From 3534fdd02a6156e5b480497773854c9e4a763088 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Cort=C3=A9s?= Date: Tue, 20 Jul 2021 00:56:34 -0400 Subject: [PATCH] Forzando el uso de roles segun la vista Principlamente aplica a los post/put/delete de cada ruta, ya que estos pueden ser destructivos y solamente un administrador o global admin puede hacer esta accion --- backend/routes/web.php | 70 +++++++++++++++++++++--------------------- 1 file changed, 35 insertions(+), 35 deletions(-) diff --git a/backend/routes/web.php b/backend/routes/web.php index 5ab2de4..628c191 100644 --- a/backend/routes/web.php +++ b/backend/routes/web.php @@ -22,71 +22,71 @@ $router->group(['prefix' => 'api/v1', 'middleware' => ['auth', 'log_endpoint']], $router->group(['prefix' => '/restaurantes'], function () use ($router) { $router->get( '/', ['as' => 'restaurant.all', 'uses' => 'RestaurantesController@all']); $router->get( '/{id}', ['as' => 'restaurant.get', 'uses' => 'RestaurantesController@get']); - $router->post( '/', ['as' => 'restaurant.create', 'uses' => 'RestaurantesController@create', 'middleware' => 'role:global_admin']); - $router->put( '/{id}', ['as' => 'restaurant.update', 'uses' => 'RestaurantesController@update', 'middleware' => 'role:global_admin']); - $router->delete('/{id}', ['as' => 'restaurant.delete', 'uses' => 'RestaurantesController@delete', 'middleware' => 'role:global_admin']); + $router->post( '/', ['as' => 'restaurant.create', 'uses' => 'RestaurantesController@create', 'middleware' => ['role:global_admin']]); + $router->put( '/{id}', ['as' => 'restaurant.update', 'uses' => 'RestaurantesController@update', 'middleware' => ['role:global_admin']]); + $router->delete('/{id}', ['as' => 'restaurant.delete', 'uses' => 'RestaurantesController@delete', 'middleware' => ['role:global_admin']]); $router->get( '/{restaurante_id}/canales-venta', ['as' => 'canales-venta.all', 'uses' => 'CanalesVentaController@all']); $router->get( '/{restaurante_id}/canales-venta/{id}', ['as' => 'canales-venta.get', 'uses' => 'CanalesVentaController@get']); - $router->post( '/{restaurante_id}/canales-venta', ['as' => 'canales-venta.create', 'uses' => 'CanalesVentaController@create']); - $router->put( '/{restaurante_id}/canales-venta/{id}', ['as' => 'canales-venta.update', 'uses' => 'CanalesVentaController@update']); - $router->delete('/{restaurante_id}/canales-venta/{id}', ['as' => 'canales-venta.delete', 'uses' => 'CanalesVentaController@delete']); + $router->post( '/{restaurante_id}/canales-venta', ['as' => 'canales-venta.create', 'uses' => 'CanalesVentaController@create', 'middleware' => ['role:admin|global_admin']]); + $router->put( '/{restaurante_id}/canales-venta/{id}', ['as' => 'canales-venta.update', 'uses' => 'CanalesVentaController@update', 'middleware' => ['role:admin|global_admin']]); + $router->delete('/{restaurante_id}/canales-venta/{id}', ['as' => 'canales-venta.delete', 'uses' => 'CanalesVentaController@delete', 'middleware' => ['role:admin|global_admin']]); $router->get( '/{restaurante_id}/sectores', ['as' => 'sectores.all', 'uses' => 'SectoresController@all']); $router->get( '/{restaurante_id}/sectores/{id}', ['as' => 'sectores.get', 'uses' => 'SectoresController@get']); - $router->post( '/{restaurante_id}/sectores', ['as' => 'sectores.create', 'uses' => 'SectoresController@create']); - $router->put( '/{restaurante_id}/sectores/{id}', ['as' => 'sectores.update', 'uses' => 'SectoresController@update']); - $router->delete('/{restaurante_id}/sectores/{id}', ['as' => 'sectores.delete', 'uses' => 