All permissions except Settings

app/Http/Controllers/Admin/ActivityLogController.php

@@ -14,6 +14,7 @@ use Spatie\Activitylog\Models\Activity;
 
 class ActivityLogController extends Controller
 {
+    const VIEW_PERMISSION = "admin.logs.read";
     /**
      * Display a listing of the resource.
      *
@@ -21,6 +22,9 @@ class ActivityLogController extends Controller
      */
     public function index(Request $request)
     {
+        $this->checkPermission(self::VIEW_PERMISSION);
+
+
         $cronLogs = Storage::disk('logs')->exists('cron.log') ? Storage::disk('logs')->get('cron.log') : null;
 
         if ($request->input('search')) {

app/Http/Controllers/Admin/ApplicationApiController.php

@@ -16,6 +16,8 @@ use Illuminate\Http\Response;
 
 class ApplicationApiController extends Controller
 {
+    const READ_PERMISSION = "admin.api.read";
+    const WRITE_PERMISSION = "admin.api.write";
     /**
      * Display a listing of the resource.
      *
@@ -23,6 +25,8 @@ class ApplicationApiController extends Controller
      */
     public function index(LocaleSettings $locale_settings)
     {
+        $this->checkPermission(self::READ_PERMISSION);
+
         return view('admin.api.index', [
             'locale_datatables' => $locale_settings->datatables
         ]);
@@ -35,6 +39,8 @@ class ApplicationApiController extends Controller
      */
     public function create()
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
         return view('admin.api.create');
     }
 
@@ -76,6 +82,7 @@ class ApplicationApiController extends Controller
      */
     public function edit(ApplicationApi $applicationApi)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
         return view('admin.api.edit', [
             'applicationApi' => $applicationApi,
         ]);
@@ -107,6 +114,8 @@ class ApplicationApiController extends Controller
      */
     public function destroy(ApplicationApi $applicationApi)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
         $applicationApi->delete();
 
         return redirect()->back()->with('success', __('api key has been removed!'));

app/Http/Controllers/Admin/LegalController.php

@@ -10,6 +10,8 @@ use Qirolab\Theme\Theme;
 
 class LegalController extends Controller
 {
+    const READ_PERMISSION = "admin.legal.read";
+    const WRITE_PERMISSION = "admin.legal.write";
     /**
      * Display
      *
@@ -17,6 +19,8 @@ class LegalController extends Controller
      */
     public function index()
     {
+        $this->checkPermission(self::READ_PERMISSION);
+
         $tos = File::get(Theme::path($path = 'views', "default") . '/information/tos-content.blade.php');
         $privacy = File::get(Theme::path($path = 'views', "default") . '/information/privacy-content.blade.php');
         $imprint = File::get(Theme::path($path = 'views', "default") . '/information/imprint-content.blade.php');
@@ -29,6 +33,8 @@ class LegalController extends Controller
     }
 
     public function update(Request $request){
+        $this->checkPermission(self::READ_PERMISSION);
+
         $tos = $request->tos;
         $privacy = $request->privacy;
         $imprint = $request->imprint;

app/Http/Controllers/Admin/OverViewController.php

@@ -19,6 +19,8 @@ use Carbon\Carbon;
 
 class OverViewController extends Controller
 {
+    const READ_PERMISSION = "admin.overview.read";
+    const SYNC_PERMISSION = "admin.overview.sync";
     public const TTL = 86400;
 
     private $pterodactyl;
@@ -27,9 +29,11 @@ class OverViewController extends Controller
     {
         $this->pterodactyl = new PterodactylClient($ptero_settings);
     }
-    
+
     public function index(GeneralSettings $general_settings)
     {
+        $this->checkPermission(self::READ_PERMISSION);
+
         //Get counters
         $counters = collect();
         //Set basic variables in the collection
@@ -225,6 +229,8 @@ class OverViewController extends Controller
      */
     public function syncPterodactyl()
     {
+        $this->checkPermission(self::SYNC_PERMISSION);
+
         Node::syncNodes();
         Egg::syncEggs();
 

app/Http/Controllers/Admin/PartnerController.php

@@ -11,8 +11,12 @@ use Illuminate\Http\Request;
 
 class PartnerController extends Controller
 {
+    const READ_PERMISSION = "admin.partners.read";
+    const WRITE_PERMISSION = "admin.partners.write";
     public function index(LocaleSettings $locale_settings)
     {
+        $this->checkPermission(self::READ_PERMISSION);
+
         return view('admin.partners.index', [
             'locale_datatables' => $locale_settings->datatables
         ]);
@@ -25,6 +29,8 @@ class PartnerController extends Controller
      */
     public function create()
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
         return view('admin.partners.create', [
             'partners' => PartnerDiscount::get(),
             'users' => User::orderBy('name')->get(),
@@ -62,6 +68,8 @@ class PartnerController extends Controller
      */
     public function edit(PartnerDiscount $partner)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
         return view('admin.partners.edit', [
             'partners' => PartnerDiscount::get(),
             'partner' => $partner,
@@ -98,6 +106,8 @@ class PartnerController extends Controller
      */
     public function destroy(PartnerDiscount $partner)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
         $partner->delete();
 
         return redirect()->back()->with('success', __('partner has been removed!'));

app/Http/Controllers/Admin/PaymentController.php

@@ -24,11 +24,15 @@ use App\Settings\LocaleSettings;
 class PaymentController extends Controller
 {
     const BUY_PERMISSION = 'user.shop.buy';
+    const VIEW_PERMISSION = "admin.payments.read";
     /**
      * @return Application|Factory|View
      */
     public function index(LocaleSettings $locale_settings)
     {
+        $this->checkPermission(self::VIEW_PERMISSION);
+
+
         return view('admin.payments.index')->with([
             'payments' => Payment::paginate(15),
             'locale_datatables' => $locale_settings->datatables

app/Http/Controllers/Admin/ProductController.php

@@ -19,6 +19,10 @@ use Illuminate\Http\Request;
 
 class ProductController extends Controller
 {
+    const READ_PERMISSION = "admin.products.read";
+    const WRITE_PERMISSION = "admin.products.write";
+    const EDIT_PERMISSION = "admin.products.edit";
+    const DELETE_PERMISSION = "admin.products.delete";
     /**
      * Display a listing of the resource.
      *
@@ -26,6 +30,8 @@ class ProductController extends Controller
      */
     public function index(LocaleSettings $locale_settings)
     {
+        $this->checkPermission(self::READ_PERMISSION);
+
         return view('admin.products.index', [
             'locale_datatables' => $locale_settings->datatables
         ]);
@@ -38,6 +44,7 @@ class ProductController extends Controller
      */
     public function create(GeneralSettings $general_settings)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
         return view('admin.products.create', [
             'locations' => Location::with('nodes')->get(),
             'nests' => Nest::with('eggs')->get(),
@@ -47,6 +54,8 @@ class ProductController extends Controller
 
     public function clone(Product $product)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
         return view('admin.products.create', [
             'product' => $product,
             'locations' => Location::with('nodes')->get(),
@@ -98,6 +107,8 @@ class ProductController extends Controller
      */
     public function show(Product $product, UserSettings $user_settings, GeneralSettings $general_settings)
     {
+        $this->checkPermission(self::READ_PERMISSION);
+
         return view('admin.products.show', [
             'product' => $product,
             'minimum_credits' => $user_settings->min_credits_to_make_server,
@@ -113,6 +124,8 @@ class ProductController extends Controller
      */
     public function edit(Product $product, GeneralSettings $general_settings)
     {
+        $this->checkPermission(self::EDIT_PERMISSION);
+
         return view('admin.products.edit', [
             'product' => $product,
             'locations' => Location::with('nodes')->get(),
@@ -167,6 +180,8 @@ class ProductController extends Controller
      */
     public function disable(Product $product)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
         $product->update(['disabled' => ! $product->disabled]);
 
         return redirect()->route('admin.products.index')->with('success', 'Product has been updated!');
@@ -180,6 +195,8 @@ class ProductController extends Controller
      */
     public function destroy(Product $product)
     {
+        $this->checkPermission(self::DELETE_PERMISSION);
+
         $servers = $product->servers()->count();
         if ($servers > 0) {
             return redirect()->back()->with('error', "Product cannot be removed while it's linked to {$servers} servers");

app/Http/Controllers/Admin/RoleController.php

@@ -16,6 +16,10 @@ use Spatie\Permission\Models\Role;
 class RoleController extends Controller
 {
 
