debesocial/biiproject-kit-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: expand and complete permissions matrix with granular, enterprise-ready permissions

Browse Source
This commit is contained in:
debesocial
2026-05-21 22:15:53 +07:00
parent 65804be1cb
commit 7965b34c85
44 changed files with 179 additions and 145 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Http/Controllers/SystemSettingController.php
+3 -3
View File
@@ -15,7 +15,7 @@ class SystemSettingController extends Controller
*/
public function index()
{
abort_if(!auth()->user()->hasRole('super-admin') && !auth()->user()->can('settings.manage'), 403, 'Unauthorized. Settings management permission required.');
abort_if(!auth()->user()->hasRole('super-admin') && !auth()->user()->can('settings.view'), 403, 'Unauthorized. Settings view permission required.');
$settings = Setting::all()->pluck('value', 'key');
@@ -73,7 +73,7 @@ class SystemSettingController extends Controller
*/
public function update(Request $request)
{
abort_if(!auth()->user()->hasRole('super-admin') && !auth()->user()->can('settings.manage'), 403, 'Unauthorized. Settings management permission required.');
abort_if(!auth()->user()->hasRole('super-admin') && !auth()->user()->can('settings.edit'), 403, 'Unauthorized. Settings edit permission required.');
$validated = $request->validate([
'settings' => 'required|array',
@@ -140,7 +140,7 @@ class SystemSettingController extends Controller
*/
public function testEmail(Request $request)
{
abort_if(!auth()->user()->hasRole('super-admin') && !auth()->user()->can('settings.manage'), 403, 'Unauthorized. Settings management permission required.');
abort_if(!auth()->user()->hasRole('super-admin') && !auth()->user()->can('settings.test-email'), 403, 'Unauthorized. SMTP testing permission required.');
$request->validate([
'recipient' => 'required|email',