Merge pull request #1139 from dbarzin/dev

fix bug in access rights
dbarzin · Feb 27, 2025 · d1eb03d · d1eb03d
2 parents dd5461e + 624cdab
commit d1eb03d
Show file tree

Hide file tree

Showing 8 changed files with 2,490 additions and 1,896 deletions.
diff --git a/ROADMAP.md b/ROADMAP.md
@@ -12,7 +12,6 @@ Changements prévus en 2025 :
 - [o] Ajouter des champs personnalisés aux objets de la cartographie
 - [ ] Générer un annuaire de crise
 - [ ] Identifier les chemins critiques
-- [ ] Exploiter les logs - recherche et afficher tout les changements d'un objet
 - [ ] Utiliser des [Accessor pour les Model](https://laravel.com/docs/9.x/eloquent-mutators#defining-a-mutator)
 - [ ] Généraliser la notion de cartographe à d'autres objets (cf.: https://laravel.com/docs/10.x/authorization)
 - [ ] Générer les cartographes dans la gestion des utilisateurs
@@ -40,6 +39,7 @@ Changements réalisés en 2024 :
 - [x] Améliorer la recherche des CVE en assignat un CPE [Common Plateform Enumeration](https://nvd.nist.gov/products/cpe) aux objets de la cartographie.
 - [x] Pouvoir changer les images des objets
 - [x] Upgrade to [Bootstrap 5.3](https://getbootstrap.com/)
+- [x] Exploiter les logs - recherche et afficher tout les changements d'un objet
 
 ## Evolutions mineurs
 

diff --git a/app/Http/Controllers/API/ApplicationController.php b/app/Http/Controllers/API/ApplicationController.php
@@ -14,7 +14,7 @@ class ApplicationController extends Controller
 {
     public function index()
     {
-        abort_if(Gate::denies('application_access'), Response::HTTP_FORBIDDEN, '403 Forbidden');
+        abort_if(Gate::denies('m_application_access'), Response::HTTP_FORBIDDEN, '403 Forbidden');
 
         $applications = MApplication::all();
 
@@ -23,7 +23,7 @@ public function index()
 
     public function store(StoreApplicationRequest $request)
     {
-        abort_if(Gate::denies('application_create'), Response::HTTP_FORBIDDEN, '403 Forbidden');
+        abort_if(Gate::denies('m_application_create'), Response::HTTP_FORBIDDEN, '403 Forbidden');
 
         $application = MApplication::create($request->all());
         $application->entities()->sync($request->input('entities', []));
@@ -37,14 +37,14 @@ public function store(StoreApplicationRequest $request)
 
     public function show(MApplication $application)
     {
-        abort_if(Gate::denies('application_show'), Response::HTTP_FORBIDDEN, '403 Forbidden');
+        abort_if(Gate::denies('m_application_show'), Response::HTTP_FORBIDDEN, '403 Forbidden');
 
         return new ApplicationResource($application);
     }
 
     public function update(UpdateApplicationRequest $request, MApplication $application)
     {
-        abort_if(Gate::denies('application_edit'), Response::HTTP_FORBIDDEN, '403 Forbidden');
+        abort_if(Gate::denies('m_application_edit'), Response::HTTP_FORBIDDEN, '403 Forbidden');
 
         $application->update($request->all());
         $application->entities()->sync($request->input('entities', []));
@@ -58,7 +58,7 @@ public function update(UpdateApplicationRequest $request, MApplication $applicat
 
     public function destroy(MApplication $application)
     {
-        abort_if(Gate::denies('application_delete'), Response::HTTP_FORBIDDEN, '403 Forbidden');
+        abort_if(Gate::denies('m_application_delete'), Response::HTTP_FORBIDDEN, '403 Forbidden');
 
         $application->delete();
 

diff --git a/app/Http/Requests/MassDestroyApplicationRequest.php b/app/Http/Requests/MassDestroyApplicationRequest.php
@@ -10,7 +10,7 @@ class MassDestroyApplicationRequest extends FormRequest
 {
     public function authorize()
     {
-        abort_if(Gate::denies('application_delete'), Response::HTTP_FORBIDDEN, '403 Forbidden');
+        abort_if(Gate::denies('m_application_delete'), Response::HTTP_FORBIDDEN, '403 Forbidden');
 
         return true;
     }

diff --git a/app/Http/Requests/StoreApplicationRequest.php b/app/Http/Requests/StoreApplicationRequest.php
@@ -10,7 +10,7 @@ class StoreApplicationRequest extends FormRequest
 {
     public function authorize()
     {
-        abort_if(Gate::denies('application_create'), Response::HTTP_FORBIDDEN, '403 Forbidden');
+        abort_if(Gate::denies('m_application_create'), Response::HTTP_FORBIDDEN, '403 Forbidden');
 
         return true;
     }

diff --git a/app/Http/Requests/UpdateApplicationRequest.php b/app/Http/Requests/UpdateApplicationRequest.php
@@ -10,7 +10,7 @@ class UpdateApplicationRequest extends FormRequest
 {
     public function authorize()
     {
-        abort_if(Gate::denies('application_edit'), Response::HTTP_FORBIDDEN, '403 Forbidden');
+        abort_if(Gate::denies('m_application_edit'), Response::HTTP_FORBIDDEN, '403 Forbidden');
 
         return true;
     }