+    const READ_PERMISSION = "admin.roles.read";
+    const CREATE_PERMISSION = "admin.roles.create";
+    const EDIT_PERMISSION = "admin.roles.edit";
+    const DELETE_PERMISSION = "admin.roles.delete";
     /**
      * Display a listing of the resource.
      *
@@ -26,6 +30,7 @@ class RoleController extends Controller
     public function index(Request $request)
     {
 
+        $this->checkPermission(self::READ_PERMISSION);
 
         //datatables
         if ($request->ajax()) {
@@ -43,6 +48,7 @@ class RoleController extends Controller
      */
     public function create()
     {
+        $this->checkPermission(self::CREATE_PERMISSION);
 
         $permissions = Permission::all();
 
@@ -56,6 +62,8 @@ class RoleController extends Controller
      */
     public function store(Request $request): RedirectResponse
     {
+        $this->checkPermission(self::CREATE_PERMISSION);
+
         $role = Role::create([
             'name' => $request->name,
             'color' => $request->color
@@ -86,6 +94,7 @@ class RoleController extends Controller
      */
     public function edit(Role $role)
     {
+        $this->checkPermission(self::EDIT_PERMISSION);
 
         $permissions = Permission::all();
 
@@ -100,6 +109,8 @@ class RoleController extends Controller
      */
     public function update(Request $request, Role $role)
     {
+        $this->checkPermission(self::EDIT_PERMISSION);
+
         if ($request->permissions) {
             if($role->id != 1){ //disable admin permissions change
                 $role->syncPermissions($request->permissions);
@@ -135,6 +146,7 @@ class RoleController extends Controller
      */
     public function destroy(Role $role)
     {
+        $this->checkPermission(self::DELETE_PERMISSION);
 
         if($role->id == 1 || $role->id == 3 || $role->id == 4){ //cannot delete the hard coded roles
             return back()->with("error","You cannot delete that role");

app/Http/Controllers/Admin/ServerController.php

@@ -20,6 +20,13 @@ use Illuminate\Support\Facades\Log;
 
 class ServerController extends Controller
 {
+
+    const READ_PERMISSION = "admin.servers.read";
+    const WRITE_PERMISSION = "admin.servers.write";
+    const SUSPEND_PERMISSION = "admin.servers.suspend";
+    const CHANGEOWNER_PERMISSION = "admin.servers.write.owner";
+    const CHANGE_IDENTIFIER_PERMISSION ="admin.servers.write.identifier";
+    const DELETE_PERMISSION = "admin.servers.delete";
     private $pterodactyl;
 
     public function __construct(PterodactylSettings $ptero_settings)
@@ -34,6 +41,8 @@ class ServerController extends Controller
      */
     public function index(LocaleSettings $locale_settings)
     {
+        $this->checkPermission(self::READ_PERMISSION);
+
         return view('admin.servers.index', [
             'locale_datatables' => $locale_settings->datatables
         ]);
@@ -47,6 +56,8 @@ class ServerController extends Controller
      */
     public function edit(Server $server)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
         // get all users from the database
         $users = User::all();
 
@@ -70,7 +81,7 @@ class ServerController extends Controller
         ]);
 
 
-        if ($request->get('user_id') != $server->user_id) {
+        if ($request->get('user_id') != $server->user_id && $this->can(self::CHANGEOWNER_PERMISSION)) {
             // find the user
             $user = User::findOrFail($request->get('user_id'));
 
@@ -89,7 +100,10 @@ class ServerController extends Controller
         }
 
         // update the identifier
-        $server->identifier = $request->get('identifier');
+        if($this->can(self::CHANGE_IDENTIFIER_PERMISSION)) {
+
+            $server->identifier = $request->get('identifier');
+        }
         $server->save();
 
         return redirect()->route('admin.servers.index')->with('success', 'Server updated!');
@@ -103,6 +117,7 @@ class ServerController extends Controller
      */
     public function destroy(Server $server)
     {
+        $this->checkPermission(self::DELETE_PERMISSION);
         try {
             $server->delete();
 
@@ -118,6 +133,8 @@ class ServerController extends Controller
      */
     public function toggleSuspended(Server $server)
     {
+        $this->checkPermission(self::SUSPEND_PERMISSION);
+
         try {
             $server->isSuspended() ? $server->unSuspend() : $server->suspend();
         } catch (Exception $exception) {

app/Http/Controllers/Admin/ShopProductController.php

@@ -2,6 +2,7 @@
 
 namespace App\Http\Controllers\Admin;
 
+use App\Http\Controllers\Controller;
 use App\Models\ShopProduct;
 use App\Settings\GeneralSettings;
 use App\Settings\LocaleSettings;
@@ -11,12 +12,15 @@ use Illuminate\Contracts\View\View;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
 use Illuminate\Http\Response;
-use Illuminate\Routing\Controller;
 use Illuminate\Validation\Rule;
 
 class ShopProductController extends Controller
 {
 
+    const READ_PERMISSION = 'admin.store.read';
+    const WRITE_PERMISSION = 'admin.store.write';
+    const DISABLE_PERMISSION = 'admin.store.disable';
+
     /**
      * Display a listing of the resource.
      *
@@ -24,6 +28,8 @@ class ShopProductController extends Controller
      */
     public function index(LocaleSettings $locale_settings, GeneralSettings $general_settings)
     {
+        $this->checkPermission(self::READ_PERMISSION);
+
         $isStoreEnabled = $general_settings->store_enabled;
 
 
@@ -40,6 +46,8 @@ class ShopProductController extends Controller
      */
     public function create(GeneralSettings $general_settings)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
         return view('admin.store.create', [
             'currencyCodes' => config('currency_codes'),
             'credits_display_name' => $general_settings->credits_display_name
@@ -78,6 +86,8 @@ class ShopProductController extends Controller
      */
     public function edit(ShopProduct $shopProduct, GeneralSettings $general_settings)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
         return view('admin.store.edit', [
             'currencyCodes' => config('currency_codes'),
             'shopProduct' => $shopProduct,
@@ -117,6 +127,8 @@ class ShopProductController extends Controller
      */
     public function disable(ShopProduct $shopProduct)
     {
+        $this->checkPermission(self::DISABLE_PERMISSION);
+
         $shopProduct->update(['disabled' => !$shopProduct->disabled]);
 
         return redirect()->route('admin.store.index')->with('success', __('Product has been updated!'));
@@ -130,6 +142,7 @@ class ShopProductController extends Controller
      */
     public function destroy(ShopProduct $shopProduct)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
         $shopProduct->delete();
 
         return redirect()->back()->with('success', __('Store item has been removed!'));

app/Http/Controllers/Moderation/TicketCategoryController.php → app/Http/Controllers/Admin/TicketCategoryController.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace App\Http\Controllers\Moderation;
+namespace App\Http\Controllers\Admin;
 
 use App\Http\Controllers\Controller;
 use App\Models\Ticket;
@@ -9,15 +9,20 @@ use Illuminate\Http\Request;
 
 class TicketCategoryController extends Controller
 {
+    const READ_PERMISSION = "admin.tickets.read";
+    const WRITE_PERMISSION = "admin.tickets.write";
     /**
+     *
      * Display a listing of the resource.
      *
      * @return \Illuminate\Http\Response
      */
     public function index()
     {
+        $this->checkPermission(self::READ_PERMISSION);
+
         $categories = TicketCategory::all();
-        return view('moderator.ticket.category')->with("categories",$categories);
+        return view('admin.ticket.category')->with("categories",$categories);
     }
 
