page update
This commit is contained in:
@@ -4,6 +4,8 @@ use MintyPHP\Http\Request;
|
||||
use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\I18n;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
|
||||
use MintyPHP\Service\Access\UiAccessService;
|
||||
use MintyPHP\Service\Content\PageService;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Flash;
|
||||
@@ -18,8 +20,18 @@ if ($currentUserId <= 0) {
|
||||
Router::redirect('login');
|
||||
}
|
||||
|
||||
$return = Request::safeReturnTarget((string) (requestInput()->bodyAll()['return'] ?? ''));
|
||||
$canEdit = app(UiAccessService::class)->allow(
|
||||
$currentUserId,
|
||||
SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_UPDATE
|
||||
);
|
||||
if (!$canEdit) {
|
||||
http_response_code(403);
|
||||
Flash::error(t('You are not allowed to edit this page'), $return, 'page_forbidden');
|
||||
Router::redirect($return !== '' ? $return : '');
|
||||
}
|
||||
|
||||
if (!Session::checkCsrfToken()) {
|
||||
$return = Request::safeReturnTarget((string) (requestInput()->bodyAll()['return'] ?? ''));
|
||||
Flash::error(t('Form expired, please try again'), $return, 'page_csrf');
|
||||
Router::redirect($return !== '' ? $return : '');
|
||||
}
|
||||
@@ -28,7 +40,6 @@ $slug = trim((string) (requestInput()->bodyAll()['slug'] ?? ''));
|
||||
$fromLocale = trim((string) (requestInput()->bodyAll()['from_locale'] ?? (I18n::$locale ?? '')));
|
||||
$toLocale = trim((string) (requestInput()->bodyAll()['to_locale'] ?? ''));
|
||||
|
||||
$return = Request::safeReturnTarget((string) (requestInput()->bodyAll()['return'] ?? ''));
|
||||
if ($return === '' && $slug !== '') {
|
||||
$return = 'page/' . $slug;
|
||||
}
|
||||
|
||||
@@ -5,6 +5,8 @@ use MintyPHP\Http\Request;
|
||||
use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\I18n;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
|
||||
use MintyPHP\Service\Access\UiAccessService;
|
||||
use MintyPHP\Service\Content\PageService;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Flash;
|
||||
@@ -28,7 +30,10 @@ if ($notFound) {
|
||||
|
||||
$user = $session['user'] ?? [];
|
||||
$currentUserId = (int) ($user['id'] ?? 0);
|
||||
$canEdit = $currentUserId > 0;
|
||||
$canEdit = app(UiAccessService::class)->allow(
|
||||
$currentUserId,
|
||||
SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_UPDATE
|
||||
);
|
||||
$returnPath = Request::path();
|
||||
if ($returnPath === '') {
|
||||
$returnPath = 'page/' . $slug;
|
||||
|
||||
@@ -45,7 +45,7 @@
|
||||
</section>
|
||||
<?php if ($canEdit): ?>
|
||||
<aside id="app-details-aside-section">
|
||||
<div class="app-details-aside-section">
|
||||
<div class="app-details-aside-section app-page-action-card">
|
||||
|
||||
<div class="grid">
|
||||
<button type="button" class="secondary outline" data-tooltip-pos="top"
|
||||
Reference in New Issue
Block a user