diff --git a/app/Classes/Authentication/Authenticator.php b/app/Classes/Authentication/Authenticator.php index ce29f69e..dd0632d5 100644 --- a/app/Classes/Authentication/Authenticator.php +++ b/app/Classes/Authentication/Authenticator.php @@ -74,26 +74,40 @@ public static function createNewToken($token, ?Request $request = null) ]; $dashboardPermissions = []; - $permissions->map(function ($permission) use (&$dashboardPermissions, &$viewPermissions) { + $hasDashboardPermission = false; + $permissions->map(function ($permission) use (&$dashboardPermissions, &$viewPermissions, &$hasDashboardPermission) { if ($permission->key === "sidebar") { // if sidebar is set to extensions, you cannot override it. if (isset($viewPermissions["sidebar"]) && $viewPermissions["sidebar"] === "extensions") { return; } - $viewPermissions["sidebar"] = json_decode($permission->value); + try { + $viewPermissions["sidebar"] = json_decode($permission->value, false, 512, JSON_THROW_ON_ERROR); + } catch (\Exception $e) { + $viewPermissions["sidebar"] = $permission->value; + } } if ($permission->key === "dashboard") { + $hasDashboardPermission = true; // merge all dashboard permissions that comes from roles $dashboardPermissions = array_unique([ ...$dashboardPermissions, ...json_decode($permission->value), ]); } + + if ($permission->key === "redirect") { + if (! auth()->user()->isAdmin()) { + $viewPermissions["redirect"] = $permission->value; + } + } }); // if there is no dashboard permission, set it to default - $viewPermissions["dashboard"] = count($dashboardPermissions) > 0 ? $dashboardPermissions : $defaultPermissions["dashboard"]; + $viewPermissions["dashboard"] = $hasDashboardPermission + ? $dashboardPermissions + : $defaultPermissions["dashboard"]; return $viewPermissions; })(), diff --git a/app/Http/Controllers/API/Settings/RoleController.php b/app/Http/Controllers/API/Settings/RoleController.php index 40d871d7..c39727ea 100644 --- a/app/Http/Controllers/API/Settings/RoleController.php +++ b/app/Http/Controllers/API/Settings/RoleController.php @@ -627,7 +627,11 @@ public function views(Request $request) ]; $permissions->map(function ($item) use (&$viewSettings) { - $viewSettings[$item->key] = json_decode($item->value); + try { + $viewSettings[$item->key] = json_decode($item->value, false, 512, JSON_THROW_ON_ERROR); + } catch (\Throwable) { + $viewSettings[$item->key] = $item->value; + } }); return response()->json($viewSettings); @@ -647,11 +651,19 @@ public function setViews(Request $request) ])->delete(); foreach ($request->views as $setting => $value) { + if ($value === '') { + continue; + } + + if (is_array($value) || is_object($value)) { + $value = json_encode($value); + } + Permission::grant( $request->role_id, 'view', $setting, - json_encode($value), + $value, null, 'roles' ); diff --git a/config/liman.php b/config/liman.php index 5217dcb2..c5732b89 100644 --- a/config/liman.php +++ b/config/liman.php @@ -11,6 +11,7 @@ 'most_used_extensions', 'most_used_servers', ], + 'redirect' => null ], 'search' => [ 'admin' => [