From ba7512054fc315e07571a0c6407091814ad17792 Mon Sep 17 00:00:00 2001
From: dogukanoksuz <me@dogukan.dev>
Date: Wed, 18 Oct 2023 12:35:06 +0000
Subject: [PATCH] fix: User permissions

---
 .../API/Server/ExtensionController.php            | 15 ++++++---------
 app/Http/Controllers/API/ServerController.php     |  6 ++++++
 2 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/app/Http/Controllers/API/Server/ExtensionController.php b/app/Http/Controllers/API/Server/ExtensionController.php
index 28d09d34..aa50c377 100644
--- a/app/Http/Controllers/API/Server/ExtensionController.php
+++ b/app/Http/Controllers/API/Server/ExtensionController.php
@@ -21,15 +21,6 @@
  */
 class ExtensionController extends Controller
 {
-    public function __construct()
-    {
-        if (! Permission::can(auth('api')->user()->id, 'liman', 'id', 'server_details')) {
-            throw new JsonResponseException([
-                'message' => 'Bu işlemi yapmak için yetkiniz yok!'
-            ], '', Response::HTTP_FORBIDDEN);
-        }
-    }
-
     /**
      * Extension list
      *
@@ -37,6 +28,12 @@ public function __construct()
      */
     public function index()
     {
+        if (! Permission::can(auth('api')->user()->id, 'liman', 'id', 'server_details')) {
+            throw new JsonResponseException([
+                'message' => 'Bu işlemi yapmak için yetkiniz yok!'
+            ], '', Response::HTTP_FORBIDDEN);
+        }
+
         return server()->extensions()->filter(function ($extension) {
             return Permission::can(auth('api')->user()->id, 'extension', 'id', $extension->id);
         })->map(function ($item) {
diff --git a/app/Http/Controllers/API/ServerController.php b/app/Http/Controllers/API/ServerController.php
index 74c2e9f2..7ebe5d76 100644
--- a/app/Http/Controllers/API/ServerController.php
+++ b/app/Http/Controllers/API/ServerController.php
@@ -76,6 +76,12 @@ public function create(Request $request)
      * @return JsonResponse
      */
     public function update(Request $request) {
+        if (! Permission::can(auth('api')->user()->id, 'liman', 'id', 'update_server')) {
+            throw new JsonResponseException([
+                'message' => 'Bu işlemi yapmak için yetkiniz yok!'
+            ], '', Response::HTTP_FORBIDDEN);
+        }
+
         $server = Server::find($request->server_id);
         if (! $server) {
             throw new JsonResponseException([