debesocial/biiproject-kit-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: secure role, notification, system setting, and documentation pages with spatie permissions

Browse Source
This commit is contained in:
debesocial
2026-05-21 22:10:36 +07:00
parent bf42ca956d
commit 65804be1cb
4 changed files with 24 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Http/Controllers/RoleController.php
+8
View File
@@ -11,6 +11,8 @@ class RoleController extends Controller
{
public function index()
{
abort_if(!auth()->user()->can('role.view'), 403, 'Unauthorized. Role view permission required.');
$order = ['super-admin' => 0, 'admin' => 1, 'user' => 2];
$roles = Role::where('guard_name', 'web')
@@ -48,6 +50,8 @@ class RoleController extends Controller
*/
public function updatePermissions(Request $request, Role $role)
{
abort_if(!auth()->user()->can('role.manage'), 403, 'Unauthorized. Role management permission required.');
$validated = $request->validate([
'permissions' => 'required|array',
'permissions.*' => 'string|exists:permissions,name',
@@ -64,6 +68,8 @@ class RoleController extends Controller
*/
public function store(Request $request)
{
abort_if(!auth()->user()->can('role.manage'), 403, 'Unauthorized. Role management permission required.');
$validated = $request->validate([
'name' => 'required|string|max:50|unique:roles,name',
]);
@@ -81,6 +87,8 @@ class RoleController extends Controller
*/
public function destroy(Role $role)
{
abort_if(!auth()->user()->can('role.manage'), 403, 'Unauthorized. Role management permission required.');
if ($role->name === 'super-admin') {
return back()->withErrors(['error' => 'Cannot delete the super-admin role.']);
}