debesocial/biiproject-kit-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: secure role, notification, system setting, and documentation pages with spatie permissions

Browse Source
This commit is contained in:
debesocial
2026-05-21 22:10:36 +07:00
parent bf42ca956d
commit 65804be1cb
4 changed files with 24 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Http/Controllers/SystemSettingController.php
+3 -3
View File
@@ -15,7 +15,7 @@ class SystemSettingController extends Controller
*/
public function index()
{
abort_if(!auth()->user()->hasRole('super-admin'), 403, 'Unauthorized. Super-Admin only.');
abort_if(!auth()->user()->hasRole('super-admin') && !auth()->user()->can('settings.manage'), 403, 'Unauthorized. Settings management permission required.');
$settings = Setting::all()->pluck('value', 'key');
@@ -73,7 +73,7 @@ class SystemSettingController extends Controller
*/
public function update(Request $request)
{
abort_if(!auth()->user()->hasRole('super-admin'), 403, 'Unauthorized. Super-Admin only.');
abort_if(!auth()->user()->hasRole('super-admin') && !auth()->user()->can('settings.manage'), 403, 'Unauthorized. Settings management permission required.');
$validated = $request->validate([
'settings' => 'required|array',
@@ -140,7 +140,7 @@ class SystemSettingController extends Controller
*/
public function testEmail(Request $request)
{
abort_if(!auth()->user()->hasRole('super-admin'), 403, 'Unauthorized. Super-Admin only.');
abort_if(!auth()->user()->hasRole('super-admin') && !auth()->user()->can('settings.manage'), 403, 'Unauthorized. Settings management permission required.');
$request->validate([
'recipient' => 'required|email',