fix bug childs menu is accesible when user not have permission
This commit is contained in:
Geriano
@@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
namespace App\Models;
|
namespace App\Models;
|
||||||
|
|
||||||
|
use Illuminate\Database\Eloquent\Builder;
|
||||||
use Illuminate\Database\Eloquent\Casts\Attribute;
|
use Illuminate\Database\Eloquent\Casts\Attribute;
|
||||||
use Illuminate\Database\Eloquent\Factories\HasFactory;
|
use Illuminate\Database\Eloquent\Factories\HasFactory;
|
||||||
use Illuminate\Database\Eloquent\Model;
|
use Illuminate\Database\Eloquent\Model;
|
||||||
@@ -46,7 +47,27 @@ class Menu extends Model
|
|||||||
*/
|
*/
|
||||||
public function childs()
|
public function childs()
|
||||||
{
|
{
|
||||||
return $this->hasMany(Menu::class, 'parent_id', 'id')->with(['parent', 'childs'])->orderBy('position');
|
return $this->hasMany(Menu::class, 'parent_id', 'id')
|
||||||
|
->with(['parent', 'childs'])
|
||||||
|
->orderBy('position');
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return \Illuminate\Database\Eloquent\Relations\HasMany
|
||||||
|
*/
|
||||||
|
public function childsByPermissions()
|
||||||
|
{
|
||||||
|
return $this->hasMany(Menu::class, 'parent_id', 'id')
|
||||||
|
->where(function (Builder $query) {
|
||||||
|
$user = request()->user();
|
||||||
|
$permissions = $user->permissions->pluck('id')->push(...$user->roles->pluck('permissions')->flatten()->pluck('id'));
|
||||||
|
|
||||||
|
$query->whereHas('permissions', function (Builder $query) use ($permissions) {
|
||||||
|
$query->whereIn('permissions.id', $permissions);
|
||||||
|
})->orDoesntHave('permissions');
|
||||||
|
})
|
||||||
|
->with(['parent', 'childsByPermissions'])
|
||||||
|
->orderBy('position');
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -72,12 +72,24 @@ class User extends Authenticatable
|
|||||||
{
|
{
|
||||||
return Menu::whereNull('parent_id')
|
return Menu::whereNull('parent_id')
|
||||||
->where(function (Builder $query) {
|
->where(function (Builder $query) {
|
||||||
$query->whereHas('permissions', function (Builder $query) {
|
$permissions = $this->permissions->pluck('id')->push(...$this->roles->pluck('permissions')->flatten()->pluck('id'));
|
||||||
$query->whereIn('permissions.id', $this->permissions->pluck('id')->push(...$this->roles->pluck('permissions')->flatten()->pluck('id')));
|
|
||||||
|
$query->whereHas('permissions', function (Builder $query) use ($permissions) {
|
||||||
|
$query->whereIn('permissions.id', $permissions);
|
||||||
})->orDoesntHave('permissions');
|
})->orDoesntHave('permissions');
|
||||||
})
|
})
|
||||||
->orderBy('position')
|
->orderBy('position')
|
||||||
->with('childs')
|
->with('childsByPermissions')
|
||||||
->get();
|
->get()
|
||||||
|
->each([$this, 'changeChildsByPermissionsToChilds']);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param \App\Models\Menu $menu
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function changeChildsByPermissionsToChilds(Menu $menu)
|
||||||
|
{
|
||||||
|
$menu->childs = collect($menu->childsByPermissions)->each([$this, 'changeChildsByPermissionsToChilds']);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user