From 9001907b742c1453c90f9e2c02291733eade881a Mon Sep 17 00:00:00 2001 From: Xu Date: Thu, 2 Jun 2022 22:31:49 +0200 Subject: [PATCH] added voucher angel group right --- ..._000000_create_voucher_edit_permission.php | 53 +++++++++++++++++++ includes/controller/users_controller.php | 2 +- includes/view/User_view.php | 2 +- 3 files changed, 55 insertions(+), 2 deletions(-) create mode 100644 db/migrations/2022_06_02_000000_create_voucher_edit_permission.php diff --git a/db/migrations/2022_06_02_000000_create_voucher_edit_permission.php b/db/migrations/2022_06_02_000000_create_voucher_edit_permission.php new file mode 100644 index 00000000..4a1d3d2b --- /dev/null +++ b/db/migrations/2022_06_02_000000_create_voucher_edit_permission.php @@ -0,0 +1,53 @@ +schema->hasTable('Privileges')) { + return; + } + + $db = $this->schema->getConnection(); + $db->table('Privileges')->insert([ + ['name' => 'voucher.edit', 'desc' => 'Edit vouchers'], + ]); + $db->table('Groups')->insert([ + ['Name' => 'Voucher Angel', 'UID' => -26], + ]); + + $shiftCoordinatorGroup = -40; + $editId = $db->table('Privileges')->where('name', 'voucher.edit')->first()->id; + $arriveId = $db->table('Privileges')->where('name', 'admin_arrive')->first()->id; + $db->table('GroupPrivileges')->insert([ + ['group_id' => $shiftCoordinatorGroup, 'privilege_id' => $editId], + ['group_id' => -26, 'privilege_id' => $editId], + ['group_id' => -26, 'privilege_id' => $arriveId], + ]); + } + + /** + * Reverse the migration + */ + public function down() + { + if (!$this->schema->hasTable('Privileges')) { + return; + } + + $db = $this->schema->getConnection(); + $db->table('Privileges') + ->where('name', 'voucher.edit') + ->delete(); + $db->table('Groups') + ->where('UID', -26) + ->delete(); + } +} diff --git a/includes/controller/users_controller.php b/includes/controller/users_controller.php index 3566d636..fc2a4884 100644 --- a/includes/controller/users_controller.php +++ b/includes/controller/users_controller.php @@ -146,7 +146,7 @@ function user_edit_vouchers_controller() $user_source = $user; } - if (!auth()->can('admin_user')) { + if (!auth()->can('admin_user') && !auth()->can('voucher.edit')) { throw_redirect(page_link_to('')); } diff --git a/includes/view/User_view.php b/includes/view/User_view.php index d4d4a031..8e14ea68 100644 --- a/includes/view/User_view.php +++ b/includes/view/User_view.php @@ -641,7 +641,7 @@ function User_view( form_hidden('user', $user_source->id), form_submit('submit', __('arrived'), '', false, 'primary') ], page_link_to('admin_arrive'), true) : '', - $admin_user_privilege ? button( + $admin_user_privilege || $auth->can('voucher.edit') ? button( page_link_to( 'users', ['action' => 'edit_vouchers', 'user_id' => $user_source->id]