search

thedevdojo / voyager

Voyager - The Missing Laravel Admin
https://voyager.devdojo.com
MIT License
11.81k stars 2.67k forks source link

Media Manager per multiple folder Roles/Permissions? #5604

Open toto975 opened 2 years ago

toto975 commented 2 years ago

Laravel version

9.x

PHP version

8.4.1

Voyager version

1.5

Description of problem

Show only authorized folders for a user The https://github.com/the-control-group/voyager/issues/1792 is different

Proposed solution

The use case

In the filesystem

i have these folders image

The BREAD slug

image

The roles for the user

image image image

Folder to show in Media manager

In vendor\tcg\voyager\src\Http\Controllers\VoyagerMediaController.php

...
use Illuminate\Support\Facades\Gate;
...
        foreach ($storageItems as $item) {
            /**
             * Display of allowed folders only :
             *      - those that match the model permissions
             *      - the one who corresponds to the default role
             *      - those who correspond to additional roles
             */
            $root_folder = explode('/', $item['path']);
            $root_folder = $root_folder[0];
            $dataType = Voyager::model('DataType')->where('slug', '=', $root_folder)->first();

            /*  If the model exists and the user has the right to navigate on this model */
            $permission = $dataType && Gate::allows('browse', app($dataType->model_name));

            /*  If the user's default role exists and default role name is the same as the folder */
            $role_principal = Auth::user()->role->name && Str::lower(Auth::user()->role->name) == $root_folder;

            /*  If additonal user roles exist and their name is the same as the folder name */
            $roles_secondaires = Auth::user()->roles->pluck('name')->contains($root_folder);

            /* So we will display the folder and its files */
            if($permission || $role_principal || $roles_secondaires) {
                if ($item['type'] == 'dir') {
...

With the previous example, we should only see actualites and volaille

image

Alternatives considered

No response

Additional context

No response

emptynick commented 2 years ago

I don't see that happening based on roles/permissions. What I think would be feasible is a "callback" to allow to filter out "unwanted" items.