How to extend elfinder

[shinokada]

Hi,

I'd like to limit an access to admin/elfinder. I am using PermissionManager as well. I created a permission called File-manager.

I tried the following but not working.

namespace App\Http\Controllers\Admin;

use Illuminate\Support\Facades\Auth;
use Barryvdh\Elfinder\ElfinderController as OriginalElfinderController;
use Illuminate\Foundation\Application;

class ElfinderController extends OriginalElfinderController
{
    protected $user;
    protected $app;

    public function __construct(Application $app)
    {
        parent::__construct($app);
        $this->middleware(function ($request, $next) {
            $this->user= Auth::user();
            return $this->user->can('File-manager') ? $next($request) : redirect(config('mycms.dashboard'));
        });

    }
}

and web.php

Route::group(['prefix' => 'admin', 'middleware' => 'admin'], function()
{
...
    CRUD::resource('elfinder', 'Admin\ElfinderController');
...
});

What is the best way?

[lloy0076]

That sounds more like a Laravel problem.

I'd break that:

return $this->user->can('File-manager') ? $next($request) : redirect(config('mycms.dashboard'));

into

$result = $this->user->can('File-manager');
dump($this->user);
dump($result);

...and see what you get.

[tabacitu]

Hi @shinokada ,

I think an alternative solution would be to use ElFinder's default functionality.

1. Notice in your config/elfinder.php you have this line:

    /*
    |--------------------------------------------------------------------------
    | Access filter
    |--------------------------------------------------------------------------
    |
    | Filter callback to check the files
    |
    */

    'access' => 'Barryvdh\Elfinder\Elfinder::checkAccess',

This will allow you to deny access to all files or particular files.

2. You also have this:

    /*
    |--------------------------------------------------------------------------
    | Routes group config
    |--------------------------------------------------------------------------
    |
    | The default group settings for the elFinder routes.
    |
    */

    'route' => [
        'prefix'     => config('backpack.base.route_prefix').'/elfinder',
        'middleware' => ['web', 'admin'], //Set to null to disable middleware filter
    ],

This allows you to place an extra middleware and deny access to the page altogether, if that's what you need. So if you use Backpack\PermissionManager and have a PermissionMiddleware, you can just add the middleware can:file-manager.

Hope it helps.

Cheers!

[shinokada]

@tabacitu, Thanks for your reply. I am not sure if I am doing right.

I added app/Http/MIddleware/PermissionMiddleware.php and app/Http/Middleware/RoleMiddleware.php.
I added them in app\Kernel.php.

    protected $routeMiddleware = [
        'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
        'can' => \Illuminate\Auth\Middleware\Authorize::class,
        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
        'permission' => \App\Http\Middleware\PermissionMiddleware::class,
        'role' => \App\Http\Middleware\RoleMiddleware::class,
    ];

I added the following in config/elfinder.php

    'route' => [
        'prefix'     => config('backpack.base.route_prefix').'/elfinder',
        'middleware' => ['web', 'admin','permission'], //Set to null to disable middleware filter
    ],

When I visit admin/elfinder, I get an error.

FatalThrowableError in PermissionMiddleware.php line 17:
Type error: Too few arguments to function App\Http\Middleware\PermissionMiddleware::handle(), 2 passed in /Users/sokada/Code/back-test/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php on line 148 and exactly 3 expected ...

I'm also not sure where I can use can:file-manager.

[tabacitu]

Hi @shinokada ,

If you defined the PermissIonMiddleware as "permission" in your Kernel.php you can use this middleware: permission:file-manager, instead of just "permission". Basically you pass a parameter to the middleware.

Does this work for you?

    'route' => [
        'prefix'     => config('backpack.base.route_prefix').'/elfinder',
-       'middleware' => ['web', 'admin','permission'], //Set to null to disable middleware filter
+       'middleware' => ['web', 'admin','permission:file-manager'], //Set to null to disable middleware filter

    ],

[shinokada]

I get 403 error when I visit admin/elfinder even as an admin.

(Am I supposed to register it in the Kenel.php?)

[tabacitu]

Hmm... Try to dump the permissions your user has in the PermissionMiddleware, maybe on this line, I'm positive it should work.

[shinokada]

Ok, it works. My permission name was 'File-manager', so I changed it to,

'middleware' => ['web', 'admin','permission:File-manager'], //Set to null to disable middleware filter

Thanks for your help.

[tabacitu]

Glad to help. Cheers!