Moved some pages to be within admin route (#13782)

* Moved plugin admin pages to be within admin route * Wrap html transports page in admin check * Moved Port group controller to be admin protected * fixed tests
2024-09-21 10:28:13 +00:00 · 2022-02-14 07:40:30 +00:00 · 2022-02-14 07:40:30 +00:00 · 95970af78e
commit 95970af78e
parent 4c9d4eefd8
2 changed files with 30 additions and 24 deletions
--- a/includes/html/pages/alert-transports.inc.php
+++ b/includes/html/pages/alert-transports.inc.php
@ -1,29 +1,33 @@
 <?php

-// handle OAuth requests
-$request = request();  // grab the Request object
+if (Auth::user()->hasGlobalAdmin()) {
+    // handle OAuth requests
+    $request = request();  // grab the Request object

-if ($request->has('oauthtransport')) {
-    // make sure transport is safe
-    $validator = Validator::make($request->all(), ['oauthtransport' => 'required|alpha']);
+    if ($request->has('oauthtransport')) {
+        // make sure transport is safe
+        $validator = Validator::make($request->all(), ['oauthtransport' => 'required|alpha']);

-    if ($validator->passes()) {
-        $transport_name = $request->get('oauthtransport');
-        $class = \LibreNMS\Alert\Transport::getClass($transport_name);
-        if (class_exists($class)) {
-            $transport = app($class);
-            if ($transport->handleOauth($request)) {
-                flash()->addSuccess("$transport_name added successfully.");
-            } else {
-                flash()->addError("$transport_name was not added. Check the log for details.");
+        if ($validator->passes()) {
+            $transport_name = $request->get('oauthtransport');
+            $class = \LibreNMS\Alert\Transport::getClass($transport_name);
+            if (class_exists($class)) {
+                $transport = app($class);
+                if ($transport->handleOauth($request)) {
+                    flash()->addSuccess("$transport_name added successfully.");
+                } else {
+                    flash()->addError("$transport_name was not added. Check the log for details.");
+                }
            }
        }
+
+        // remove get variables otherwise things will get double added
+        echo '<script>window.history.replaceState(null, null, window.location.pathname);</script>';
    }
+    unset($request);

-    // remove get variables otherwise things will get double added
-    echo '<script>window.history.replaceState(null, null, window.location.pathname);</script>';
+    // print alert transports
+    require_once 'includes/html/print-alert-transports.php';
+} else {
+    include 'includes/html/error-no-perm.inc.php';
 }
-unset($request);
-
-// print alert transports
-require_once 'includes/html/print-alert-transports.php';
--- a/routes/web.php
+++ b/routes/web.php
@ -22,7 +22,6 @@ Route::group(['middleware' => ['auth'], 'guard' => 'auth'], function () {
    // pages
    Route::post('alert/{alert}/ack', [\App\Http\Controllers\AlertController::class, 'ack'])->name('alert.ack');
    Route::resource('device-groups', 'DeviceGroupController');
-    Route::resource('port-groups', 'PortGroupController');
    Route::resource('port', 'PortController', ['only' => 'update']);
    Route::group(['prefix' => 'poller'], function () {
        Route::get('', 'PollerController@pollerTab')->name('poller.index');
@ -75,11 +74,14 @@ Route::group(['middleware' => ['auth'], 'guard' => 'auth'], function () {
        Route::delete('settings/{name}', 'SettingsController@destroy')->name('settings.destroy');

        Route::post('alert/transports/{transport}/test', [\App\Http\Controllers\AlertTransportController::class, 'test'])->name('alert.transports.test');
+
+        Route::get('plugin/settings', 'PluginAdminController')->name('plugin.admin');
+        Route::get('plugin/settings/{plugin:plugin_name}', 'PluginSettingsController')->name('plugin.settings');
+        Route::post('plugin/settings/{plugin:plugin_name}', 'PluginSettingsController@update')->name('plugin.update');
+
+        Route::resource('port-groups', 'PortGroupController');
    });

-    Route::get('plugin/settings', 'PluginAdminController')->name('plugin.admin');
-    Route::get('plugin/settings/{plugin:plugin_name}', 'PluginSettingsController')->name('plugin.settings');
-    Route::post('plugin/settings/{plugin:plugin_name}', 'PluginSettingsController@update')->name('plugin.update');
    Route::get('plugin', 'PluginLegacyController@redirect');
    Route::redirect('plugin/view=admin', '/plugin/admin');
    Route::get('plugin/p={pluginName}', 'PluginLegacyController@redirect');