Fix FLEXIAPI-251 Restrict UI elements not accessible by standard Admins or Users

2026-01-17 10:08:05 +00:00 · 2024-12-16 14:51:03 +00:00 · 2024-12-16 14:51:03 +00:00 · d86e297b81
commit d86e297b81
parent 4add0d7daa
6 changed files with 27 additions and 21 deletions
--- a/flexiapi/app/Http/Kernel.php
+++ b/flexiapi/app/Http/Kernel.php
@ -48,7 +48,6 @@ class Kernel extends HttpKernel
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
-            // \Illuminate\Session\Middleware\AuthenticateSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            \App\Http\Middleware\VerifyCsrfToken::class,
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
@ -103,7 +102,6 @@ class Kernel extends HttpKernel
    protected $middlewarePriority = [
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
-        \App\Http\Middleware\Authenticate::class,
        \Illuminate\Routing\Middleware\ThrottleRequests::class,
        \Illuminate\Session\Middleware\AuthenticateSession::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
--- a/flexiapi/public/css/style.css
+++ b/flexiapi/public/css/style.css
@ -508,11 +508,13 @@ header>h1 {

 h1 i {
    font-size: 3rem;
+    min-width: 3rem;
    margin-right: 1rem;
 }

 h2 {
    font-size: 2.25rem;
+    min-width: 2.25rem;
    font-weight: 800;
    padding: 1rem 0;
    color: var(--second-7);
--- a/flexiapi/resources/views/admin/account/create_edit.blade.php
+++ b/flexiapi/resources/views/admin/account/create_edit.blade.php
@ -102,8 +102,6 @@

        <h2>Other information</h2>

-        @include('parts.form.toggle', ['object' => $account, 'key' => 'activated', 'label' => 'Status'])
-
        <div>
            <input name="blocked" value="false" type="radio" @if (!$account->blocked) checked @endif>
            <p>Unblocked</p>
@ -120,6 +118,8 @@
            <label>Role</label>
        </div>

+        @include('parts.form.toggle', ['object' => $account, 'key' => 'activated', 'label' => 'Status', 'supporting' => 'Is the account enabled?'])
+
        @if (config('app.intercom_features'))
            <div class="select">
                <select name="dtmf_protocol">
--- a/flexiapi/resources/views/admin/space/show.blade.php
+++ b/flexiapi/resources/views/admin/space/show.blade.php
@ -1,9 +1,11 @@
@extends('layouts.main')

@section('breadcrumb')
+    @if (auth()->user()->superAdmin)
        <li class="breadcrumb-item">
            <a href="{{ route('admin.spaces.index') }}">Spaces</a>
        </li>
+    @endif
    <li class="breadcrumb-item">{{ $space->host }}</li>
    <li class="breadcrumb-item active" aria-current="page">Information</li>
@endsection
@ -11,14 +13,17 @@
@section('content')
    <header>
        <h1><i class="ph">globe-hemisphere-west</i> {{ $space->host }}</h1>
-        <a class="btn btn-tertiary oppose" href="{{ route('admin.spaces.delete', $space->id) }}">
+
+        <a class="btn btn-secondary oppose" @if ($space->isFull())disabled @endif href="{{ route('admin.account.create', ['domain' => $space->domain]) }}">
+            <i class="ph">user-plus</i> New Account
+        </a>
+
+        @if (auth()->user()->superAdmin)
+            <a class="btn btn-tertiary" href="{{ route('admin.spaces.delete', $space->id) }}">
                <i class="ph">trash</i>
                Delete
            </a>
-
-        <a class="btn btn-secondary" @if ($space->isFull())disabled @endif href="{{ route('admin.account.create', ['domain' => $space->domain]) }}">
-            <i class="ph">user-plus</i> New Account
-        </a>
+        @endif
    </header>

    @include('admin.space.tabs')
--- a/flexiapi/resources/views/admin/space/tabs.blade.php
+++ b/flexiapi/resources/views/admin/space/tabs.blade.php
@ -1,10 +1,9 @@
@php
-    $items = [
-        route('admin.spaces.show', $space->id) => 'Information',
-        route('admin.spaces.edit', $space->id) => 'Configuration'
-    ];
+    $items = [];

    if (auth()->user()->superAdmin) {
+        $items[route('admin.spaces.show', $space->id)] = 'Information';
+        $items[route('admin.spaces.edit', $space->id)] = 'Configuration';
        $items[route('admin.spaces.parameters', $space->id)] = 'Parameters';
    }
@endphp
--- a/flexiapi/resources/views/parts/tabs.blade.php
+++ b/flexiapi/resources/views/parts/tabs.blade.php
@ -1,5 +1,7 @@
+@if (!empty($items))
    <ul class="tabs">
        @foreach ($items as $route => $title)
            <li @if (url()->current() == $route)class="current"@endif><a href="{{ $route }}">{{ $title }}</a></li>
        @endforeach
    </ul>
+@endif