'SectoresController@delete']); + $router->post( '/{restaurante_id}/sectores', ['as' => 'sectores.create', 'uses' => 'SectoresController@create', 'middleware' => ['role:admin|global_admin']]); + $router->put( '/{restaurante_id}/sectores/{id}', ['as' => 'sectores.update', 'uses' => 'SectoresController@update', 'middleware' => ['role:admin|global_admin']]); + $router->delete('/{restaurante_id}/sectores/{id}', ['as' => 'sectores.delete', 'uses' => 'SectoresController@delete', 'middleware' => ['role:admin|global_admin']]); $router->get( '/{restaurante_id}/zonas-produccion', ['as' => 'zonas-produccion.all', 'uses' => 'ZonasProduccionController@all']); $router->get( '/{restaurante_id}/zonas-produccion/{id}', ['as' => 'zonas-produccion.get', 'uses' => 'ZonasProduccionController@get']); - $router->post( '/{restaurante_id}/zonas-produccion', ['as' => 'zonas-produccion.create', 'uses' => 'ZonasProduccionController@create']); - $router->put( '/{restaurante_id}/zonas-produccion/{id}', ['as' => 'zonas-produccion.update', 'uses' => 'ZonasProduccionController@update']); - $router->delete('/{restaurante_id}/zonas-produccion/{id}', ['as' => 'zonas-produccion.delete', 'uses' => 'ZonasProduccionController@delete']); + $router->post( '/{restaurante_id}/zonas-produccion', ['as' => 'zonas-produccion.create', 'uses' => 'ZonasProduccionController@create', 'middleware' => ['role:admin|global_admin']]); + $router->put( '/{restaurante_id}/zonas-produccion/{id}', ['as' => 'zonas-produccion.update', 'uses' => 'ZonasProduccionController@update', 'middleware' => ['role:admin|global_admin']]); + $router->delete('/{restaurante_id}/zonas-produccion/{id}', ['as' => 'zonas-produccion.delete', 'uses' => 'ZonasProduccionController@delete', 'middleware' => ['role:admin|global_admin']]); $router->get( '/{restaurante_id}/categorias', ['as' => 'categorias.all', 'uses' => 'CategoriasController@all']); $router->get( '/{restaurante_id}/categorias/{id}', ['as' => 'categorias.get', 'uses' => 'CategoriasController@get']); - $router->post( '/{restaurante_id}/categorias', ['as' => 'categorias.create', 'uses' => 'CategoriasController@create']); - $router->put( '/{restaurante_id}/categorias/{id}', ['as' => 'categorias.update', 'uses' => 'CategoriasController@update']); - $router->delete('/{restaurante_id}/categorias/{id}', ['as' => 'categorias.delete', 'uses' => 'CategoriasController@delete']); + $router->post( '/{restaurante_id}/categorias', ['as' => 'categorias.create', 'uses' => 'CategoriasController@create', 'middleware' => ['role:admin|global_admin']]); + $router->put( '/{restaurante_id}/categorias/{id}', ['as' => 'categorias.update', 'uses' => 'CategoriasController@update', 'middleware' => ['role:admin|global_admin']]); + $router->delete('/{restaurante_id}/categorias/{id}', ['as' => 'categorias.delete', 'uses' => 'CategoriasController@delete', 'middleware' => ['role:admin|global_admin']]); $router->get( '/{restaurante_id}/proveedores', ['as' => 'proveedores.all', 'uses' => 'ProveedoresController@all']); $router->get( '/{restaurante_id}/proveedores/{id}', ['as' => 'proveedores.get', 'uses' => 'ProveedoresController@get']); - $router->post( '/{restaurante_id}/proveedores', ['as' => 'proveedores.create', 'uses' => 'ProveedoresController@create']); - $router->put( '/{restaurante_id}/proveedores/{id}', ['as' => 'proveedores.update', 'uses' => 'ProveedoresController@update']); - $router->delete('/{restaurante_id}/proveedores/{id}', ['as' => 'proveedores.delete', 'uses' => 'ProveedoresController@delete']); + $router->post( '/{restaurante_id}/proveedores', ['as' => 'proveedores.create', 'uses' => 