'You can see the role list.' );
             }
 
@@ -53,7 +55,8 @@ public function viewAny( User $user )
          */
         public function view( User $user, Role $role )
         {
-            if ( $user->getAllPermissions()->pluck( 'name' )->contains( 'adminpanel.rol.ver' ) ) {
+            //if ( $user->getAllPermissions()->pluck( 'name' )->contains( 'adminpanel.rol.ver' ) ) {
+            if ($user->can('adminpanel.rol.ver')) {
                 return Response::allow( 'You can see this role.' );
             }
 
@@ -69,7 +72,8 @@ public function view( User $user, Role $role )
          */
         public function create( User $user )
         {
-            if ( $user->getAllPermissions()->pluck( 'name' )->contains( 'adminpanel.rol.crear' ) ) {
+            //if ( $user->getAllPermissions()->pluck( 'name' )->contains( 'adminpanel.rol.crear' ) ) {
+            if ($user->can('adminpanel.rol.crear')) {
                 return Response::allow( 'You can create a role.' );
             }
 
@@ -86,7 +90,8 @@ public function create( User $user )
          */
         public function update( User $user, Role $role )
         {
-            if ( $user->getAllPermissions()->pluck( 'name' )->contains( 'adminpanel.rol.editar' ) ) {
+            //if ( $user->getAllPermissions()->pluck( 'name' )->contains( 'adminpanel.rol.editar' ) ) {
+            if ($user->can('adminpanel.rol.editar')) {
                 return Response::allow( 'You can edit this role.' );
             }
 
@@ -103,7 +108,8 @@ public function update( User $user, Role $role )
          */
         public function delete( User $user, Role $role )
         {
-            if ( $user->getAllPermissions()->pluck( 'name' )->contains( 'adminpanel.rol.borrar' ) ) {
+            //if ( $user->getAllPermissions()->pluck( 'name' )->contains( 'adminpanel.rol.borrar' ) ) {
+            if ($user->can('adminpanel.rol.borrar')) {
                 return Response::allow( 'You can delete this role.' );
             }
 

