Check permissions before showing ical, atom and json export links
closes #729 (Rechtesystem ical&json)
This commit is contained in:
parent
93ae2442f6
commit
8c0ac0f7a1
|
@ -288,10 +288,15 @@ function view_user_shifts()
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a hint for the user how the ical feature works.
|
* Returns a hint for the user how the ical feature works.
|
||||||
|
*
|
||||||
|
* @return string
|
||||||
*/
|
*/
|
||||||
function ical_hint()
|
function ical_hint()
|
||||||
{
|
{
|
||||||
$user = auth()->user();
|
$user = auth()->user();
|
||||||
|
if(!auth()->can('ical')) {
|
||||||
|
return '';
|
||||||
|
}
|
||||||
|
|
||||||
return heading(__('iCal export and API') . ' ' . button_help('user/ical'), 2)
|
return heading(__('iCal export and API') . ' ' . button_help('user/ical'), 2)
|
||||||
. '<p>' . sprintf(
|
. '<p>' . sprintf(
|
||||||
|
|
|
@ -553,6 +553,7 @@ function User_view(
|
||||||
$admin_user_worklog_privilege,
|
$admin_user_worklog_privilege,
|
||||||
$user_worklogs
|
$user_worklogs
|
||||||
) {
|
) {
|
||||||
|
$auth = auth();
|
||||||
$nightShiftsConfig = config('night_shifts');
|
$nightShiftsConfig = config('night_shifts');
|
||||||
$user_name = htmlspecialchars(
|
$user_name = htmlspecialchars(
|
||||||
$user_source->personalData->first_name) . ' ' . htmlspecialchars($user_source->personalData->last_name
|
$user_source->personalData->first_name) . ' ' . htmlspecialchars($user_source->personalData->last_name
|
||||||
|
@ -625,15 +626,19 @@ function User_view(
|
||||||
page_link_to('user_settings'),
|
page_link_to('user_settings'),
|
||||||
glyph('list-alt') . __('Settings')
|
glyph('list-alt') . __('Settings')
|
||||||
) : '',
|
) : '',
|
||||||
$its_me ? button(
|
($its_me && $auth->can('ical')) ? button(
|
||||||
page_link_to('ical', ['key' => $user_source->api_key]),
|
page_link_to('ical', ['key' => $user_source->api_key]),
|
||||||
glyph('calendar') . __('iCal Export')
|
glyph('calendar') . __('iCal Export')
|
||||||
) : '',
|
) : '',
|
||||||
$its_me ? button(
|
($its_me && $auth->can('shifts_json_export')) ? button(
|
||||||
page_link_to('shifts_json_export', ['key' => $user_source->api_key]),
|
page_link_to('shifts_json_export', ['key' => $user_source->api_key]),
|
||||||
glyph('export') . __('JSON Export')
|
glyph('export') . __('JSON Export')
|
||||||
) : '',
|
) : '',
|
||||||
$its_me ? button(
|
($its_me && (
|
||||||
|
$auth->can('shifts_json_export')
|
||||||
|
|| $auth->can('ical')
|
||||||
|
|| $auth->can('atom')
|
||||||
|
)) ? button(
|
||||||
page_link_to('user_myshifts', ['reset' => 1]),
|
page_link_to('user_myshifts', ['reset' => 1]),
|
||||||
glyph('repeat') . __('Reset API key')
|
glyph('repeat') . __('Reset API key')
|
||||||
) : ''
|
) : ''
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
<link rel="stylesheet" type="text/css" href="{{ asset('assets/theme' ~ theme ~ '.css') }}"/>
|
<link rel="stylesheet" type="text/css" href="{{ asset('assets/theme' ~ theme ~ '.css') }}"/>
|
||||||
<script type="text/javascript" src="{{ asset('assets/vendor.js') }}"></script>
|
<script type="text/javascript" src="{{ asset('assets/vendor.js') }}"></script>
|
||||||
|
|
||||||
{% if page() in ['news', 'meetings'] and is_user() -%}
|
{% if page() in ['news', 'meetings'] and is_user() and has_permission_to('atom') -%}
|
||||||
{% set parameters = {'key': user.api_key} -%}
|
{% set parameters = {'key': user.api_key} -%}
|
||||||
{% if page() == 'meetings' -%}
|
{% if page() == 'meetings' -%}
|
||||||
{% set parameters = parameters|merge({'meetings': 1}) -%}
|
{% set parameters = parameters|merge({'meetings': 1}) -%}
|
||||||
|
|
|
@ -14,6 +14,7 @@ class SessionHandlerServiceProvider extends ServiceProvider
|
||||||
->give(function () {
|
->give(function () {
|
||||||
return [
|
return [
|
||||||
'/api',
|
'/api',
|
||||||
|
'/atom',
|
||||||
'/ical',
|
'/ical',
|
||||||
'/metrics',
|
'/metrics',
|
||||||
'/shifts-json-export',
|
'/shifts-json-export',
|
||||||
|
|
Loading…
Reference in New Issue