From 63bc7abe34db3efeb266d3371a8491e41768cbe4 Mon Sep 17 00:00:00 2001
From: IsharaEkanayaka <e20094@eng.pdn.ac.lk>
Date: Mon, 15 Jul 2024 15:18:27 +0530
Subject: [PATCH] authorize news section

---
 app/Http/Livewire/Backend/NewsTable.php               | 10 ++++++++--
 app/Providers/AuthServiceProvider.php                 | 10 ++++++++++
 resources/views/backend/includes/sidebar.blade.php    |  4 ++--
 .../views/backend/news/index-table-row.blade.php      |  4 ++++
 routes/backend/news.php                               | 11 +++++++++--
 5 files changed, 33 insertions(+), 6 deletions(-)

diff --git a/app/Http/Livewire/Backend/NewsTable.php b/app/Http/Livewire/Backend/NewsTable.php
index 30256bd..67bd38c 100644
--- a/app/Http/Livewire/Backend/NewsTable.php
+++ b/app/Http/Livewire/Backend/NewsTable.php
@@ -2,6 +2,7 @@
 
 namespace App\Http\Livewire\Backend;
 
+use Illuminate\Support\Facades\Gate;
 use App\Domains\News\Models\News;
 use Illuminate\Database\Eloquent\Builder;
 use Rappasoft\LaravelLivewireTables\DataTableComponent;
@@ -17,7 +18,7 @@ class NewsTable extends DataTableComponent
 
     public function columns(): array
     {
-        return [
+        $columns = [
             Column::make("Title", "title")
                 ->sortable()
                 ->searchable(), 
@@ -33,8 +34,13 @@ public function columns(): array
                 ->sortable(),
             Column::make("Updated At", "updated_at")
                 ->sortable(),
-            Column::make("Actions")
         ];
+    
+        if (Gate::allows('edit-or-delete-news')) {
+            $columns[] = Column::make("Actions");
+        }
+    
+        return $columns;
     }
 
     public function query(): Builder
diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php
index f6791e9..1fa1b2c 100644
--- a/app/Providers/AuthServiceProvider.php
+++ b/app/Providers/AuthServiceProvider.php
@@ -38,5 +38,15 @@ public function boot()
 //        Gate::after(function ($user) {
 //            return $user->hasAllAccess();
 //        });
+
+        Gate::define('edit-or-delete-news', function ($user) {
+            // Logic to determine if the user can edit news
+            return $user->hasAnyPermission(['admin.access.news.edit','admin.access.news.delete']);
+        });
+
+        Gate::define('edit-or-delete-events', function ($user) {
+            // Logic to determine if the user can edit news
+            return $user->hasAnyPermission(['admin.access.events.edit','admin.access.events.delete']);
+        });
     }
 }
diff --git a/resources/views/backend/includes/sidebar.blade.php b/resources/views/backend/includes/sidebar.blade.php
index 5671cf5..a79081d 100644
--- a/resources/views/backend/includes/sidebar.blade.php
+++ b/resources/views/backend/includes/sidebar.blade.php
@@ -84,7 +84,7 @@ class="c-sidebar-nav-dropdown {{ activeClass(Route::is('admin.auth.user.*') || R
             </li>
         @endif
 
-        @if ($logged_in_user->hasPermissionTo('admin.access.news.edit'))
+        @if ($logged_in_user->hasAnyPermission(['admin.access.news.create', 'admin.access.news.edit', 'admin.access.news.show', 'admin.access.news.delete']))
             {{-- News --}}
             <li class="c-sidebar-nav-dropdown">
                 <x-utils.link href="#" icon="c-sidebar-nav-icon cil-newspaper" class="c-sidebar-nav-dropdown-toggle"
@@ -99,7 +99,7 @@ class="c-sidebar-nav-dropdown {{ activeClass(Route::is('admin.auth.user.*') || R
             </li>
         @endif
 