     /**
@@ -28,6 +33,8 @@ class TicketCategoryController extends Controller
      */
     public function store(Request $request)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
         $request->validate([
             'name' => 'required|string|max:191',
         ]);
@@ -35,7 +42,7 @@ class TicketCategoryController extends Controller
         TicketCategory::create($request->all());
 
 
-        return redirect(route("moderator.ticket.category.index"))->with("success",__("Category created"));
+        return redirect(route("admin.ticket.category.index"))->with("success",__("Category created"));
     }
 
     /**
@@ -46,6 +53,8 @@ class TicketCategoryController extends Controller
      */
     public function update(Request $request)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
         $request->validate([
             'category' => 'required|int',
             'name' => 'required|string|max:191',
@@ -68,6 +77,8 @@ class TicketCategoryController extends Controller
      */
     public function destroy($id)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
         $category = TicketCategory::where("id",$id)->firstOrFail();
 
         if($category->id == 5 ){ //cannot delete "other" category
@@ -84,7 +95,7 @@ class TicketCategoryController extends Controller
         $category->delete();
 
         return redirect()
-            ->route('moderator.ticket.category.index')
+            ->route('admin.ticket.category.index')
             ->with('success', __('Category removed'));
     }
 
@@ -101,7 +112,7 @@ class TicketCategoryController extends Controller
             })
             ->addColumn('actions', function (TicketCategory $category) {
                 return '
-                           <form class="d-inline" onsubmit="return submitResult();" method="post" action="'.route('moderator.ticket.category.destroy', $category->id).'">
+                           <form class="d-inline" onsubmit="return submitResult();" method="post" action="'.route('admin.ticket.category.destroy', $category->id).'">
                             '.csrf_field().'
                             '.method_field('DELETE').'
                            <button data-content="'.__('Delete').'" data-toggle="popover" data-trigger="hover" data-placement="top" class="btn btn-sm btn-danger mr-1"><i class="fas fa-trash"></i></button>

app/Http/Controllers/Moderation/TicketsController.php → app/Http/Controllers/Admin/TicketsController.php

@@ -1,8 +1,9 @@
 <?php
 
-namespace App\Http\Controllers\Moderation;
+namespace App\Http\Controllers\Admin;
 
 use App\Http\Controllers\Controller;
+use App\Http\Controllers\Moderation\Exception;
 use App\Models\Server;
 use App\Models\Ticket;
 use App\Models\TicketBlacklist;
@@ -17,9 +18,16 @@ use Illuminate\Support\Facades\Auth;
 
 class TicketsController extends Controller
 {
+    const READ_PERMISSION = "admin.tickets.read";
+    const WRITE_PERMISSION = "admin.tickets.write";
+
+    const BLACKLIST_READ_PERMISSION ='admin.ticket_blacklist.read';
+    const BLACKLIST_WRITE_PERMISSION ='admin.ticket_blacklist.write';
     public function index(LocaleSettings $locale_settings)
     {
-        return view('moderator.ticket.index', [
+        $this->checkPermission(self::READ_PERMISSION);
+
+        return view('admin.ticket.index', [
             'tickets' => Ticket::orderBy('id', 'desc')->paginate(10),
             'ticketcategories' => TicketCategory::all(),
             'locale_datatables' => $locale_settings->datatables
@@ -28,6 +36,7 @@ class TicketsController extends Controller
 
     public function show($ticket_id, PterodactylSettings $ptero_settings)
     {
+        $this->checkPermission(self::READ_PERMISSION);
         try {
         $ticket = Ticket::where('ticket_id', $ticket_id)->firstOrFail();
         } catch (Exception $e)
@@ -39,11 +48,12 @@ class TicketsController extends Controller
         $server = Server::where('id', $ticket->server)->first();
         $pterodactyl_url = $ptero_settings->panel_url;
 
-        return view('moderator.ticket.show', compact('ticket', 'ticketcategory', 'ticketcomments', 'server', 'pterodactyl_url'));
+        return view('admin.ticket.show', compact('ticket', 'ticketcategory', 'ticketcomments', 'server', 'pterodactyl_url'));
     }
 
     public function changeStatus($ticket_id)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
         try {
         $ticket = Ticket::where('ticket_id', $ticket_id)->firstOrFail();
         } catch(Exception $e)
@@ -65,6 +75,7 @@ class TicketsController extends Controller
 
     public function delete($ticket_id)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
         try {
         $ticket = Ticket::where('ticket_id', $ticket_id)->firstOrFail();
         } catch (Exception $e)
@@ -80,6 +91,9 @@ class TicketsController extends Controller
 
     public function reply(Request $request)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
+
         $this->validate($request, ['ticketcomment' => 'required']);
         try {
             $ticket = Ticket::where('id', $request->input('ticket_id'))->firstOrFail();
@@ -114,7 +128,7 @@ class TicketsController extends Controller
                 return $tickets->ticketcategory->name;
             })
             ->editColumn('title', function (Ticket $tickets) {
-                return '<a class="text-info"  href="'.route('moderator.ticket.show', ['ticket_id' => $tickets->ticket_id]).'">'.'#'.$tickets->ticket_id.' - '.htmlspecialchars($tickets->title).'</a>';
+                return '<a class="text-info"  href="'.route('admin.ticket.show', ['ticket_id' => $tickets->ticket_id]).'">'.'#'.$tickets->ticket_id.' - '.htmlspecialchars($tickets->title).'</a>';
             })
             ->editColumn('user_id', function (Ticket $tickets) {
                 return '<a href="'.route('admin.users.show', $tickets->user->id).'">'.$tickets->user->name.'</a>';
@@ -125,13 +139,13 @@ class TicketsController extends Controller
                 $statusButtonText = ($tickets->status == "Closed") ? __('Reopen') : __('Close');
 
                 return '
-                            <a data-content="'.__('View').'" data-toggle="popover" data-trigger="hover" data-placement="top" href="'.route('moderator.ticket.show', ['ticket_id' => $tickets->ticket_id]).'" class="btn btn-sm text-white btn-info mr-1"><i class="fas fa-eye"></i></a>
-                            <form class="d-inline"  method="post" action="'.route('moderator.ticket.changeStatus', ['ticket_id' => $tickets->ticket_id]).'">
+                            <a data-content="'.__('View').'" data-toggle="popover" data-trigger="hover" data-placement="top" href="'.route('admin.ticket.show', ['ticket_id' => $tickets->ticket_id]).'" class="btn btn-sm text-white btn-info mr-1"><i class="fas fa-eye"></i></a>
+                            <form class="d-inline"  method="post" action="'.route('admin.ticket.changeStatus', ['ticket_id' => $tickets->ticket_id]).'">
                                 '.csrf_field().'
                                 '.method_field('POST').'
                             <button data-content="'.__($statusButtonText).'" data-toggle="popover" data-trigger="hover" data-placement="top" class="btn btn-sm text-white '.$statusButtonColor.'  mr-1"><i class="fas '.$statusButtonIcon.'"></i></button>
                             </form>
-                            <form class="d-inline"  method="post" action="'.route('moderator.ticket.delete', ['ticket_id' => $tickets->ticket_id]).'">
+                            <form class="d-inline"  method="post" action="'.route('admin.ticket.delete', ['ticket_id' => $tickets->ticket_id]).'">
                                 '.csrf_field().'
                                 '.method_field('POST').'
                             <button data-content="'.__('Delete').'" data-toggle="popover" data-trigger="hover" data-placement="top" class="btn btn-sm text-white btn-danger mr-1"><i class="fas fa-trash"></i></button>
@@ -170,13 +184,17 @@ class TicketsController extends Controller
 
