fix bug childs menu is accesible when user not have permission

2022-08-01 07:58:09 +07:00
parent 57b028c80d
commit 992b8799d8
2 changed files with 38 additions and 5 deletions
--- a/app/Models/Menu.php
+++ b/app/Models/Menu.php
@@ -2,6 +2,7 @@

 namespace App\Models;

+use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Casts\Attribute;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Model;
@@ -46,7 +47,27 @@ class Menu extends Model
     */
    public function childs()
    {
-        return $this->hasMany(Menu::class, 'parent_id', 'id')->with(['parent', 'childs'])->orderBy('position');
+        return $this->hasMany(Menu::class, 'parent_id', 'id')
+                    ->with(['parent', 'childs'])
+                    ->orderBy('position');
+    }
+
+    /**
+     * @return \Illuminate\Database\Eloquent\Relations\HasMany
+     */
+    public function childsByPermissions()
+    {
+        return $this->hasMany(Menu::class, 'parent_id', 'id')
+                    ->where(function (Builder $query) {
+                        $user = request()->user();
+                        $permissions = $user->permissions->pluck('id')->push(...$user->roles->pluck('permissions')->flatten()->pluck('id'));
+
+                        $query->whereHas('permissions', function (Builder $query) use ($permissions) {
+                            $query->whereIn('permissions.id', $permissions);
+                        })->orDoesntHave('permissions');
+                    })
+                    ->with(['parent', 'childsByPermissions'])
+                    ->orderBy('position');
    }

    /**
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -72,12 +72,24 @@ class User extends Authenticatable
    {
        return Menu::whereNull('parent_id')
                    ->where(function (Builder $query) {
-                        $query->whereHas('permissions', function (Builder $query) {
-                            $query->whereIn('permissions.id', $this->permissions->pluck('id')->push(...$this->roles->pluck('permissions')->flatten()->pluck('id')));
+                        $permissions = $this->permissions->pluck('id')->push(...$this->roles->pluck('permissions')->flatten()->pluck('id'));
+
+                        $query->whereHas('permissions', function (Builder $query) use ($permissions) {
+                            $query->whereIn('permissions.id', $permissions);
                        })->orDoesntHave('permissions');
                    })
                    ->orderBy('position')
-                    ->with('childs')
-                    ->get();
+                    ->with('childsByPermissions')
+                    ->get()
+                    ->each([$this, 'changeChildsByPermissionsToChilds']);
+    }
+
+    /**
+     * @param \App\Models\Menu $menu
+     * @return void
+     */
+    public function changeChildsByPermissionsToChilds(Menu $menu)
+    {
+        $menu->childs = collect($menu->childsByPermissions)->each([$this, 'changeChildsByPermissionsToChilds']);
    }
 }