fix: User permissions

limanmys · Oct 18, 2023 · ba75120 · ba75120
1 parent af6c937
commit ba75120
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 9 deletions.
diff --git a/app/Http/Controllers/API/Server/ExtensionController.php b/app/Http/Controllers/API/Server/ExtensionController.php
@@ -21,22 +21,19 @@
  */
 class ExtensionController extends Controller
 {
-    public function __construct()
-    {
-        if (! Permission::can(auth('api')->user()->id, 'liman', 'id', 'server_details')) {
-            throw new JsonResponseException([
-                'message' => 'Bu işlemi yapmak için yetkiniz yok!'
-            ], '', Response::HTTP_FORBIDDEN);
-        }
-    }
-
     /**
      * Extension list
      *
      * @return Collection
      */
     public function index()
     {
+        if (! Permission::can(auth('api')->user()->id, 'liman', 'id', 'server_details')) {
+            throw new JsonResponseException([
+                'message' => 'Bu işlemi yapmak için yetkiniz yok!'
+            ], '', Response::HTTP_FORBIDDEN);
+        }
+
         return server()->extensions()->filter(function ($extension) {
             return Permission::can(auth('api')->user()->id, 'extension', 'id', $extension->id);
         })->map(function ($item) {

diff --git a/app/Http/Controllers/API/ServerController.php b/app/Http/Controllers/API/ServerController.php
@@ -76,6 +76,12 @@ public function create(Request $request)
      * @return JsonResponse
      */
     public function update(Request $request) {
+        if (! Permission::can(auth('api')->user()->id, 'liman', 'id', 'update_server')) {
+            throw new JsonResponseException([
+                'message' => 'Bu işlemi yapmak için yetkiniz yok!'
+            ], '', Response::HTTP_FORBIDDEN);
+        }
+
         $server = Server::find($request->server_id);
         if (! $server) {
             throw new JsonResponseException([