     public function blacklist(LocaleSettings $locale_settings)
     {
-        return view('moderator.ticket.blacklist', [
+        $this->checkPermission(self::BLACKLIST_READ_PERMISSION);
+
+        return view('admin.ticket.blacklist', [
             'locale_datatables' => $locale_settings->datatables
         ]);
     }
 
     public function blacklistAdd(Request $request)
     {
+        $this->checkPermission(self::BLACKLIST_WRITE_PERMISSION);
+
         try {
         $user = User::where('id', $request->user_id)->firstOrFail();
         $check = TicketBlacklist::where('user_id', $user->id)->first();
@@ -202,6 +220,8 @@ class TicketsController extends Controller
 
     public function blacklistDelete($id)
     {
+        $this->checkPermission(self::BLACKLIST_WRITE_PERMISSION);
+
         $blacklist = TicketBlacklist::where('id', $id)->first();
         $blacklist->delete();
 
@@ -210,6 +230,8 @@ class TicketsController extends Controller
 
     public function blacklistChange($id)
     {
+        $this->checkPermission(self::BLACKLIST_WRITE_PERMISSION);
+
         try {
             $blacklist = TicketBlacklist::where('id', $id)->first();
         }
@@ -254,12 +276,12 @@ class TicketsController extends Controller
             })
             ->addColumn('actions', function (TicketBlacklist $blacklist) {
                 return '
-                            <form class="d-inline"  method="post" action="'.route('moderator.ticket.blacklist.change', ['id' => $blacklist->id]).'">
+                            <form class="d-inline"  method="post" action="'.route('admin.ticket.blacklist.change', ['id' => $blacklist->id]).'">
                                 '.csrf_field().'
                                 '.method_field('POST').'
                             <button data-content="'.__('Change Status').'" data-toggle="popover" data-trigger="hover" data-placement="top" class="btn btn-sm text-white btn-warning mr-1"><i class="fas fa-sync-alt"></i></button>
                             </form>
-                            <form class="d-inline"  method="post" action="'.route('moderator.ticket.blacklist.delete', ['id' => $blacklist->id]).'">
+                            <form class="d-inline"  method="post" action="'.route('admin.ticket.blacklist.delete', ['id' => $blacklist->id]).'">
                                 '.csrf_field().'
                                 '.method_field('POST').'
                             <button data-content="'.__('Delete').'" data-toggle="popover" data-trigger="hover" data-placement="top" class="btn btn-sm text-white btn-danger mr-1"><i class="fas fa-trash"></i></button>

app/Http/Controllers/Admin/UsefulLinkController.php

@@ -15,6 +15,8 @@ use Illuminate\Http\Response;
 
 class UsefulLinkController extends Controller
 {
+    const READ_PERMISSION = "admin.useful_links.read";
+    const WRITE_PERMISSION = "admin.useful_links.write";
     /**
      * Display a listing of the resource.
      *
@@ -22,6 +24,7 @@ class UsefulLinkController extends Controller
      */
     public function index(LocaleSettings $locale_settings)
     {
+        $this->checkPermission(self::READ_PERMISSION);
         return view('admin.usefullinks.index', [
             'locale_datatables' => $locale_settings->datatables
         ]);
@@ -34,6 +37,7 @@ class UsefulLinkController extends Controller
      */
     public function create()
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
         $positions = UsefulLinkLocation::cases();
         return view('admin.usefullinks.create')->with('positions', $positions);
     }
@@ -84,6 +88,8 @@ class UsefulLinkController extends Controller
      */
     public function edit(UsefulLink $usefullink)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
         $positions = UsefulLinkLocation::cases();
         return view('admin.usefullinks.edit', [
             'link' => $usefullink,
@@ -126,6 +132,7 @@ class UsefulLinkController extends Controller
      */
     public function destroy(UsefulLink $usefullink)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
         $usefullink->delete();
 
         return redirect()->back()->with('success', __('product has been removed!'));

app/Http/Controllers/Admin/UserController.php

@@ -30,6 +30,20 @@ use Spatie\Permission\Models\Role;
 
 class UserController extends Controller
 {
+    const READ_PERMISSION = "admin.users.read";
+    const WRITE_PERMISSION = "admin.users.write";
+    const SUSPEND_PERMISSION = "admin.users.suspend";
+    const CHANGE_EMAIL_PERMISSION = "admin.users.write.email";
+    const CHANGE_CREDITS_PERMISSION = "admin.users.write.credits";
+    const CHANGE_USERNAME_PERMISSION = "admin.users.write.username";
+    const CHANGE_PASSWORD_PERMISSION = "admin.users.write.password";
+    const CHANGE_ROLE_PERMISSION ="admin.users.write.role";
+    const CHANGE_REFERAL_PERMISSION ="admin.users.write.referal";
+    const CHANGE_PTERO_PERMISSION = "admin.users.write.pterodactyl";
+    const DELETE_PERMISSION = "admin.users.delete";
+    const NOTIFY_PERMISSION = "admin.users.notify";
+    const LOGIN_PERMISSION = "admin.users.login_as";
+
     private $pterodactyl;
 
     public function __construct(PterodactylSettings $ptero_settings)
@@ -45,6 +59,8 @@ class UserController extends Controller
      */
     public function index(LocaleSettings $locale_settings, GeneralSettings $general_settings)
     {
+        $this->checkPermission(self::READ_PERMISSION);
+
         return view('admin.users.index', [
             'locale_datatables' => $locale_settings->datatables,
             'credits_display_name' => $general_settings->credits_display_name
@@ -59,6 +75,8 @@ class UserController extends Controller
      */
     public function show(User $user, LocaleSettings $locale_settings, GeneralSettings $general_settings)
     {
+        $this->checkPermission(self::READ_PERMISSION);
+
         //QUERY ALL REFERRALS A USER HAS
         //i am not proud of this at all.
         $allReferals = [];
@@ -109,6 +127,8 @@ class UserController extends Controller
      */
     public function edit(User $user, GeneralSettings $general_settings)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
+
         $roles = Role::all();
         return view('admin.users.edit')->with([
             'user' => $user,
@@ -134,12 +154,11 @@ class UserController extends Controller
             'email' => 'required|string|email',
             'credits' => 'required|numeric|min:0|max:99999999',
             'server_limit' => 'required|numeric|min:0|max:1000000',
-            'role' => Rule::in(['admin', 'moderator', 'client', 'member']),
             'referral_code' => "required|string|min:2|max:32|unique:users,referral_code,{$user->id}",
         ]);
 
         //update roles
-        if ($request->roles) {
+        if ($request->roles && $this->can(self::CHANGE_ROLE_PERMISSION)) {
             $user->syncRoles($request->roles);
         }
 
@@ -149,7 +168,7 @@ class UserController extends Controller
             ]);
         }
 
-        if (!is_null($request->input('new_password'))) {
+        if (!is_null($request->input('new_password')) && $this->can(self::CHANGE_PASSWORD_PERMISSION)) {
             $request->validate([
                 'new_password' => 'required|string|min:8',
                 'new_password_confirmation' => 'required|same:new_password',
@@ -160,7 +179,24 @@ class UserController extends Controller
             ]);
         }
 
-        $user->update($request->all());
+        if($this->can(self::CHANGE_USERNAME_PERMISSION)){
+           $user->name = $request->name;
+        }
+        if($this->can(self::CHANGE_CREDITS_PERMISSION)){
+            $user->credits = $request->credits;
+        }
+        if($this->can(self::CHANGE_PTERO_PERMISSION)){
+            $user->pterodactyl_id = $request->pterodactyl_id;
+        }
+        if($this->can(self::CHANGE_REFERAL_PERMISSION)){
+            $user->referral_code = $request->referral_code;
+        }
+        if($this->can(self::CHANGE_EMAIL_PERMISSION)){
+            $user->email = $request->email;
+        }
+
+        $user->save();
+
         event(new UserUpdateCreditsEvent($user));
 
         return redirect()->route('admin.users.index')->with('success', 'User updated!');
@@ -174,7 +210,9 @@ class UserController extends Controller
      */
     public function destroy(User $user)
     {
-        if ($user->hasRole("Admin") && User::query()->where('role', 'admin')->count() === 1) {
+        $this->checkPermission(self::DELETE_PERMISSION);
+
+        if ($user->hasRole(1) && User::role(1)->count() === 1) {
             return redirect()->back()->with('error', __('You can not delete the last admin!'));
         }
 
@@ -203,6 +241,8 @@ class UserController extends Controller
      */
     public function loginAs(Request $request, User $user)
     {
+        $this->checkPermission(self::LOGIN_PERMISSION);
+
         $request->session()->put('previousUser', Auth::user()->id);
         Auth::login($user);
 
@@ -215,6 +255,8 @@ class UserController extends Controller
      */
     public function logBackIn(Request $request)
     {
+        $this->checkPermission(self::LOGIN_PERMISSION);
+
         Auth::loginUsingId($request->session()->get('previousUser'), true);
         $request->session()->remove('previousUser');
 
@@ -229,6 +271,8 @@ class UserController extends Controller
      */
     public function notifications()
     {
+        $this->checkPermission(self::NOTIFY_PERMISSION);
+
         return view('admin.users.notifications');
     }
 
@@ -243,6 +287,8 @@ class UserController extends Controller
      */
     public function notify(Request $request)
     {
+        $this->checkPermission(self::NOTIFY_PERMISSION);
+
         $data = $request->validate([
             'via' => 'required|min:1|array',
             'via.*' => 'required|string|in:mail,database',
@@ -283,6 +329,8 @@ class UserController extends Controller
      */
     public function toggleSuspended(User $user)
     {
+        $this->checkPermission(self::SUSPEND_PERMISSION);
+
         try {
             !$user->isSuspended() ? $user->suspend() : $user->unSuspend();
         } catch (Exception $exception) {

app/Http/Controllers/Admin/VoucherController.php

@@ -19,6 +19,8 @@ use Illuminate\Validation\ValidationException;
 
 class VoucherController extends Controller
 {
+    const READ_PERMISSION = "admin.voucher.read";
+    const WRITE_PERMISSION = "admin.voucher.write";
     /**
      * Display a listing of the resource.
      *
@@ -26,6 +28,8 @@ class VoucherController extends Controller
      */
     public function index(LocaleSettings $locale_settings, GeneralSettings $general_settings)
     {
+        $this->checkPermission(self::READ_PERMISSION);
+
         return view('admin.vouchers.index', [
             'locale_datatables' => $locale_settings->datatables,
             'credits_display_name' => $general_settings->credits_display_name
@@ -39,6 +43,7 @@ class VoucherController extends Controller
      */
     public function create(GeneralSettings $general_settings)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
         return view('admin.vouchers.create', [
             'credits_display_name' => $general_settings->credits_display_name
         ]);
@@ -84,6 +89,7 @@ class VoucherController extends Controller
      */
     public function edit(Voucher $voucher, GeneralSettings $general_settings)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
         return view('admin.vouchers.edit', [
             'voucher' => $voucher,
             'credits_display_name' => $general_settings->credits_display_name
@@ -120,6 +126,7 @@ class VoucherController extends Controller
      */
     public function destroy(Voucher $voucher)
     {
+        $this->checkPermission(self::WRITE_PERMISSION);
         $voucher->delete();
 
         return redirect()->back()->with('success', __('voucher has been removed!'));
@@ -127,6 +134,8 @@ class VoucherController extends Controller
 
     public function users(Voucher $voucher, LocaleSettings $locale_settings, GeneralSettings $general_settings)
     {
+        $this->checkPermission(self::READ_PERMISSION);
+
         return view('admin.vouchers.users', [
             'voucher' => $voucher,
             'locale_datatables' => $locale_settings->datatables,

config/permissions_web.php

@@ -6,13 +6,15 @@ return [
     /*
         * Permissions for admin
         */
-    'admin.sidebar.read',
 
     'admin.roles.read',
-    'admin.roles.write',
+    'admin.roles.create',
+    'admin.roles.edit',
+    'admin.roles.delete',
 
 
     'admin.ticket.read',
+    'admin.tickets.write',
 
     'admin.ticket_blacklist.read',
     'admin.ticket_blacklist.write',
@@ -32,13 +34,17 @@ return [
     'admin.users.write.role',
     'admin.users.write.referal',
     'admin.users.write.pterodactyl',
+    'admin.users.write.email',
+    'admin.users.notify',
+    'admin.users.login_as',
+    'admin.users.delete',
 
     'admin.servers.read',
     'admin.servers.write',
     'admin.servers.suspend',
-    'admin.server.write.owner',
-    'admin.server.write.identifier',
-    'admin.server.delete',
+    'admin.servers.write.owner',
+    'admin.servers.write.identifier',
+    'admin.servers.delete',
 
     'admin.products.read',
     'admin.products.create',
@@ -58,6 +64,11 @@ return [
     'admin.legal.read',
     'admin.legal.write',
 
+    'admin.payments.read',
+
+    'admin.partners.read',
+    'admin.partners.write',
+
     'admin.logs.read',
 
     /*

routes/web.php

@@ -17,13 +17,13 @@ use App\Http\Controllers\Admin\RoleController;
 use App\Http\Controllers\Admin\ServerController as AdminServerController;
 use App\Http\Controllers\Admin\SettingsController;
 use App\Http\Controllers\Admin\ShopProductController;
+use App\Http\Controllers\Admin\TicketCategoryController;
+use App\Http\Controllers\Admin\TicketsController as AdminTicketsController;
 use App\Http\Controllers\Admin\UsefulLinkController;
 use App\Http\Controllers\Admin\UserController;
 use App\Http\Controllers\Admin\VoucherController;
 use App\Http\Controllers\Auth\SocialiteController;
 use App\Http\Controllers\HomeController;
-use App\Http\Controllers\Moderation\TicketCategoryController;
-use App\Http\Controllers\Moderation\TicketsController as ModTicketsController;
 use App\Http\Controllers\NotificationController;
 use App\Http\Controllers\ProductController as FrontProductController;
 use App\Http\Controllers\ProfileController;
@@ -117,7 +117,7 @@ Route::middleware(['auth', 'checkSuspended'])->group(function () {
 
 
     //admin
-    Route::prefix('admin')->name('admin.')->middleware('admin')->group(function () {
+    Route::prefix('admin')->name('admin.')->group(function () {
         //Roles
         Route::get('roles/datatable', [RoleController::class, 'datatable'])->name('roles.datatable');
         Route::resource('roles', RoleController::class);
@@ -199,29 +199,28 @@ Route::middleware(['auth', 'checkSuspended'])->group(function () {
         Route::resource('api', ApplicationApiController::class)->parameters([
             'api' => 'applicationApi',
         ]);
-    });
 
