Only super admin can visit update pages
This commit is contained in:
Pig Fang
parent
2f08a7db37
commit
4c2c74dafb
15
app/Http/Middleware/LockUpdatePage.php
Normal file
15
app/Http/Middleware/LockUpdatePage.php
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use App\Models\User;
|
||||
|
||||
class LockUpdatePage
|
||||
{
|
||||
public function handle($request, Closure $next)
|
||||
{
|
||||
abort_if($request->user()->permission < User::SUPER_ADMIN, 503);
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
|
|
@ -15,6 +15,7 @@
|
|||
- Tweaked style of chart at administration panel.
|
||||
- Optimized panel of changing theme color.
|
||||
- Tweaked some links at closet page.
|
||||
- Limited that only super administrators can visit update pages.
|
||||
|
||||
## Fixed
|
||||
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@
|
|||
- 调整管理面板中的图表样式
|
||||
- 优化「更改配色」的面板
|
||||
- 调整衣柜页面上的某些链接
|
||||
- 限制仅超级管理员才能访问升级页面
|
||||
|
||||
## 修复
|
||||
|
||||
|
|
|
|||
|
|
@ -21,6 +21,8 @@ Route::group(['middleware' => 'setup'], function () {
|
|||
Route::post('/finish', 'SetupController@finish');
|
||||
});
|
||||
|
||||
Route::any('/update', 'SetupController@update');
|
||||
Route::any('/exec-update', 'SetupController@doUpdate');
|
||||
Route::view('/changelog', 'setup.updates.changelog');
|
||||
Route::group(['middleware' => ['authorize', App\Http\Middleware\LockUpdatePage::class]], function () {
|
||||
Route::any('/update', 'SetupController@update');
|
||||
Route::any('/exec-update', 'SetupController@doUpdate');
|
||||
Route::view('/changelog', 'setup.updates.changelog');
|
||||
});
|
||||
|
|
|
|||
|
|
@ -210,4 +210,10 @@ class MiddlewareTest extends TestCase
|
|||
$this->get('/', ['user-agent' => 'MSIE'])->assertSee(trans('errors.http.ie'));
|
||||
$this->get('/', ['user-agent' => 'Trident'])->assertSee(trans('errors.http.ie'));
|
||||
}
|
||||
|
||||
public function testLockUpdatePage()
|
||||
{
|
||||
$this->actAs('admin')->get('/setup/changelog')->assertStatus(503);
|
||||
$this->actAs('superAdmin')->get('/setup/changelog')->assertStatus(200);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,12 +18,6 @@ class SetupControllerTest extends TestCase
|
|||
{
|
||||
use DatabaseTransactions;
|
||||
|
||||
protected function setUp(): void
|
||||
{
|
||||
parent::setUp();
|
||||
$this->dropAllTables();
|
||||
}
|
||||
|
||||
protected function tearDown(): void
|
||||
{
|
||||
$this->dropAllTables();
|
||||
|
|
@ -57,11 +51,13 @@ class SetupControllerTest extends TestCase
|
|||
|
||||
public function testWelcome()
|
||||
{
|
||||
$this->dropAllTables();
|
||||
$this->get('/setup')->assertViewIs('setup.wizard.welcome');
|
||||
}
|
||||
|
||||
public function testDatabase()
|
||||
{
|
||||
$this->dropAllTables();
|
||||
$fake = [
|
||||
'type' => env('DB_CONNECTION'),
|
||||
'host' => env('DB_HOST'),
|
||||
|
|
@ -80,6 +76,7 @@ class SetupControllerTest extends TestCase
|
|||
|
||||
public function testReportDatabaseConnectionError()
|
||||
{
|
||||
$this->dropAllTables();
|
||||
$this->post('/setup/database', ['type' => 'sqlite', 'host' => 'placeholder', 'db' => 'test'])
|
||||
->assertSee(trans('setup.database.connection-error', [
|
||||
'type' => 'SQLite',
|
||||
|
|
@ -89,6 +86,7 @@ class SetupControllerTest extends TestCase
|
|||
|
||||
public function testInfo()
|
||||
{
|
||||
$this->dropAllTables();
|
||||
$this->get('/setup/info')->assertViewIs('setup.wizard.info');
|
||||
Artisan::call('migrate:refresh');
|
||||
Schema::drop('users');
|
||||
|
|
@ -97,6 +95,7 @@ class SetupControllerTest extends TestCase
|
|||
|
||||
public function testFinish()
|
||||
{
|
||||
$this->dropAllTables();
|
||||
// Without `email` field
|
||||
$this->post('/setup/finish')
|
||||
->assertDontSee(trans('setup.wizard.finish.title'));
|
||||
|
|
@ -210,7 +209,8 @@ class SetupControllerTest extends TestCase
|
|||
|
||||
public function testUpdate()
|
||||
{
|
||||
$this->get('/setup/update')
|
||||
$this->actAs('superAdmin')
|
||||
->get('/setup/update')
|
||||
->assertSee(trans('setup.locked.text'));
|
||||
|
||||
option(['version' => '0.1.0']);
|
||||
|
|
@ -228,7 +228,7 @@ class SetupControllerTest extends TestCase
|
|||
); // Just a fixture
|
||||
|
||||
config(['options.new_option' => 'value']);
|
||||
$this->get('/setup/exec-update')->assertViewHas('tips');
|
||||
$this->actAs('superAdmin')->get('/setup/exec-update')->assertViewHas('tips');
|
||||
$this->assertEquals('value', option('new_option'));
|
||||
$this->assertEquals('100.0.0', option('version'));
|
||||
unlink(database_path("update_scripts/update-$current_version-to-100.0.0.php"));
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user