{
protected function setupSettingsRoutes($segment, $routeName, $controller)
{
- Route::match(['get','post'], $segment . '/{id}/download_settings', $controller . '@collectionSettings')->name("download_settings_by_ids");
+ Route::match(['get', 'post'], $segment . '/{id}/download_settings', $controller . '@collectionSettings')->name("download_settings_by_ids");
}
- protected function collectionSettings($id) {
+ protected function collectionSettings($id)
+ {
+ if (!can('fluidbook-publication:admin')) {
+ abort('403');
+ }
$userId = backpack_user()->id;
- $publications = Arr::flatten(FluidbookCollection::where('id',$id)->get('publications')->toArray(), 2);
- $ids = Arr::join(array_column($publications,'fluidbook'), ',');
- $file = (new FluidbookSettingsExport($ids,$userId,true))->handle();
+ $publications = Arr::flatten(FluidbookCollection::where('id', $id)->get('publications')->toArray(), 2);
+ $ids = Arr::join(array_column($publications, 'fluidbook'), ',');
+ $file = (new FluidbookSettingsExport($ids, $userId, true))->handle();
return response()->download($file, 'settings_export.xlsx')->deleteFileAfterSend();
}
}
{
protected function setupSettingsRoutes($segment, $routeName, $controller)
{
- Route::match(['get','post'], $segment . '/download_settings/{file}', $controller . '@fluidbookSettings')->withoutMiddleware([CheckIfAdmin::class])->name("download_settings");
+ Route::match(['get', 'post'], $segment . '/download_settings/{file}', $controller . '@fluidbookSettings')->withoutMiddleware([CheckIfAdmin::class])->name("download_settings");
Route::match(['post'], $segment . '/send_link/{ids}', $controller . '@sendLinkForDownload')->name("send_link");
}
- protected function fluidbookSettings($file) {
+ protected function fluidbookSettings($file)
+ {
+ if (!can('fluidbook-publication:admin')) {
+ abort('403');
+ }
$name = "settings_export";
- $path = "/tmp/cubist".base64_decode($file);
- if (!file_exists($path)) abort(404);
+ $path = "/tmp/cubist" . base64_decode($file);
+ if (!file_exists($path)) {
+ abort(404);
+ }
return response()->download($path, $name . '.xlsx');
}
- protected function sendLinkForDownload($ids) {
+ protected function sendLinkForDownload($ids)
+ {
+ if (!can('fluidbook-publication:admin')) {
+ abort('403');
+ }
$userId = backpack_user()->id;
- dispatch_sync(new FluidbookSettingsExport($ids,$userId));
+ dispatch_sync(new FluidbookSettingsExport($ids, $userId));
}
}
{
$user = User::withoutGlobalScopes()->find($this->userID); //5908
- if(!can('fluidbook-publication:admin')){
- abort('403');
- }
-
//
$model = FluidbookPublication::whereIn('id', $this->listID);
projects / fluidbook-toolbox.git / commitdiff