-    //mod
-    Route::prefix('moderator')->name('moderator.')->middleware('moderator')->group(function () {
         //ticket moderation
-        Route::get('ticket', [ModTicketsController::class, 'index'])->name('ticket.index');
-        Route::get('ticket/datatable', [ModTicketsController::class, 'datatable'])->name('ticket.datatable');
-        Route::get('ticket/show/{ticket_id}', [ModTicketsController::class, 'show'])->name('ticket.show');
-        Route::post('ticket/reply', [ModTicketsController::class, 'reply'])->name('ticket.reply');
-        Route::post('ticket/status/{ticket_id}', [ModTicketsController::class, 'changeStatus'])->name('ticket.changeStatus');
-        Route::post('ticket/delete/{ticket_id}', [ModTicketsController::class, 'delete'])->name('ticket.delete');
+        Route::get('ticket', [AdminTicketsController::class, 'index'])->name('ticket.index');
+        Route::get('ticket/datatable', [AdminTicketsController::class, 'datatable'])->name('ticket.datatable');
+        Route::get('ticket/show/{ticket_id}', [AdminTicketsController::class, 'show'])->name('ticket.show');
+        Route::post('ticket/reply', [AdminTicketsController::class, 'reply'])->name('ticket.reply');
+        Route::post('ticket/status/{ticket_id}', [AdminTicketsController::class, 'changeStatus'])->name('ticket.changeStatus');
+        Route::post('ticket/delete/{ticket_id}', [AdminTicketsController::class, 'delete'])->name('ticket.delete');
         //ticket moderation blacklist
-        Route::get('ticket/blacklist', [ModTicketsController::class, 'blacklist'])->name('ticket.blacklist');
-        Route::post('ticket/blacklist', [ModTicketsController::class, 'blacklistAdd'])->name('ticket.blacklist.add');
-        Route::post('ticket/blacklist/delete/{id}', [ModTicketsController::class, 'blacklistDelete'])->name('ticket.blacklist.delete');
-        Route::post('ticket/blacklist/change/{id}', [ModTicketsController::class, 'blacklistChange'])->name('ticket.blacklist.change');
-        Route::get('ticket/blacklist/datatable', [ModTicketsController::class, 'dataTableBlacklist'])->name('ticket.blacklist.datatable');
+        Route::get('ticket/blacklist', [AdminTicketsController::class, 'blacklist'])->name('ticket.blacklist');
+        Route::post('ticket/blacklist', [AdminTicketsController::class, 'blacklistAdd'])->name('ticket.blacklist.add');
+        Route::post('ticket/blacklist/delete/{id}', [AdminTicketsController::class, 'blacklistDelete'])->name('ticket.blacklist.delete');
+        Route::post('ticket/blacklist/change/{id}', [AdminTicketsController::class, 'blacklistChange'])->name('ticket.blacklist.change');
+        Route::get('ticket/blacklist/datatable', [AdminTicketsController::class, 'dataTableBlacklist'])->name('ticket.blacklist.datatable');
 
 
         Route::get('ticket/category/datatable', [TicketCategoryController::class, 'datatable'])->name('ticket.category.datatable');
         Route::resource("ticket/category", TicketCategoryController::class, ['as' => 'ticket']);
     });
 
+
+
     Route::get('/home', [HomeController::class, 'index'])->name('home');
 });
 

themes/BlueInfinity/views/layouts/main.blade.php

@@ -257,15 +257,15 @@
                         <li class="nav-header">{{ __('Moderation') }}</li>
 
                         <li class="nav-item">
-                            <a href="{{ route('moderator.ticket.index') }}"
-                               class="nav-link @if (Request::routeIs('moderator.ticket.index')) active @endif">
+                            <a href="{{ route('admin.ticket.index') }}"
+                               class="nav-link @if (Request::routeIs('admin.ticket.index')) active @endif">
                                 <i class="nav-icon fas fa-ticket-alt"></i>
                                 <p>{{ __('Ticket List') }}</p>
                             </a>
                         </li>
                         <li class="nav-item">
-                            <a href="{{ route('moderator.ticket.blacklist') }}"
-                               class="nav-link @if (Request::routeIs('moderator.ticket.blacklist')) active @endif">
+                            <a href="{{ route('admin.ticket.blacklist') }}"
+                               class="nav-link @if (Request::routeIs('admin.ticket.blacklist')) active @endif">
                                 <i class="nav-icon fas fa-user-times"></i>
                                 <p>{{ __('Ticket Blacklist') }}</p>
                             </a>

themes/default/views/admin/overview/index.blade.php

@@ -183,7 +183,7 @@
 
                                         @foreach($tickets as $ticket_id => $ticket)
                                             <tr>
-                                                <td><a class="text-info"  href="{{route('moderator.ticket.show', ['ticket_id' => $ticket_id])}}">#{{$ticket_id}} - {{$ticket->title}}</td>
+                                                <td><a class="text-info"  href="{{route('admin.ticket.show', ['ticket_id' => $ticket_id])}}">#{{$ticket_id}} - {{$ticket->title}}</td>
                                                 <td><a href="{{route('admin.users.show', $ticket->user_id)}}">{{$ticket->user}}</a></td>
                                                 <td><span class="badge {{$ticket->statusBadgeColor}}">{{$ticket->status}}</span></td>
                                                 <td>{{$ticket->last_updated}}</td>

themes/default/views/layouts/main.blade.php

@@ -257,28 +257,11 @@
                                 @endcanany
                         @endif
 
-                        @if ((Auth::user()->hasRole(1) || Auth::user()->role == 'moderator') && $ticket_enabled)
-                            <li class="nav-header">{{ __('Moderation') }}</li>
 
-                            <li class="nav-item">
-                                <a href="{{ route('moderator.ticket.index') }}"
-                                    class="nav-link @if (Request::routeIs('moderator.ticket.index')) active @endif">
-                                    <i class="nav-icon fas fa-ticket-alt"></i>
-                                    <p>{{ __('Ticket List') }}</p>
-                                </a>
-                            </li>
-                            <li class="nav-item">
-                                <a href="{{ route('moderator.ticket.blacklist') }}"
-                                    class="nav-link @if (Request::routeIs('moderator.ticket.blacklist')) active @endif">
-                                    <i class="nav-icon fas fa-user-times"></i>
-                                    <p>{{ __('Ticket Blacklist') }}</p>
-                                </a>
-                            </li>
-                        @endif
 
-                        @if (Auth::user()->hasRole(1))
                             <li class="nav-header">{{ __('Administration') }}</li>
 
+                        @canany(['admin.overview.read','admin.overview.sync'])
                             <li class="nav-item">
                                 <a href="{{ route('admin.overview.index') }}"
                                     class="nav-link @if (Request::routeIs('admin.overview.*')) active @endif">
@@ -286,7 +269,29 @@
                                     <p>{{ __('Overview') }}</p>
                                 </a>
                             </li>
+                        @endcanany
+
+                        @canany(['admin.ticket.read','admin.tickets.write'])
+                            <li class="nav-item">
+                                <a href="{{ route('admin.ticket.index') }}"
+                                   class="nav-link @if (Request::routeIs('admin.ticket.index')) active @endif">
+                                    <i class="nav-icon fas fa-ticket-alt"></i>
+                                    <p>{{ __('Ticket List') }}</p>
+                                </a>
+                            </li>
+                        @endcanany
+
+                        @canany(['admin.ticket_blacklist.read','admin.ticket_blacklist.write'])
+                            <li class="nav-item">
+                                <a href="{{ route('admin.ticket.blacklist') }}"
+                                   class="nav-link @if (Request::routeIs('admin.ticket.blacklist')) active @endif">
+                                    <i class="nav-icon fas fa-user-times"></i>
+                                    <p>{{ __('Ticket Blacklist') }}</p>
+                                </a>
+                            </li>
+                        @endcanany
 
