fixed permission
This commit is contained in:
@@ -62,5 +62,5 @@ $photousername = basename($avatar);
|
||||
require_once(__DIR__ . '/../../languages/en/general.php');
|
||||
|
||||
//include("generalsettings.php");
|
||||
|
||||
require_once __DIR__ . '/permissions_helper.php';
|
||||
?>
|
||||
|
||||
@@ -0,0 +1,62 @@
|
||||
<?php
|
||||
|
||||
if (!function_exists('userCan')) {
|
||||
/**
|
||||
* Check if current user has a Vanguard permission.
|
||||
* Uses Vanguard native method if available, otherwise falls back to DB check.
|
||||
*/
|
||||
function userCan($permissionName)
|
||||
{
|
||||
global $kindofrole;
|
||||
|
||||
$user = Auth::user();
|
||||
|
||||
if (!$user) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Vanguard / Laravel-style methods, depending on installed version/customization.
|
||||
if (method_exists($user, 'hasPermission')) {
|
||||
return $user->hasPermission($permissionName);
|
||||
}
|
||||
|
||||
if (method_exists($user, 'hasPermissionTo')) {
|
||||
return $user->hasPermissionTo($permissionName);
|
||||
}
|
||||
|
||||
if (method_exists($user, 'can')) {
|
||||
return $user->can($permissionName);
|
||||
}
|
||||
|
||||
// Fallback: direct DB check using existing Vanguard tables.
|
||||
static $permissions = null;
|
||||
|
||||
if ($permissions === null) {
|
||||
$pdo = DBHandlerSelect::getInstance()->getConnection();
|
||||
|
||||
$stmt = $pdo->prepare("
|
||||
SELECT p.name
|
||||
FROM auth_permissions p
|
||||
INNER JOIN auth_permission_role pr ON pr.permission_id = p.id
|
||||
WHERE pr.role_id = ?
|
||||
");
|
||||
$stmt->execute([(int)$kindofrole]);
|
||||
|
||||
$permissions = $stmt->fetchAll(PDO::FETCH_COLUMN);
|
||||
}
|
||||
|
||||
return in_array($permissionName, $permissions, true);
|
||||
}
|
||||
}
|
||||
|
||||
if (!function_exists('visibleButtons')) {
|
||||
/**
|
||||
* Filter visible buttons.
|
||||
*/
|
||||
function visibleButtons(array $buttons)
|
||||
{
|
||||
return array_values(array_filter($buttons, function ($button) {
|
||||
return empty($button['permission']) || userCan($button['permission']);
|
||||
}));
|
||||
}
|
||||
}
|
||||
@@ -1,59 +1,5 @@
|
||||
<?php include('include/headscript.php'); ?>
|
||||
<?php
|
||||
/**
|
||||
* Check if current user has a Vanguard permission.
|
||||
* Uses Vanguard native method if available, otherwise falls back to DB check.
|
||||
*/
|
||||
function userCan($permissionName)
|
||||
{
|
||||
global $kindofrole;
|
||||
|
||||
$user = Auth::user();
|
||||
|
||||
// Vanguard / Laravel-style methods, depending on installed version/customization.
|
||||
if (method_exists($user, 'hasPermission')) {
|
||||
return $user->hasPermission($permissionName);
|
||||
}
|
||||
|
||||
if (method_exists($user, 'hasPermissionTo')) {
|
||||
return $user->hasPermissionTo($permissionName);
|
||||
}
|
||||
|
||||
if (method_exists($user, 'can')) {
|
||||
return $user->can($permissionName);
|
||||
}
|
||||
|
||||
// Fallback: direct DB check using existing Vanguard tables.
|
||||
static $permissions = null;
|
||||
|
||||
if ($permissions === null) {
|
||||
$pdo = DBHandlerSelect::getInstance()->getConnection();
|
||||
|
||||
$stmt = $pdo->prepare("
|
||||
SELECT p.name
|
||||
FROM auth_permissions p
|
||||
INNER JOIN auth_permission_role pr ON pr.permission_id = p.id
|
||||
WHERE pr.role_id = ?
|
||||
");
|
||||
$stmt->execute([(int)$kindofrole]);
|
||||
|
||||
$permissions = $stmt->fetchAll(PDO::FETCH_COLUMN);
|
||||
}
|
||||
|
||||
return in_array($permissionName, $permissions, true);
|
||||
}
|
||||
|
||||
/**
|
||||
* Filter visible buttons.
|
||||
*/
|
||||
function visibleButtons(array $buttons)
|
||||
{
|
||||
return array_values(array_filter($buttons, function ($button) {
|
||||
return empty($button['permission']) || userCan($button['permission']);
|
||||
}));
|
||||
}
|
||||
?>
|
||||
<?php
|
||||
$dashboardSections = [
|
||||
[
|
||||
'id' => 'secOperativo',
|
||||
|
||||
Reference in New Issue
Block a user