Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to extend elfinder #581

Closed
shinokada opened this issue Apr 1, 2017 · 8 comments
Closed

How to extend elfinder #581

shinokada opened this issue Apr 1, 2017 · 8 comments

Comments

@shinokada
Copy link

shinokada commented Apr 1, 2017

Hi,

I'd like to limit an access to admin/elfinder. I am using PermissionManager as well. I created a permission called File-manager.

I tried the following but not working.

namespace App\Http\Controllers\Admin;

use Illuminate\Support\Facades\Auth;
use Barryvdh\Elfinder\ElfinderController as OriginalElfinderController;
use Illuminate\Foundation\Application;

class ElfinderController extends OriginalElfinderController
{
    protected $user;
    protected $app;

    public function __construct(Application $app)
    {
        parent::__construct($app);
        $this->middleware(function ($request, $next) {
            $this->user= Auth::user();
            return $this->user->can('File-manager') ? $next($request) : redirect(config('mycms.dashboard'));
        });

    }
}

and web.php

Route::group(['prefix' => 'admin', 'middleware' => 'admin'], function()
{
...
    CRUD::resource('elfinder', 'Admin\ElfinderController');
...
});

What is the best way?

@lloy0076
Copy link
Contributor

lloy0076 commented Apr 2, 2017

That sounds more like a Laravel problem.

I'd break that:

return $this->user->can('File-manager') ? $next($request) : redirect(config('mycms.dashboard'));

into

$result = $this->user->can('File-manager');
dump($this->user);
dump($result);

...and see what you get.

@tabacitu
Copy link
Member

tabacitu commented Apr 3, 2017

Hi @shinokada ,

I think an alternative solution would be to use ElFinder's default functionality.

  1. Notice in your config/elfinder.php you have this line:
    /*
    |--------------------------------------------------------------------------
    | Access filter
    |--------------------------------------------------------------------------
    |
    | Filter callback to check the files
    |
    */

    'access' => 'Barryvdh\Elfinder\Elfinder::checkAccess',

This will allow you to deny access to all files or particular files.

  1. You also have this:
    /*
    |--------------------------------------------------------------------------
    | Routes group config
    |--------------------------------------------------------------------------
    |
    | The default group settings for the elFinder routes.
    |
    */

    'route' => [
        'prefix'     => config('backpack.base.route_prefix').'/elfinder',
        'middleware' => ['web', 'admin'], //Set to null to disable middleware filter
    ],

This allows you to place an extra middleware and deny access to the page altogether, if that's what you need. So if you use Backpack\PermissionManager and have a PermissionMiddleware, you can just add the middleware can:file-manager.

Hope it helps.

Cheers!

@tabacitu tabacitu closed this as completed Apr 3, 2017
@shinokada
Copy link
Author

@tabacitu, Thanks for your reply. I am not sure if I am doing right.

I added app/Http/MIddleware/PermissionMiddleware.php and app/Http/Middleware/RoleMiddleware.php.
I added them in app\Kernel.php.

    protected $routeMiddleware = [
        'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
        'can' => \Illuminate\Auth\Middleware\Authorize::class,
        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
        'permission' => \App\Http\Middleware\PermissionMiddleware::class,
        'role' => \App\Http\Middleware\RoleMiddleware::class,
    ];

I added the following in config/elfinder.php

    'route' => [
        'prefix'     => config('backpack.base.route_prefix').'/elfinder',
        'middleware' => ['web', 'admin','permission'], //Set to null to disable middleware filter
    ],

When I visit admin/elfinder, I get an error.

FatalThrowableError in PermissionMiddleware.php line 17:
Type error: Too few arguments to function App\Http\Middleware\PermissionMiddleware::handle(), 2 passed in /Users/sokada/Code/back-test/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php on line 148 and exactly 3 expected ...

I'm also not sure where I can use can:file-manager.

@tabacitu
Copy link
Member

tabacitu commented Apr 3, 2017

Hi @shinokada ,

If you defined the PermissIonMiddleware as "permission" in your Kernel.php you can use this middleware: permission:file-manager, instead of just "permission". Basically you pass a parameter to the middleware.

Does this work for you?

    'route' => [
        'prefix'     => config('backpack.base.route_prefix').'/elfinder',
-       'middleware' => ['web', 'admin','permission'], //Set to null to disable middleware filter
+       'middleware' => ['web', 'admin','permission:file-manager'], //Set to null to disable middleware filter

    ],

@shinokada
Copy link
Author

shinokada commented Apr 3, 2017

I get 403 error when I visit admin/elfinder even as an admin.

(Am I supposed to register it in the Kenel.php?)

@tabacitu
Copy link
Member

tabacitu commented Apr 3, 2017

Hmm... Try to dump the permissions your user has in the PermissionMiddleware, maybe on this line, I'm positive it should work.

@shinokada
Copy link
Author

shinokada commented Apr 3, 2017

Ok, it works. My permission name was 'File-manager', so I changed it to,

'middleware' => ['web', 'admin','permission:File-manager'], //Set to null to disable middleware filter

Thanks for your help.

@tabacitu
Copy link
Member

tabacitu commented Apr 3, 2017

Glad to help. Cheers!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants