full settings permissions

app/Http/Controllers/Admin/SettingsController.php

@@ -16,8 +16,7 @@ use Qirolab\Theme\Theme;
 class SettingsController extends Controller
 {
 
-    const READ_PERMISSIONS = "admin.settings.read";
-    const WRITE_PERMISSIONS = "admin.settings.write";
+
     /**
      * Display a listing of the resource.
      *
@@ -26,7 +25,6 @@ class SettingsController extends Controller
     public function index()
     {
 
-        $this->checkPermission(self::READ_PERMISSIONS);
 
         // get all other settings in app/Settings directory
         // group items by file name like $categories
@@ -96,9 +94,10 @@ class SettingsController extends Controller
      */
     public function update(Request $request)
     {
-        $this->checkPermission(self::WRITE_PERMISSIONS);
-
         $category = request()->get('category');
+
+        $this->checkPermission("settings.".strtolower($category).".write");
+
         $settings_class = request()->get('settings_class');
 
         if (method_exists($settings_class, 'getValidations')) {

config/permissions_web.php

@@ -71,8 +71,52 @@ return [
 
     'admin.logs.read',
 
-    'admin.settings.read',
-    'admin.settings.write',
+    /*
+     * Settings Permissions
+     */
+    'settings.discord.read',
+    'settings.discord.write',
+
+    'settings.general.read',
+    'settings.general.write',
+
+    'settings.invoice.read',
+    'settings.invoice.write',
+
+    'settings.locale.read',
+    'settings.locale.write',
+
+    'settings.mail.read',
+    'settings.mail.write',
+
+    'settings.pterodactyl.read',
+    'settings.pterodactyl.write',
+
+    'settings.referral.read',
+    'settings.referral.write',
+
+    'settings.server.read',
+    'settings.server.write',
+
+    'settings.ticket.read',
+    'settings.ticket.write',
+
+    'settings.user.read',
+    'settings.user.write',
+
+    'settings.website.read',
+    'settings.website.write',
+
+    'settings.paypal.read',
+    'settings.paypal.write',
+
+    'settings.stripe.read',
+    'settings.stripe.write',
+
+    'settings.mollie.read',
+    'settings.mollie.write',
+
+
     /*
     * Permissions for users
     */

themes/default/views/admin/settings/index.blade.php

@@ -45,6 +45,7 @@
                                 <ul class="nav nav-pills nav-sidebar flex-column" data-widget="treeview" role="tablist"
                                     data-accordion="false">
                                     @foreach ($settings as $category => $options)
+                                        @canany(["settings.".strtolower($category).".read","settings.".strtolower($category).".write"])
                                         <li class="nav-item border-bottom-0">
                                             <a href="#{{ $category }}"
                                                 class="nav-link {{ $loop->first ? 'active' : '' }}" data-toggle="pill"
@@ -56,6 +57,7 @@
                                                 </p>
                                             </a>
                                         </li>
+                                        @endcanany
                                     @endforeach
                                 </ul>
                             </nav>
@@ -65,6 +67,7 @@
                         <div class="col-10 p-0">
                             <div class="tab-content ml-3" style="width: 100%;">
                                 @foreach ($settings as $category => $options)
+                                    @canany(["settings.".strtolower($category).".read","settings.".strtolower($category).".write"])
                                     <div container class="tab-pane fade container {{ $loop->first ? 'active show' : '' }}"
                                         id="{{ $category }}" role="tabpanel">
 
@@ -158,6 +161,7 @@
 
                                                     </div>
                                                 </div>
+
                                             @endforeach
 
                                             <!-- TODO: Display this only on the General tab
@@ -195,6 +199,7 @@
                                             </div>
                                         </form>
                                     </div>
+                                    @endcanany
                                 @endforeach
 
                             </div>

themes/default/views/layouts/main.blade.php

@@ -258,7 +258,7 @@
                         @endif
 
                     <!-- lol how do i make this shorter? -->
-                        @canany(['admin.settings.read','admin.settings.write','admin.overview.read','admin.overview.sync','admin.ticket.read','admin.tickets.write','admin.ticket_blacklist.read','admin.ticket_blacklist.write','admin.roles.read','admin.roles.write','admin.api.read','admin.api.write'])
+                        @canany(['settings.discord.read','settings.discord.write','settings.general.read','settings.general.write','settings.invoice.read','settings.invoice.write','settings.locale.read','settings.locale.write','settings.mail.read','settings.mail.write','settings.pterodactyl.read','settings.pterodactyl.write','settings.referral.read','settings.referral.write','settings.server.read','settings.server.write','settings.ticket.read','settings.ticket.write','settings.user.read','settings.user.write','settings.website.read','settings.website.write','settings.paypal.read','settings.paypal.write','settings.stripe.read','settings.stripe.write','settings.mollie.read','settings.mollie.write','admin.overview.read','admin.overview.sync','admin.ticket.read','admin.tickets.write','admin.ticket_blacklist.read','admin.ticket_blacklist.write','admin.roles.read','admin.roles.write','admin.api.read','admin.api.write'])
                             <li class="nav-header">{{ __('Administration') }}</li>
                         @endcanany
 
@@ -302,7 +302,34 @@
                             </li>
                             @endcanany
 
-                        @canany(['admin.settings.read','admin.settings.write'])
+                        @canany(['settings.discord.read',
+                                'settings.discord.write',
+                                'settings.general.read',
+                                'settings.general.write',
+                                'settings.invoice.read',
+                                'settings.invoice.write',
+                                'settings.locale.read',
+                                'settings.locale.write',
+                                'settings.mail.read',
+                                'settings.mail.write',
+                                'settings.pterodactyl.read',
+                                'settings.pterodactyl.write',
+                                'settings.referral.read',
+                                'settings.referral.write',
+                                'settings.server.read',
+                                'settings.server.write',
+                                'settings.ticket.read',
+                                'settings.ticket.write',
+                                'settings.user.read',
+                                'settings.user.write',
+                                'settings.website.read',
+                                'settings.website.write',
+                                'settings.paypal.read',
+                                'settings.paypal.write',
+                                'settings.stripe.read',
+                                'settings.stripe.write',
+                                'settings.mollie.read',
+                                'settings.mollie.write',])
                             <li class="nav-item">
                                 <a href="{{ route('admin.settings.index') }}"
                                     class="nav-link @if (Request::routeIs('admin.settings.*')) active @endif">