evrend
commented
7 years ago - Laravel Version: 5.5
- Voyager Version: 1.0 dev
- PHP Version: 7.1.5
- Database Driver & Version: MySQL 5.7.17
I have same problem.
Closed jargoud closed 6 years ago
evrend
commented
7 years ago I have same problem.
evrend
commented
7 years ago @fletch3555 , @jeremyargoud Looks like I've fixed the problem. But the code that checks the permissions must refactor to a fuction in package. I dont know where can i put it. So i dont send pull request.
File: vendor/tcg/voyager/resources/views/menu/admin_menu.blade.php
<ul class="nav navbar-nav">
@php
if (Voyager::translatable($items)) {
$items = $items->load('translations');
}
@endphp
@foreach ($items as $item)
@php
$originalItem = $item;
if (Voyager::translatable($item)) {
$item = $item->translate($options->locale);
}
// TODO - still a bit ugly - can move some of this stuff off to a helper in the future.
$listItemClass = [];
$styles = null;
$linkAttributes = null;
if(url($item->link()) == url()->current())
{
array_push($listItemClass,'active');
}
//If have children, default false. we will check childs permissions!
if(!$originalItem->children->isEmpty()) {
$show_menu_item = false;
} else {
$show_menu_item = true;
}
// With Children Attributes
if(!$originalItem->children->isEmpty())
{
foreach($originalItem->children as $children)
{
if(url($children->link()) == url()->current())
{
array_push($listItemClass,'active');
}
// Childrens Permission Checker
$self_prefix = str_replace('/', '\/', $options->user->prefix);
$slug = str_replace('/', '', preg_replace('/^\/'.$self_prefix.'/', '', $children->link()));
if ($slug != '') {
// Get dataType using slug
$dataType = $options->user->dataTypes->first(function ($value) use ($slug) {
return $value->slug == $slug;
});
if ($dataType) {
// Check if datatype permission exist
$exist = $options->user->permissions->first(function ($value) use ($dataType) {
return $value->key == 'browse_'.$dataType->name;
});
} else {
// Check if admin permission exists
$exist = $options->user->permissions->first(function ($value) use ($slug) {
return $value->key == 'browse_'.$slug;
});
}
if ($exist) {
if (in_array($exist->key, $options->user->user_permissions)) {
$show_menu_item = true;
}
}
}
}
$linkAttributes = 'href="#' . str_slug($item->title, '-') .'-dropdown-element" data-toggle="collapse" aria-expanded="'. (in_array('active', $listItemClass) ? 'true' : 'false').'"';
array_push($listItemClass, 'dropdown');
}
else
{
$linkAttributes = 'href="' . url($item->link()) .'"';
}
// Permission Checker
$self_prefix = str_replace('/', '\/', $options->user->prefix);
$slug = str_replace('/', '', preg_replace('/^\/'.$self_prefix.'/', '', $item->link()));
if ($slug != '') {
// Get dataType using slug
$dataType = $options->user->dataTypes->first(function ($value) use ($slug) {
return $value->slug == $slug;
});
if ($dataType) {
// Check if datatype permission exist
$exist = $options->user->permissions->first(function ($value) use ($dataType) {
return $value->key == 'browse_'.$dataType->name;
});
} else {
// Check if admin permission exists
$exist = $options->user->permissions->first(function ($value) use ($slug) {
return $value->key == 'browse_'.$slug;
});
}
if ($exist) {
// Check if current user has access
if (!in_array($exist->key, $options->user->user_permissions)) {
continue;
}
}
}
@endphp
@if($show_menu_item)
<li class="{{ implode(" ", $listItemClass) }}">
<a {!! $linkAttributes !!} target="{{ $item->target }}">
<span class="icon {{ $item->icon_class }}"></span>
<span class="title">{{ $item->title }}</span>
</a>
@if(!$originalItem->children->isEmpty())
<div id="{{ str_slug($originalItem->title, '-') }}-dropdown-element" class="panel-collapse collapse {{ (in_array('active', $listItemClass) ? 'in' : '') }}">
<div class="panel-body">
@include('voyager::menu.admin_menu', ['items' => $originalItem->children, 'options' => $options, 'innerLoop' => true])
</div>
</div>
@endif
</li>
@endif
@endforeach
</ul>
fletch3555
commented
7 years ago No need to post the whole file.... Please only post the suggested changes, or better yet, open a PR with the changes for us to review
github-actions[bot]
commented
4 years ago This issue has been automatically locked since there has not been any recent activity after it was closed. If you have further questions please ask in our Slack group.
Description:
Some items in the sidebar menu are not hidden, as they should according to the permissions I defined in the Roles page. I noticed this problem for the Tools dropdown (if empty, it is visible but empty) and the Settings and Hooks pages.
Steps To Reproduce:
From a fresh installation, go to roles and edit permissions for any of them: uncheck Browse Database, Browse Compass, Menus, Settings and Admin/Browse Hooks permissions. After signing in with a user having this edited role, the Tools dropdown, Settings and Hooks items are still visible.