Enable/Disable Items with authentification headers

.env.example

@@ -48,3 +48,9 @@ PUSHER_APP_CLUSTER=mt1
 
 MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
 MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
+
+AUTH_ROLES_ENABLE=false
+AUTH_ROLES_HEADER="remote-groups"
+AUTH_ROLES_HTTP_HEADER="HTTP_REMOTE_GROUPS"
+AUTH_ROLES_ADMIN="admin"
+AUTH_ROLES_DELIMITER=","

app/Http/Controllers/ItemController.php

@@ -33,34 +33,59 @@ public function __construct()
     /**
      * Display a listing of the resource on the dashboard.
      */
-    public function dash(): View
+    public function dash(Request $request): View
     {
         $treat_tags_as = \App\Setting::fetch('treat_tags_as');
 
         $data["treat_tags_as"] = $treat_tags_as;
 
-        if ($treat_tags_as == 'categories') {
-            $data['categories'] = Item::whereHas('children')->with('children', function ($query) {
-                $query->pinned()->orderBy('order', 'asc');
-            })->pinned()->orderBy('order', 'asc')->get();
-
-        } elseif ($treat_tags_as == 'tags') {
-            $data['apps'] = Item::with('parents')->where('type', 0)->pinned()->orderBy('order', 'asc')->get();
-            $data['all_apps'] = Item::where('type', 0)->orderBy('order', 'asc')->get();
-            $data['taglist'] = Item::where('id', 0)->orWhere(function($query) {
-                $query->where('type', 1)->pinned();
-            })->orderBy('order', 'asc')->get();
+        if (config('app.auth_roles_enable')) {
+            $roles = explode(config('app.auth_roles_delimiter'), $request->header(config('app.auth_roles_header')));
+            if ($treat_tags_as == 'categories') {
+                $data['categories'] = Item::whereHas('children')->with('children', function ($query) {
+                    $query->pinned()->orderBy('order', 'asc');
+                })->pinned()->orderBy('order', 'asc')->get();
+
+            } elseif ($treat_tags_as == 'tags') {
+                $data['apps'] = Item::with('parents')->where('type', 0)->pinned()->orderBy('order', 'asc')->get();
+                $data['all_apps'] = Item::where('type', 0)->orderBy('order', 'asc')->get();
+                $data['taglist'] = Item::where('id', 0)->orWhere(function($query) {
+                    $query->where('type', 1)->pinned();
+                })->orderBy('order', 'asc')->get();
+            } else {
+
+                $data['apps'] = Item::whereHas('parents', function ($query) {
+                    $query->where('id', 0);
+                })->whereIn('role', $roles)->orWhere('type', 1)->pinned()->orderBy('order', 'asc')->get();
+
+                $data['all_apps'] = Item::whereHas('parents', function ($query) {
+                    $query->where('id', 0);
+                })->orWhere('type', 1)->orderBy('order', 'asc')->get();
+            }
         } else {
-
-            $data['apps'] = Item::whereHas('parents', function ($query) {
-                $query->where('id', 0);
-            })->orWhere('type', 1)->pinned()->orderBy('order', 'asc')->get();
-
-            $data['all_apps'] = Item::whereHas('parents', function ($query) {
-                $query->where('id', 0);
-            })->orWhere(function ($query) {
-                $query->where('type', 1)->whereNot('id', 0);
-            })->orderBy('order', 'asc')->get();
+            if ($treat_tags_as == 'categories') {
+                $data['categories'] = Item::whereHas('children')->with('children', function ($query) {
+                    $query->pinned()->orderBy('order', 'asc');
+                })->pinned()->orderBy('order', 'asc')->get();
+
+            } elseif ($treat_tags_as == 'tags') {
+                $data['apps'] = Item::with('parents')->where('type', 0)->pinned()->orderBy('order', 'asc')->get();
+                $data['all_apps'] = Item::where('type', 0)->orderBy('order', 'asc')->get();
+                $data['taglist'] = Item::where('id', 0)->orWhere(function($query) {
+                    $query->where('type', 1)->pinned();
+                })->orderBy('order', 'asc')->get();
+            } else {
+
+                $data['apps'] = Item::whereHas('parents', function ($query) {
+                    $query->where('id', 0);
+                })->orWhere('type', 1)->pinned()->orderBy('order', 'asc')->get();
+
+                $data['all_apps'] = Item::whereHas('parents', function ($query) {
+                    $query->where('id', 0);
+                })->orWhere(function ($query) {
+                    $query->where('type', 1)->whereNot('id', 0);
+                })->orderBy('order', 'asc')->get();
+            }
         }
 