+                        @canany(['admin.roles.read','admin.roles.write'])
                             <li class="nav-item">
                                 <a href="{{ route('admin.roles.index') }}"
                                    class="nav-link @if (Request::routeIs('admin.roles.*')) active @endif">
@@ -294,6 +299,7 @@
                                     <p>{{ __('Role Management') }}</p>
                                 </a>
                             </li>
+                            @endcanany
 
                             <li class="nav-item">
                                 <a href="{{ route('admin.settings.index') }}"
@@ -303,6 +309,7 @@
                                 </a>
                             </li>
 
+                        @canany(['admin.api.read','admin.api.write'])
                             <li class="nav-item">
                                 <a href="{{ route('admin.api.index') }}"
                                     class="nav-link @if (Request::routeIs('admin.api.*')) active @endif">
@@ -310,9 +317,18 @@
                                     <p>{{ __('Application API') }}</p>
                                 </a>
                             </li>
-
+                        @endcanany
                             <li class="nav-header">{{ __('Management') }}</li>
 
+                        @canany(['admin.users.read',
+                                'admin.users.write',
+                                'admin.users.suspend',
+                                'admin.users.write.credits',
+                                'admin.users.write.username',
+                                'admin.users.write.password',
+                                'admin.users.write.role',
+                                'admin.users.write.referal',
+                                'admin.users.write.pterodactyl'])
                             <li class="nav-item">
                                 <a href="{{ route('admin.users.index') }}"
                                     class="nav-link @if (Request::routeIs('admin.users.*')) active @endif">
@@ -320,7 +336,13 @@
                                     <p>{{ __('Users') }}</p>
                                 </a>
                             </li>
-
+                        @endcanany
+                        @canany(['admin.servers.read',
+                                'admin.servers.write',
+                                'admin.servers.suspend',
+                                'admin.servers.write.owner',
+                                'admin.servers.write.identifier',
+                                'admin.servers.delete'])
                             <li class="nav-item">
                                 <a href="{{ route('admin.servers.index') }}"
                                     class="nav-link @if (Request::routeIs('admin.servers.*')) active @endif">
@@ -328,7 +350,11 @@
                                     <p>{{ __('Servers') }}</p>
                                 </a>
                             </li>
-
+                        @endcanany
+                        @canany(['admin.products.read',
+                                'admin.products.create',
+                                'admin.products.edit',
+                                'admin.products.delete',])
                             <li class="nav-item">
                                 <a href="{{ route('admin.products.index') }}"
                                     class="nav-link @if (Request::routeIs('admin.products.*')) active @endif">
@@ -336,7 +362,8 @@
                                     <p>{{ __('Products') }}</p>
                                 </a>
                             </li>
-
+                        @endcanany
+                        @canany(['admin.store.read','admin.store.write','admin.store.disable'])
                             <li class="nav-item">
                                 <a href="{{ route('admin.store.index') }}"
                                     class="nav-link @if (Request::routeIs('admin.store.*')) active @endif">
@@ -344,7 +371,8 @@
                                     <p>{{ __('Store') }}</p>
                                 </a>
                             </li>
-
+                        @endcanany
+                        @canany(["admin.voucher.read","admin.voucher.read"])
                             <li class="nav-item">
                                 <a href="{{ route('admin.vouchers.index') }}"
                                     class="nav-link @if (Request::routeIs('admin.vouchers.*')) active @endif">
@@ -352,7 +380,8 @@
                                     <p>{{ __('Vouchers') }}</p>
                                 </a>
                             </li>
-
+                        @endcanany
+                        @canany(["admin.partners.read","admin.partners.read"])
                             <li class="nav-item">
                                 <a href="{{ route('admin.partners.index') }}"
                                     class="nav-link @if (Request::routeIs('admin.partners.*')) active @endif">
@@ -360,28 +389,13 @@
                                     <p>{{ __('Partners') }}</p>
                                 </a>
                             </li>
+                        @endcanany
 
-                            {{-- <li class="nav-header">Pterodactyl</li> --}}
-
-                            {{-- <li class="nav-item"> --}}
-                            {{-- <a href="{{route('admin.nodes.index')}}" --}}
-                            {{-- class="nav-link @if (Request::routeIs('admin.nodes.*')) active @endif"> --}}
-                            {{-- <i class="nav-icon fas fa-sitemap"></i> --}}
-                            {{-- <p>Nodes</p> --}}
-                            {{-- </a> --}}
-                            {{-- </li> --}}
-
-                            {{-- <li class="nav-item"> --}}
-                            {{-- <a href="{{route('admin.nests.index')}}" --}}
-                            {{-- class="nav-link @if (Request::routeIs('admin.nests.*')) active @endif"> --}}
-                            {{-- <i class="nav-icon fas fa-th-large"></i> --}}
-                            {{-- <p>Nests</p> --}}
-                            {{-- </a> --}}
-                            {{-- </li> --}}
-
-
-                            <li class="nav-header">{{ __('Other') }}</li>
+                            @canany(["admin.useful_links.read","admin.legal.read"])
+                                <li class="nav-header">{{ __('Other') }}</li>
+                            @endcanany
 
+                        @canany(["admin.useful_links.read","admin.useful_links.write"])
                             <li class="nav-item">
                                 <a href="{{ route('admin.usefullinks.index') }}"
                                     class="nav-link @if (Request::routeIs('admin.usefullinks.*')) active @endif">
@@ -389,7 +403,9 @@
                                     <p>{{ __('Useful Links') }}</p>
                                 </a>
                             </li>
+                            @endcanany
 
+                        @canany(["admin.legal.read","admin.legal.write"])
                             <li class="nav-item">
                                 <a href="{{ route('admin.legal.index') }}"
                                     class="nav-link @if (Request::routeIs('admin.legal.*')) active @endif">
@@ -397,9 +413,14 @@
                                     <p>{{ __('Legal Sites') }}</p>
                                 </a>
                             </li>
+                            @endcanany
+
 
-                            <li class="nav-header">{{ __('Logs') }}</li>
+                            @canany(["admin.payments.read","admin.logs.read"])
+                                <li class="nav-header">{{ __('Logs') }}</li>
+                            @endcanany
 
+                        @can("admin.payments.read")
                             <li class="nav-item">
                                 <a href="{{ route('admin.payments.index') }}"
                                     class="nav-link @if (Request::routeIs('admin.payments.*')) active @endif">
@@ -410,7 +431,9 @@
                                     </p>
                                 </a>
                             </li>
+                        @endcan
 
+                        @can("admin.logs.read")
                             <li class="nav-item">
                                 <a href="{{ route('admin.activitylogs.index') }}"
                                     class="nav-link @if (Request::routeIs('admin.activitylogs.*')) active @endif">
@@ -418,7 +441,8 @@
                                     <p>{{ __('Activity Logs') }}</p>
                                 </a>
                             </li>
-                        @endif
+                        @endcan
+
 
                     </ul>
                 </nav>

themes/default/views/mail/ticket/admin/create.blade.php

@@ -17,7 +17,7 @@ ___
 You can respond to this ticket by simply replying to this email or through the admin area at the url below.
 <br>
 
