Handle redirect if the user does not have permission to view results

2026-02-05 09:35:49 +00:00 · 2025-12-09 23:46:33 +00:00
parent 7854543122
commit a350b9bc3d
1 changed files with 32 additions and 5 deletions
--- a/app/Http/Controllers/Api/ImportController.php
+++ b/app/Http/Controllers/Api/ImportController.php
@ -15,6 +15,7 @@ use Illuminate\Database\Eloquent\JsonEncodingException;
 use Illuminate\Support\Facades\Request;
 use Illuminate\Support\Facades\Session;
 use Illuminate\Support\Facades\Storage;
+use Illuminate\Support\Str;
 use League\Csv\Reader;
 use Onnov\DetectEncoding\EncodingDetector;
 use Symfony\Component\HttpFoundation\File\Exception\FileException;
@ -149,7 +150,9 @@ class ImportController extends Controller
                }

                $date = date('Y-m-d-his');
-                $fixed_filename = str_slug($file->getClientOriginalName());
+
+                $fixed_filename = Str::of($file->getClientOriginalName())->basename('.csv').'.csv';
+                
                try {
                    $file->move($path, $date.'-'.$fixed_filename);
                } catch (FileException $exception) {
@ -211,36 +214,47 @@ class ImportController extends Controller
        $redirectTo = 'hardware.index';
        switch ($request->get('import-type')) {
            case 'asset':
+                $model_perms = 'App\Models\Asset';
                $redirectTo = 'hardware.index';
                break;
            case 'assetModel':
+                $model_perms = 'App\Models\AssetModel';
                $redirectTo = 'models.index';
                break;
            case 'accessory':
+                $model_perms = 'App\Models\Accessory';
                $redirectTo = 'accessories.index';
                break;
            case 'consumable':
+                $model_perms = 'App\Models\Consumable';
                $redirectTo = 'consumables.index';
                break;
            case 'component':
+                $model_perms = 'App\Models\Component';
                $redirectTo = 'components.index';
                break;
            case 'license':
+                $model_perms = 'App\Models\License';
                $redirectTo = 'licenses.index';
                break;
            case 'user':
+                $model_perms = 'App\Models\User';
                $redirectTo = 'users.index';
                break;
            case 'location':
+                $model_perms = 'App\Models\Location';
                $redirectTo = 'locations.index';
                break;
            case 'supplier':
+                $model_perms = 'App\Models\Supplier';
                $redirectTo = 'suppliers.index';
                break;
            case 'manufacturer':
+                $model_perms = 'App\Models\Manufacturer';
                $redirectTo = 'manufacturers.index';
                break;
            case 'category':
+                $model_perms = 'App\Models\Category';
                $redirectTo = 'categories.index';
                break;
        }
@ -251,7 +265,11 @@ class ImportController extends Controller
        //Flash message before the redirect
        Session::flash('success', trans('admin/hardware/message.import.success'));

-        return response()->json(Helper::formatStandardApiResponse('success', null, ['redirect_url' => route($redirectTo)]));
+        if (auth()->user()->can('view', $model_perms)) {
+            return response()->json(Helper::formatStandardApiResponse('success', null, ['redirect_url' => route($redirectTo)]));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('success', null, ['redirect_url' => route('imports.index')]));
    }

    /**
@ -261,18 +279,25 @@ class ImportController extends Controller
     */
    public function destroy($import_id) : JsonResponse
    {
-        $this->authorize('create', Asset::class);
+        $this->authorize('import');

        if ($import = Import::find($import_id)) {
+
+
+            if ((auth()->user()->id != $import->created_by) && (!auth()->user()->isSuperUser())) {
+                return response()->json(Helper::formatStandardApiResponse('warning', null, trans('admin/hardware/message.import.file_not_deleted_warning')));
+            }
+
+
            try {
                // Try to delete the file
                Storage::delete('imports/'.$import->file_path);
-                $import->delete();
+                // $import->delete();

                return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/hardware/message.import.file_delete_success')));
            } catch (\Exception $e) {
                // If the file delete didn't work, remove it from the database anyway and return a warning
-                $import->delete();
+                // $import->delete();

                return response()->json(Helper::formatStandardApiResponse('warning', null, trans('admin/hardware/message.import.file_not_deleted_warning')));
            }
@ -280,4 +305,6 @@ class ImportController extends Controller
        }
        return response()->json(Helper::formatStandardApiResponse('warning', null, trans('admin/hardware/message.import.file_not_deleted_warning')));
    }
+
+
 }