         //$data['all_apps'] = Item::doesntHave('parents')->get();

app/Http/Controllers/TagController.php

@@ -88,11 +88,16 @@ public function store(Request $request): RedirectResponse
      *
      * @param $slug
      */
-    public function show($slug): View
+    public function show($slug, Request $request): View
     {
         $item = Item::whereUrl($slug)->first();
         //print_r($item);
-        $data['apps'] = $item->children()->pinned()->orderBy('order', 'asc')->get();
+        if (config('app.auth_roles_enable')) {
+            $roles = explode(config('app.auth_roles_delimiter'), $request->header(config('app.auth_roles_header')));
+            $data['apps'] = $item->children()->whereIn('role', $roles)->pinned()->orderBy('order', 'asc')->get();
+        } else {
+            $data['apps'] = $item->children()->pinned()->orderBy('order', 'asc')->get();
+        }
         $data['tag'] = $item->id;
         $data['all_apps'] = $item->children;
 

app/Item.php

@@ -33,6 +33,7 @@
  * @property string|null $class
  * @property string|null $appid
  * @property string|null $appdescription
+ * @property string|null $role
  * @property-read \Illuminate\Database\Eloquent\Collection|Item[] $children
  * @property-read int|null $children_count
  * @property-read string $droppable
@@ -51,6 +52,7 @@
  * @method static Builder|Item pinned()
  * @method static Builder|Item query()
  * @method static Builder|Item whereAppdescription($value)
+ * @method static Builder|Item whereRole($value)
  * @method static Builder|Item whereAppid($value)
  * @method static Builder|Item whereClass($value)
  * @method static Builder|Item whereColour($value)
@@ -105,6 +107,7 @@ protected static function boot(): void
         'user_id',
         'tag_id',
         'appid',
+        'role',
     ];
 
 

app/Providers/AppServiceProvider.php

@@ -88,6 +88,11 @@ public function boot(): void
             $view->with('trianglify_seed', $trianglify_seed);
             $view->with('allusers', $allusers);
             $view->with('current_user', $current_user);
+            if (config('app.auth_roles_enable')){
+                $view->with('enable_auth_admin_controles', in_array(config('app.auth_roles_admin'),explode(config('app.auth_roles_delimiter'), $_SERVER[config('app.auth_roles_http_header')])));
+            } else {
+                $view->with('enable_auth_admin_controles', true);
+            }
         });
 
         $this->app['view']->addNamespace('SupportedApps', app_path('SupportedApps'));

config/app.php

@@ -192,4 +192,10 @@
         'Yaml' => Symfony\Component\Yaml\Yaml::class,
     ])->toArray(),
 
+    'auth_roles_enable' =>  (bool) env('AUTH_ROLES_ENABLE', false),
+    'auth_roles_header' =>  env('AUTH_ROLES_HEADER', 'remote-groups'),
+    'auth_roles_http_header' =>  env('AUTH_ROLES_HTTP_HEADER', 'HTTP_REMOTE_GROUPS'),
+    'auth_roles_admin' =>  env('AUTH_ROLES_ADMIN', 'admin'),
+    'auth_roles_delimiter' =>  env('AUTH_ROLES_DELIMITER', ','),
+
 ];

database/migrations/2023_01_27_121000_add_role_to_item.php

@@ -0,0 +1,32 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class AddRoleToItem extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('items', function (Blueprint $table) {
+            $table->text('role')->nullable();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('items', function (Blueprint $table) {
+            //
+        });
+    }
+}

lang/de/app.php

@@ -105,4 +105,7 @@
   'alert.success.user_restored' => 'Nutzer erfolgreich wiederhergestellt',
   'dashboard.reorder' => 'Elemente neu anordnen und anheften',
   'dashboard.settings' => 'Einstellungen',
+  'role' => 'Authentifizierungsrolle',
+  'unauthorized_for_form' => 'Sie haben keinen Zugriff auf diese Seite.',
+  'disabled_feature' => 'Diese Funktion ist deaktiviert.',
 );

lang/en/app.php

@@ -114,4 +114,7 @@
   'alert.success.user_restored' => 'User restored successfully',
   'dashboard.reorder' => 'Reorder and pin items',
   'dashboard.settings' => 'Settings',
+  'role' => 'Authentication role',
+  'unauthorized_for_form' => 'You are not authorized to view this form.',
+  'disabled_feature' => 'This feature is disabled.',
 );

resources/views/auth/login.blade.php

@@ -1,6 +1,8 @@
 @extends('layouts.app')
 
+
 @section('content')
+@if(!$app['config']->get('app.auth_roles_enable', false))
 <?php
 $user = \App\User::currentUser();
 ?>
@@ -21,5 +23,14 @@
     </div>
 
 </form>
+@else
+<section class="module-container">
+<header>
+    <div class="section-title">
+        {{ __('app.disabled_feature') }}
+    </div>
+</header>
+</section>
+@endif
 
 @endsection

resources/views/items/form.blade.php

@@ -1,4 +1,5 @@
-    <section class="module-container">
+<section class="module-container">
+        @if($enable_auth_admin_controles)
         <header>
             <div class="section-title">{{ __('app.apps.preview') }}</div>
             <div class="module-actions">
@@ -76,6 +77,13 @@
                 {!! Form::select('tags[]', $tags, $current_tags, ['class' => 'tags', 'multiple']) !!}
             </div>
 
+            @if($app['config']->get('app.auth_roles_enable', false))
+            <div class="input">
+                <label>{{ __('app.role') }}</label>
+                {!! Form::text('role', $item->role ?? null, array('placeholder' => __('app.role'), 'id' => 'role', 'class' => 'form-control')) !!}
+            </div>
+            @endif
+
             <div class="input">
                 <div class="icon-container">
                     <div id="appimage">
@@ -137,6 +145,13 @@
                 <a href="{{ route('items.index', []) }}" class="button"><i class="fa fa-ban"></i><span>{{ __('app.buttons.cancel') }}</span></a>
             </div>
         </footer>
+        @else
+        <header>
+            <div class="section-title">
+                {{ __('app.unauthorized_for_form') }}
+            </div>
+        </header>
+        @endif
 
     </section>
 

resources/views/items/import.blade.php

@@ -3,6 +3,7 @@
 @section('content')
 
     <section class="module-container">
+        @if($enable_auth_admin_controles)
         <header>
             <div class="section-title">{{ __('app.import') }}</div>
             <div class="module-actions">
@@ -31,6 +32,13 @@
                 <a href="{{ route('settings.index', []) }}" class="button"><i class="fa fa-ban"></i><span>{{ __('app.buttons.cancel') }}</span></a>
             </div>
         </footer>
+        @else
+        <header>
+            <div class="section-title">
+                {{ __('app.unauthorized_for_form') }}
+            </div>
+        </header>
+        @endif
 
     </section>
 

resources/views/items/list.blade.php

@@ -2,6 +2,7 @@
 
 @section('content')
         <section class="module-container">
+            @if($enable_auth_admin_controles)
             <header>
                 <div class="section-title">
                     {{ __('app.apps.app_list') }}
@@ -53,6 +54,13 @@
 
                 </tbody>
             </table>
+            @else
+            <header>
+                <div class="section-title">
+                    {{ __('app.unauthorized_for_form') }}
+                </div>
+            </header>
+            @endif
         </section>
 
 

resources/views/layouts/app.blade.php

@@ -82,7 +82,7 @@
                         </div>
                     </div>
                     @endif
-                    @if($allusers->count() > 1)
+                    @if(!($allusers->count() <= 1 || config('app.auth_roles_enable')))
                     <div id="switchuser">
                         @if($current_user->avatar)
                         <img class="user-img" src="{{ asset('/storage/'.$current_user->avatar) }}" />
@@ -94,22 +94,22 @@
                     </div>
                     @endif
                     @yield('content')
+                    @if($enable_auth_admin_controles)
                     <div id="config-buttons">
-
-
                         @if(Route::is('dash') || Route::is('tags.show'))
                         <a id="config-button" class="config" href=""><i class="fas fa-exchange"></i><div class="tooltip left">{{ __('app.dashboard.reorder') }}</div></a>
 
                         @endif
 
                         <a id="dash" class="config" href="{{ route('dash', []) }}"><i class="fas fa-th"></i><div class="tooltip left">{{ __('app.dashboard') }}</div></a>
-                        @if($current_user->id === 1)
+                        @if($current_user->id === 1 && !config('app.auth_roles_enable'))
                         <a id="users" class="config" href="{{ route('users.index', []) }}"><i class="fas fa-user"></i><div class="tooltip left">{{ __('app.user.user_list') }}</div></a>
                         @endif
                         <a id="items" class="config" href="{{ route('items.index', []) }}"><i class="fas fa-list"></i><div class="tooltip left">{{ __('app.apps.app_list') }}</div></a>
                         <a id="folder" class="config" href="{{ route('tags.index', []) }}"><i class="fas fa-tag"></i><div class="tooltip left">{{ __('app.apps.tag_list') }}</div></a>
                         <a id="settings" class="config" href="{{ route('settings.index', []) }}"><i class="fas fa-cogs"></i><div class="tooltip left">{{ __('app.dashboard.settings') }}</div></a>
                     </div>
+                    @endif
                 </main>
 
             </div>

resources/views/settings/form.blade.php

@@ -1,4 +1,5 @@
 <section class="module-container">
+@if($enable_auth_admin_controles)
         <header>
             <div class="section-title">{{ __($setting->label) }}</div>
             <div class="module-actions">
@@ -26,5 +27,12 @@
                 <a href="{{ route('settings.index', []) }}" class="button"><i class="fa fa-ban"></i><span>{{ __('app.buttons.cancel') }}</span></a>
             </div>
         </footer>
+        @else
+        <header>
+            <div class="section-title">
+                {{ __('app.unauthorized_for_form') }}
+            </div>
+        </header>
+        @endif
 
-    </section>
+</section>

resources/views/settings/list.blade.php

@@ -2,6 +2,7 @@
 
 @section('content')
 
+    @if($enable_auth_admin_controles)
     @foreach ($groups as $index => $group)
         <section class="module-container">
             <header>
@@ -57,5 +58,14 @@
             </table>
         </section>
     @endforeach
+    @else
+    <section class="module-container">
+        <header>
+            <div class="section-title">
+                {{ __('app.unauthorized_for_form') }}
+            </div>
+        </header>
+    </section>
+    @endif
 
 @endsection