src/Policies/UserPolicy.php

@@ -1,47 +1,49 @@
 <?php
-    
+
     namespace FefoP\AdminPanel\Policies;
-    
+
     use App\Models\User;
     use Illuminate\Auth\Access\Response;
     use Illuminate\Auth\Access\HandlesAuthorization;
-    
+
     class UserPolicy
     {
         use HandlesAuthorization;
-        
+
         /**
          * Determine whether the user can administer the model.
          *
          * @param  User  $user
          *
          * @return Response|bool
          */
-        public function administer( User $user )
+        public function administer(User $user)
         {
-            if ( $user->getAllPermissions()->pluck( 'name' )->contains( 'adminpanel.usuario.editar' ) ) {
-                return Response::allow( 'You can administer users.' );
+            //if ( $user->getAllPermissions()->pluck('name')->contains('adminpanel.usuario.editar') ) {
+            if ($user->can('adminpanel.usuario.editar')) {
+                return Response::allow('You can administer users.');
             }
-            
-            Response::deny( 'You cannot administer users.' );
+
+            Response::deny('You cannot administer users.');
         }
-        
+
         /**
          * Determine whether the user can view any models.
          *
          * @param  User  $user
          *
          * @return Response|bool
          */
-        public function viewAny( User $user )
+        public function viewAny(User $user)
         {
-            if ( $user->getAllPermissions()->pluck( 'name' )->contains( 'adminpanel.usuario.ver' ) ) {
-                return Response::allow( 'You can see the user list.' );
+            //if ( $user->getAllPermissions()->pluck('name')->contains('adminpanel.usuario.ver') ) {
+            if ($user->can('adminpanel.usuario.ver')) {
+                return Response::allow('You can see the user list.');
             }
-            
-            Response::deny( 'You cannot see the user list.' );
+
+            Response::deny('You cannot see the user list.');
         }
-        
+
         /**
          * Determine whether the user can view the model.
          *
@@ -50,31 +52,33 @@ public function viewAny( User $user )
          *
          * @return Response|bool
          */
-        public function view( User $user, User $model )
+        public function view(User $user, User $model)
         {
-            if ( $user->getAllPermissions()->pluck( 'name' )->contains( 'adminpanel.usuario.ver' ) ) {
-                return Response::allow( 'You can see this user.' );
+            //if ( $user->getAllPermissions()->pluck('name')->contains('adminpanel.usuario.ver') ) {
+            if ($user->can('adminpanel.usuario.ver')) {
+                return Response::allow('You can see this user.');
             }
-            
-            Response::deny( 'You cannot see this user.' );
+
+            Response::deny('You cannot see this user.');
         }
-        
+
         /**
          * Determine whether the user can create models.
          *
          * @param  User  $user
          *
          * @return Response|bool
          */
-        public function create( User $user )
+        public function create(User $user)
         {
-            if ( $user->getAllPermissions()->pluck( 'name' )->contains( 'adminpanel.usuario.crear' ) ) {
-                return Response::allow( 'You can create a user.' );
+            //if ( $user->getAllPermissions()->pluck( 'name' )->contains( 'adminpanel.usuario.crear' ) ) {
+            if ( $user->can('adminpanel.usuario.crear') ) {
+                return Response::allow('You can create a user.');
             }
-            
-            Response::deny( 'You cannot create a user.' );
+
+            Response::deny('You cannot create a user.');
         }
-        
+
         /**
          * Determine whether the user can update the model.
          *
@@ -83,15 +87,16 @@ public function create( User $user )
          *
          * @return Response|bool
          */
-        public function update( User $user, User $model )
+        public function update(User $user, User $model)
         {
-            if ( $user->getAllPermissions()->pluck( 'name' )->contains( 'adminpanel.usuario.editar' ) ) {
-                return Response::allow( 'You can edit this user.' );
+            //if ( $user->getAllPermissions()->pluck( 'name' )->contains( 'adminpanel.usuario.editar' ) ) {
+            if ( $user->can('adminpanel.usuario.editar') ) {
+                return Response::allow('You can edit this user.');
             }
-            
-            Response::deny( 'You cannot edit this user.' );
+
+            Response::deny('You cannot edit this user.');
         }
-        
+
         /**
          * Determine whether the user can delete the model.
          *
@@ -100,15 +105,16 @@ public function update( User $user, User $model )
          *
          * @return Response|bool
          */
-        public function delete( User $user, User $model )
+        public function delete(User $user, User $model)
         {
-            if ( $user->getAllPermissions()->pluck( 'name' )->contains( 'adminpanel.usuario.borrar' ) ) {
-                return Response::allow( 'You can delete this user.' );
+            //if ( $user->getAllPermissions()->pluck('name')->contains('adminpanel.usuario.borrar') ) {
+            if ($user->can('adminpanel.usuario.borrar')) {
+                return Response::allow('You can delete this user.');
             }
-            
-            Response::deny( 'You cannot delete this user.' );
+
+            Response::deny('You cannot delete this user.');
         }
-        
+
         /**
          * Determine whether the user can restore the model.
          *
@@ -117,11 +123,11 @@ public function delete( User $user, User $model )
          *
          * @return Response|bool
          */
-        public function restore( User $user, User $model )
+        public function restore(User $user, User $model)
         {
-            Response::deny( 'You cannot restore this user.' );
+            Response::deny('You cannot restore this user.');
         }
-        
+
         /**
          * Determine whether the user can permanently delete the model.
          *
@@ -130,8 +136,8 @@ public function restore( User $user, User $model )
          *
          * @return Response|bool
          */
-        public function forceDelete( User $user, User $model )
+        public function forceDelete(User $user, User $model)
         {
-            Response::deny( 'You cannot force delete this user.' );
+            Response::deny('You cannot force delete this user.');
         }
     }