'ProveedoresController@create', 'middleware' => ['role:admin|global_admin']]); + $router->put( '/{restaurante_id}/proveedores/{id}', ['as' => 'proveedores.update', 'uses' => 'ProveedoresController@update', 'middleware' => ['role:admin|global_admin']]); + $router->delete('/{restaurante_id}/proveedores/{id}', ['as' => 'proveedores.delete', 'uses' => 'ProveedoresController@delete', 'middleware' => ['role:admin|global_admin']]); $router->get( '/{restaurante_id}/ingredientes', ['as' => 'ingredientes.all', 'uses' => 'IngredientesController@all']); $router->get( '/{restaurante_id}/ingredientes/{id}', ['as' => 'ingredientes.get', 'uses' => 'IngredientesController@get']); - $router->post( '/{restaurante_id}/ingredientes', ['as' => 'ingredientes.create', 'uses' => 'IngredientesController@create']); - $router->put( '/{restaurante_id}/ingredientes/{id}', ['as' => 'ingredientes.update', 'uses' => 'IngredientesController@update']); - $router->delete('/{restaurante_id}/ingredientes/{id}', ['as' => 'ingredientes.delete', 'uses' => 'IngredientesController@delete']); + $router->post( '/{restaurante_id}/ingredientes', ['as' => 'ingredientes.create', 'uses' => 'IngredientesController@create', 'middleware' => ['role:admin|global_admin']]); + $router->put( '/{restaurante_id}/ingredientes/{id}', ['as' => 'ingredientes.update', 'uses' => 'IngredientesController@update', 'middleware' => ['role:admin|global_admin']]); + $router->delete('/{restaurante_id}/ingredientes/{id}', ['as' => 'ingredientes.delete', 'uses' => 'IngredientesController@delete', 'middleware' => ['role:admin|global_admin']]); $router->get( '/{restaurante_id}/productos', ['as' => 'productos.all', 'uses' => 'ProductosController@all']); $router->get( '/{restaurante_id}/productos/{id}', ['as' => 'productos.get', 'uses' => 'ProductosController@get']); - $router->post( '/{restaurante_id}/productos', ['as' => 'productos.create', 'uses' => 'ProductosController@create']); - $router->put( '/{restaurante_id}/productos/{id}', ['as' => 'productos.update', 'uses' => 'ProductosController@update']); - $router->delete('/{restaurante_id}/productos/{id}', ['as' => 'productos.delete', 'uses' => 'ProductosController@delete']); + $router->post( '/{restaurante_id}/productos', ['as' => 'productos.create', 'uses' => 'ProductosController@create', 'middleware' => ['role:admin|global_admin']]); + $router->put( '/{restaurante_id}/productos/{id}', ['as' => 'productos.update', 'uses' => 'ProductosController@update', 'middleware' => ['role:admin|global_admin']]); + $router->delete('/{restaurante_id}/productos/{id}', ['as' => 'productos.delete', 'uses' => 'ProductosController@delete', 'middleware' => ['role:admin|global_admin']]); $router->get( '/{restaurante_id}/productos/{producto_id}/ingredientes/', ['as' => 'productos.receta.all', 'uses' => 'RecetasController@all']); $router->get( '/{restaurante_id}/productos/{producto_id}/ingredientes/{ingrediente_id}', ['as' => 'productos.receta.get', 'uses' => 'RecetasController@get']); - $router->post( '/{restaurante_id}/productos/{producto_id}/ingredientes/{ingrediente_id}', ['as' => 'productos.receta.add_ingrediente', 'uses' => 'RecetasController@create']); - $router->put( '/{restaurante_id}/productos/{producto_id}/ingredientes/{ingrediente_id}', ['as' => 'productos.receta.update_ingrediente', 'uses' => 'RecetasController@update']); - $router->delete('/{restaurante_id}/productos/{producto_id}/ingredientes/{ingrediente_id}', ['as' => 'productos.receta.remove_ingrediente', 'uses' => 'RecetasController@delete']); + $router->post( '/{restaurante_id}/productos/{producto_id}/ingredientes/{ingrediente_id}', ['as' => 