-        @if ($logged_in_user->hasPermissionTo('admin.access.events.edit'))
+        @if ($logged_in_user->hasAnyPermission(['admin.access.events.create', 'admin.access.events.edit', 'admin.access.events.show', 'admin.access.events.delete']))
             {{-- Events --}}
             <li class="c-sidebar-nav-dropdown">
                 <x-utils.link href="#" icon="c-sidebar-nav-icon cil-browser" class="c-sidebar-nav-dropdown-toggle"
diff --git a/resources/views/backend/news/index-table-row.blade.php b/resources/views/backend/news/index-table-row.blade.php
index 10ff607..6a0841a 100644
--- a/resources/views/backend/news/index-table-row.blade.php
+++ b/resources/views/backend/news/index-table-row.blade.php
@@ -53,12 +53,16 @@
 <x-livewire-tables::table.cell>
     <div class="d-flex px-0 mt-0 mb-0">
         <div class="btn-group" role="group" aria-label="">
+            @if ($logged_in_user->hasPermissionTo('admin.access.news.edit'))
             <a href="{{ route('dashboard.news.edit', $row) }}" class="btn btn-info btn-xs"><i class="fa fa-pencil"
                     title="Edit"></i>
             </a>
+            @endif
+            @if ($logged_in_user->hasPermissionTo('admin.access.news.delete'))
             <a href="{{ route('dashboard.news.delete', $row) }}" class="btn btn-danger btn-xs"><i
                     class="fa fa-trash" title="Delete"></i>
             </a>
+            @endif
         </div>
     </div>
 </x-livewire-tables::table.cell>
diff --git a/routes/backend/news.php b/routes/backend/news.php
index 420d03b..054653c 100644
--- a/routes/backend/news.php
+++ b/routes/backend/news.php
@@ -4,11 +4,12 @@
 use App\Http\Controllers\Backend\NewsController;
 use Illuminate\Support\Facades\Route;
 
-Route::group(['middleware' => ['permission:admin.access.news.edit']], function () {
+Route::group(['middleware' => ['permission:admin.access.news.show|admin.access.news.create|admin.access.news.edit|admin.access.news.delete']], function () {
 
     Route::get('/news', function () {
         return view('backend.news.index');
-    })->name('news.index')
+    })->middleware('permission:admin.access.news.show')
+    ->name('news.index')
         ->breadcrumbs(function (Trail $trail) {
             $trail->push(__('Home'), route('dashboard.home'))
                 ->push(__('News'), route('dashboard.news.index'));
@@ -16,6 +17,7 @@
 
     // Create
     Route::get('news/create', [NewsController::class, 'create'])
+        ->middleware('permission:admin.access.news.create')
         ->name('news.create')
         ->breadcrumbs(function (Trail $trail) {
             $trail->push(__('Home'), route('dashboard.home'))
@@ -25,10 +27,12 @@
 
     // Store
     Route::post('news/', [NewsController::class, 'store'])
+        ->middleware('permission:admin.access.news.create')
         ->name('news.store');
 
     // Edit
     Route::get('news/edit/{news}', [NewsController::class, 'edit'])
+        ->middleware('permission:admin.access.news.edit')
         ->name('news.edit')
         ->breadcrumbs(function (Trail $trail) {
             $trail->push(__('Home'), route('dashboard.home'))
@@ -38,10 +42,12 @@
 
     // Update
     Route::put('news/{news}', [NewsController::class, 'update'])
+        ->middleware('permission:admin.access.news.edit')
         ->name('news.update');
 
     // Delete
     Route::get('news/delete/{news}', [NewsController::class, 'delete'])
+        ->middleware('permission:admin.access.news.delete')
         ->name('news.delete')
         ->breadcrumbs(function (Trail $trail) {
             $trail->push(__('Home'), route('dashboard.home'))
@@ -51,5 +57,6 @@
 
     // Destroy
     Route::delete('news/{news}', [NewsController::class, 'destroy'])
+        ->middleware('permission:admin.access.news.delete')
         ->name('news.destroy');
 });