From d86e297b81c91d10136a311dec692648ef78b70d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timoth=C3=A9e=20Jaussoin?=
 <timothee.jaussoin@belledonne-communications.com>
Date: Mon, 16 Dec 2024 14:51:03 +0000
Subject: [PATCH] Fix FLEXIAPI-251 Restrict UI elements not accessible by
 standard Admins or Users

---
 flexiapi/app/Http/Kernel.php                  |  2 --
 flexiapi/public/css/style.css                 |  2 ++
 .../views/admin/account/create_edit.blade.php |  4 ++--
 .../views/admin/space/show.blade.php          | 21 ++++++++++++-------
 .../views/admin/space/tabs.blade.php          |  7 +++----
 flexiapi/resources/views/parts/tabs.blade.php | 12 ++++++-----
 6 files changed, 27 insertions(+), 21 deletions(-)

diff --git a/flexiapi/app/Http/Kernel.php b/flexiapi/app/Http/Kernel.php
index 4f5c78a..b9d0a87 100644
--- a/flexiapi/app/Http/Kernel.php
+++ b/flexiapi/app/Http/Kernel.php
@@ -48,7 +48,6 @@ class Kernel extends HttpKernel
             \App\Http\Middleware\EncryptCookies::class,
             \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
             \Illuminate\Session\Middleware\StartSession::class,
-            // \Illuminate\Session\Middleware\AuthenticateSession::class,
             \Illuminate\View\Middleware\ShareErrorsFromSession::class,
             \App\Http\Middleware\VerifyCsrfToken::class,
             \Illuminate\Routing\Middleware\SubstituteBindings::class,
@@ -103,7 +102,6 @@ class Kernel extends HttpKernel
     protected $middlewarePriority = [
         \Illuminate\Session\Middleware\StartSession::class,
         \Illuminate\View\Middleware\ShareErrorsFromSession::class,
-        \App\Http\Middleware\Authenticate::class,
         \Illuminate\Routing\Middleware\ThrottleRequests::class,
         \Illuminate\Session\Middleware\AuthenticateSession::class,
         \Illuminate\Routing\Middleware\SubstituteBindings::class,
diff --git a/flexiapi/public/css/style.css b/flexiapi/public/css/style.css
index d4fd183..b270d54 100644
--- a/flexiapi/public/css/style.css
+++ b/flexiapi/public/css/style.css
@@ -508,11 +508,13 @@ header>h1 {
 
 h1 i {
     font-size: 3rem;
+    min-width: 3rem;
     margin-right: 1rem;
 }
 
 h2 {
     font-size: 2.25rem;
+    min-width: 2.25rem;
     font-weight: 800;
     padding: 1rem 0;
     color: var(--second-7);
diff --git a/flexiapi/resources/views/admin/account/create_edit.blade.php b/flexiapi/resources/views/admin/account/create_edit.blade.php
index 09e01d1..65527fd 100644
--- a/flexiapi/resources/views/admin/account/create_edit.blade.php
+++ b/flexiapi/resources/views/admin/account/create_edit.blade.php
@@ -102,8 +102,6 @@
 
         <h2>Other information</h2>
 
-        @include('parts.form.toggle', ['object' => $account, 'key' => 'activated', 'label' => 'Status'])
-
         <div>
             <input name="blocked" value="false" type="radio" @if (!$account->blocked) checked @endif>
             <p>Unblocked</p>
@@ -120,6 +118,8 @@
             <label>Role</label>
         </div>
 
+        @include('parts.form.toggle', ['object' => $account, 'key' => 'activated', 'label' => 'Status', 'supporting' => 'Is the account enabled?'])
+
         @if (config('app.intercom_features'))
             <div class="select">
                 <select name="dtmf_protocol">
diff --git a/flexiapi/resources/views/admin/space/show.blade.php b/flexiapi/resources/views/admin/space/show.blade.php
index 733ca0c..0b2b61e 100644
--- a/flexiapi/resources/views/admin/space/show.blade.php
+++ b/flexiapi/resources/views/admin/space/show.blade.php
@@ -1,9 +1,11 @@
 @extends('layouts.main')
 
 @section('breadcrumb')
-    <li class="breadcrumb-item">
-        <a href="{{ route('admin.spaces.index') }}">Spaces</a>
-    </li>
+    @if (auth()->user()->superAdmin)
+        <li class="breadcrumb-item">
+            <a href="{{ route('admin.spaces.index') }}">Spaces</a>
+        </li>
+    @endif
     <li class="breadcrumb-item">{{ $space->host }}</li>
     <li class="breadcrumb-item active" aria-current="page">Information</li>
 @endsection
@@ -11,14 +13,17 @@
 @section('content')
     <header>
         <h1><i class="ph">globe-hemisphere-west</i> {{ $space->host }}</h1>
-        <a class="btn btn-tertiary oppose" href="{{ route('admin.spaces.delete', $space->id) }}">
-            <i class="ph">trash</i>
-            Delete
-        </a>
 
-        <a class="btn btn-secondary" @if ($space->isFull())disabled @endif href="{{ route('admin.account.create', ['domain' => $space->domain]) }}">
+        <a class="btn btn-secondary oppose" @if ($space->isFull())disabled @endif href="{{ route('admin.account.create', ['domain' => $space->domain]) }}">
             <i class="ph">user-plus</i> New Account
         </a>
+
+        @if (auth()->user()->superAdmin)
+            <a class="btn btn-tertiary" href="{{ route('admin.spaces.delete', $space->id) }}">
+                <i class="ph">trash</i>
+                Delete
+            </a>
+        @endif
     </header>
 
     @include('admin.space.tabs')
diff --git a/flexiapi/resources/views/admin/space/tabs.blade.php b/flexiapi/resources/views/admin/space/tabs.blade.php
index 6a68a67..d602db9 100644
--- a/flexiapi/resources/views/admin/space/tabs.blade.php
+++ b/flexiapi/resources/views/admin/space/tabs.blade.php
@@ -1,10 +1,9 @@
 @php
-    $items = [
-        route('admin.spaces.show', $space->id) => 'Information',
-        route('admin.spaces.edit', $space->id) => 'Configuration'
-    ];
+    $items = [];
 
     if (auth()->user()->superAdmin) {
+        $items[route('admin.spaces.show', $space->id)] = 'Information';
+        $items[route('admin.spaces.edit', $space->id)] = 'Configuration';
         $items[route('admin.spaces.parameters', $space->id)] = 'Parameters';
     }
 @endphp
diff --git a/flexiapi/resources/views/parts/tabs.blade.php b/flexiapi/resources/views/parts/tabs.blade.php
index 29f46f6..b910f7c 100644
--- a/flexiapi/resources/views/parts/tabs.blade.php
+++ b/flexiapi/resources/views/parts/tabs.blade.php
@@ -1,5 +1,7 @@
-<ul class="tabs">
-    @foreach ($items as $route => $title)
-        <li @if (url()->current() == $route)class="current"@endif><a href="{{ $route }}">{{ $title }}</a></li>
-    @endforeach
-</ul>
+@if (!empty($items))
+    <ul class="tabs">
+        @foreach ($items as $route => $title)
+            <li @if (url()->current() == $route)class="current"@endif><a href="{{ $route }}">{{ $title }}</a></li>
+        @endforeach
+    </ul>
+@endif