'productos.receta.add_ingrediente', 'uses' => 'RecetasController@create', 'middleware' => ['role:admin|global_admin']]); + $router->put( '/{restaurante_id}/productos/{producto_id}/ingredientes/{ingrediente_id}', ['as' => 'productos.receta.update_ingrediente', 'uses' => 'RecetasController@update', 'middleware' => ['role:admin|global_admin']]); + $router->delete('/{restaurante_id}/productos/{producto_id}/ingredientes/{ingrediente_id}', ['as' => 'productos.receta.remove_ingrediente', 'uses' => 'RecetasController@delete', 'middleware' => ['role:admin|global_admin']]); $router->get( '/{restaurante_id}/compras', ['as' => 'compras.all', 'uses' => 'ComprasController@all']); $router->get( '/{restaurante_id}/compras/{id}', ['as' => 'compras.get', 'uses' => 'ComprasController@get']); - $router->post( '/{restaurante_id}/compras', ['as' => 'compras.create', 'uses' => 'ComprasController@create']); - $router->put( '/{restaurante_id}/compras/{id}', ['as' => 'compras.update', 'uses' => 'ComprasController@update']); - $router->delete('/{restaurante_id}/compras/{id}', ['as' => 'compras.delete', 'uses' => 'ComprasController@delete']); + $router->post( '/{restaurante_id}/compras', ['as' => 'compras.create', 'uses' => 'ComprasController@create', 'middleware' => ['role:admin|global_admin']]); + $router->put( '/{restaurante_id}/compras/{id}', ['as' => 'compras.update', 'uses' => 'ComprasController@update', 'middleware' => ['role:admin|global_admin']]); + $router->delete('/{restaurante_id}/compras/{id}', ['as' => 'compras.delete', 'uses' => 'ComprasController@delete', 'middleware' => ['role:admin|global_admin']]); $router->get( '/{restaurante_id}/compras/{id}/ingredientes', ['as' => 'compras.ingredientes.get', 'uses' => 'ComprasController@getIngredientes']); - $router->post( '/{restaurante_id}/compras/{id}/ingredientes/{ingrediente_id}', ['as' => 'compras.ingredientes.add', 'uses' => 'ComprasController@addIngrediente']); - $router->delete('/{restaurante_id}/compras/{id}/ingredientes/{ingrediente_id}', ['as' => 'compras.ingredientes.delete', 'uses' => 'ComprasController@deleteIngrediente']); + $router->post( '/{restaurante_id}/compras/{id}/ingredientes/{ingrediente_id}', ['as' => 'compras.ingredientes.add', 'uses' => 'ComprasController@addIngrediente', 'middleware' => ['role:admin|global_admin']]); + $router->delete('/{restaurante_id}/compras/{id}/ingredientes/{ingrediente_id}', ['as' => 'compras.ingredientes.delete', 'uses' => 'ComprasController@deleteIngrediente','middleware' => ['role:admin|global_admin']]); $router->get( '/{restaurante_id}/compras/{id}/factura', ['as' => 'factura.get', 'uses' => 'FacturasController@get']); - $router->post( '/{restaurante_id}/compras/{id}/factura', ['as' => 'factura.create', 'uses' => 'FacturasController@create']); - $router->put( '/{restaurante_id}/compras/{id}/factura', ['as' => 'factura.update', 'uses' => 'FacturasController@update']); - $router->delete('/{restaurante_id}/compras/{id}/factura', ['as' => 'factura.delete', 'uses' => 'FacturasController@delete']); + $router->post( '/{restaurante_id}/compras/{id}/factura', ['as' => 'factura.create', 'uses' => 'FacturasController@create', 'middleware' => ['role:admin|global_admin']]); + $router->put( '/{restaurante_id}/compras/{id}/factura', ['as' => 'factura.update', 'uses' => 'FacturasController@update', 'middleware' => ['role:admin|global_admin']]); + $router->delete('/{restaurante_id}/compras/{id}/factura', ['as' => 'factura.delete', 'uses' => 'FacturasController@delete', 'middleware' => ['role:admin|global_admin']]); }); });