mirror of
https://github.com/librenms/librenms.git
synced 2024-09-21 02:18:39 +00:00
Added read permission test to the custom map model (#16030)
* Added read permission test to the custom map model * Formatting fixes * Moved permission check logic into SQL to avoid errors accessing undefined properties * Update custom map permission code to avoid unneeded SQL query
This commit is contained in:
parent
0c35b7dc4f
commit
c1f955e06e
@ -29,6 +29,7 @@ use Illuminate\Database\Eloquent\Builder;
|
||||
use Illuminate\Database\Eloquent\Factories\HasFactory;
|
||||
use Illuminate\Database\Eloquent\Relations\HasMany;
|
||||
use Illuminate\Database\Eloquent\Relations\HasOne;
|
||||
use Permissions;
|
||||
|
||||
class CustomMap extends BaseModel
|
||||
{
|
||||
@ -80,9 +81,23 @@ class CustomMap extends BaseModel
|
||||
return $config;
|
||||
}
|
||||
|
||||
public function hasAccess(): bool
|
||||
public function hasReadAccess(User $user): bool
|
||||
{
|
||||
return false; // TODO calculate based on device access
|
||||
$device_ids = $this->nodes()->whereNotNull('device_id')->pluck('device_id');
|
||||
|
||||
// Restricted users can only view maps that have at least one device
|
||||
if (count($device_ids) === 0) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Deny access if we don't have permission on any device
|
||||
foreach ($device_ids as $device_id) {
|
||||
if (! Permissions::canAccessDevice($device_id, $user)) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
public function scopeHasAccess($query, User $user)
|
||||
|
@ -29,7 +29,7 @@ class CustomMapPolicy
|
||||
*/
|
||||
public function view(User $user, CustomMap $customMap): bool
|
||||
{
|
||||
return $user->hasGlobalRead() || $customMap->hasAccess();
|
||||
return $user->hasGlobalRead() || $customMap->hasReadAccess($user);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -45,7 +45,7 @@ class CustomMapPolicy
|
||||
*/
|
||||
public function update(User $user, CustomMap $customMap): bool
|
||||
{
|
||||
return $user->hasGlobalRead() || $customMap->hasAccess();
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
|
Loading…
Reference in New Issue
Block a user