-{{ route('moderator.ticket.show', ['ticket_id' => $ticket->ticket_id]) }}
+{{ route('admin.ticket.show', ['ticket_id' => $ticket->ticket_id]) }}
 
 <br>
 {{__('Thanks')}},<br>

themes/default/views/mail/ticket/admin/reply.blade.php

@@ -17,7 +17,7 @@ ___
 You can respond to this ticket by simply replying to this email or through the admin area at the url below.
 <br>
 
-{{ route('moderator.ticket.show', ['ticket_id' => $ticket->ticket_id]) }}
+{{ route('admin.ticket.show', ['ticket_id' => $ticket->ticket_id]) }}
 
 <br>
 {{__('Thanks')}},<br>

themes/default/views/moderator/ticket/blacklist.blade.php

@@ -12,7 +12,7 @@
                     <ol class="breadcrumb float-sm-right">
                         <li class="breadcrumb-item"><a href="{{ route('home') }}">{{ __('Dashboard') }}</a></li>
                         <li class="breadcrumb-item"><a class="text-muted"
-                                                       href="{{ route('moderator.ticket.blacklist') }}">{{ __('Ticket Blacklist') }}</a>
+                                                       href="{{ route('admin.ticket.blacklist') }}">{{ __('Ticket Blacklist') }}</a>
                         </li>
                     </ol>
                 </div>
@@ -60,7 +60,7 @@
                                 class="fas fa-info-circle"></i></h5>
                         </div>
                         <div class="card-body">
-                            <form action="{{route('moderator.ticket.blacklist.add')}}" method="POST" class="ticket-form">
+                            <form action="{{route('admin.ticket.blacklist.add')}}" method="POST" class="ticket-form">
                             @csrf
                                 <div class="custom-control mb-3 p-0">
                                     <label for="user_id">{{ __('User') }}:
@@ -95,7 +95,7 @@
                 processing: true,
                 serverSide: true,
                 stateSave: true,
-                ajax: "{{route('moderator.ticket.blacklist.datatable')}}",
+                ajax: "{{route('admin.ticket.blacklist.datatable')}}",
                 columns: [
                     {data: 'user' , name : 'user.name'},
                     {data: 'status'},

themes/default/views/moderator/ticket/category.blade.php

@@ -12,7 +12,7 @@
                     <ol class="breadcrumb float-sm-right">
                         <li class="breadcrumb-item"><a href="{{ route('home') }}">{{ __('Dashboard') }}</a></li>
                         <li class="breadcrumb-item"><a class="text-muted"
-                                                       href="{{ route("moderator.ticket.category.index") }}">{{ __('Ticket Categories') }}</a>
+                                                       href="{{ route("admin.ticket.category.index") }}">{{ __('Ticket Categories') }}</a>
                         </li>
                     </ol>
                 </div>
@@ -56,7 +56,7 @@
                             <h5 class="card-title">{{__('Add Category')}}
                         </div>
                         <div class="card-body">
-                            <form action="{{route("moderator.ticket.category.store")}}" method="POST" class="ticket-form">
+                            <form action="{{route("admin.ticket.category.store")}}" method="POST" class="ticket-form">
                             @csrf
                                 <div class="form-group ">
                                     <label for="name" class="control-label">{{__("Name")}}</label>
@@ -73,7 +73,7 @@
                             <h5 class="card-title">{{__('Edit Category')}}
                         </div>
                         <div class="card-body">
-                            <form action="{{route("moderator.ticket.category.update","1")}}" method="POST" class="ticket-form">
+                            <form action="{{route("admin.ticket.category.update","1")}}" method="POST" class="ticket-form">
                                 @csrf
                                 @method('PATCH')
                                 <select id="category" style="width:100%" class="custom-select" name="category"
@@ -109,7 +109,7 @@
                 processing: true,
                 serverSide: true,
                 stateSave: true,
-                ajax: "{{route('moderator.ticket.category.datatable')}}",
+                ajax: "{{route('admin.ticket.category.datatable')}}",
                 columns: [
                     {data: 'id'},
                     {data: 'name'},

themes/default/views/moderator/ticket/index.blade.php

@@ -12,7 +12,7 @@
                     <ol class="breadcrumb float-sm-right">
                         <li class="breadcrumb-item"><a href="{{route('home')}}">{{__('Dashboard')}}</a></li>
                         <li class="breadcrumb-item"><a class="text-muted"
-                                                       href="{{route('moderator.ticket.index')}}">{{__('Ticket List')}}</a></li>
+                                                       href="{{route('admin.ticket.index')}}">{{__('Ticket List')}}</a></li>
                     </ol>
                 </div>
             </div>
@@ -30,7 +30,7 @@
                     <div class="d-flex justify-content-between">
                         <h5 class="card-title"><i class="fas fa-ticket-alt mr-2"></i>{{__('Ticket List')}}</h5>
                     </div>
-                    <a href="{{route("moderator.ticket.category.index")}}"><button class="btn btn-primary float-right">+ {{__("Add Category")}}</button></a>
+                    <a href="{{route("admin.ticket.category.index")}}"><button class="btn btn-primary float-right">+ {{__("Add Category")}}</button></a>
                 </div>
 
 
@@ -72,7 +72,7 @@
                 processing: true,
                 serverSide: true,
                 stateSave: true,
-                ajax: "{{route('moderator.ticket.datatable')}}",
+                ajax: "{{route('admin.ticket.datatable')}}",
                 order: [[ 4, "desc" ]],
                 columns: [
                     {data: 'category'},

themes/default/views/moderator/ticket/show.blade.php

@@ -12,7 +12,7 @@
                     <ol class="breadcrumb float-sm-right">
                         <li class="breadcrumb-item"><a href="{{ route('home') }}">{{ __('Dashboard') }}</a></li>
                         <li class="breadcrumb-item"><a class="text-muted"
-                                                       href="{{ route('moderator.ticket.index') }}">{{ __('Ticket') }}</a>
+                                                       href="{{ route('admin.ticket.index') }}">{{ __('Ticket') }}</a>
                         </li>
                     </ol>
                 </div>
@@ -74,7 +74,7 @@
                                     <p><b>{{__("Created on")}}:</b> {{ $ticket->created_at->diffForHumans() }}</p>
                                     @if($ticket->status=='Closed')
                                         <form class="d-inline" method="post"
-                                              action="{{route('moderator.ticket.changeStatus', ['ticket_id' => $ticket->ticket_id ])}}">
+                                              action="{{route('admin.ticket.changeStatus', ['ticket_id' => $ticket->ticket_id ])}}">
                                             {{csrf_field()}}
                                             {{method_field("POST") }}
                                             <button data-content="{{__("Reopen")}}" data-toggle="popover"
@@ -84,7 +84,7 @@
                                         </form>
                                     @else
                                         <form class="d-inline" method="post"
-                                              action="{{route('moderator.ticket.changeStatus', ['ticket_id' => $ticket->ticket_id ])}}">
+                                              action="{{route('admin.ticket.changeStatus', ['ticket_id' => $ticket->ticket_id ])}}">
                                             {{csrf_field()}}
                                             {{method_field("POST") }}
                                             <button data-content="{{__("Close")}}" data-toggle="popover"
@@ -140,7 +140,7 @@
                             </div>
                             @endforeach
                             <div class="comment-form">
-                                <form action="{{ route('moderator.ticket.reply')}}" method="POST" class="form">
+                                <form action="{{ route('admin.ticket.reply')}}" method="POST" class="form">
                                     {!! csrf_field() !!}
                                     <input type="hidden" name="ticket_id" value="{{ $ticket->id }}">
                                     <div class="form-group{{ $errors->has('ticketcomment') ? ' has-error' : '' }}">