Hidden the permissions table from mentors and below#291

Vatsim-Scandinavia · Mar 6, 2021 · 67163f2 · 67163f2
1 parent 3facb7f
commit 67163f2
Show file tree

Hide file tree

Showing 2 changed files with 57 additions and 43 deletions.
diff --git a/app/Policies/UserPolicy.php b/app/Policies/UserPolicy.php
@@ -34,6 +34,17 @@ public function view(User $user, User $model)
         return $user->is($model) || $user->isModeratorOrAbove() || $user->isTeaching($model);
     }
 
+    /**
+     * Determine whether the user can view the access table.
+     *
+     * @param  \App\Models\User  $user
+     * @return bool
+     */
+    public function viewAccess(User $user)
+    {
+        return $user->isModeratorOrAbove();
+    }
+
     /**
      * Determine whether the user can update the model.
      *

diff --git a/resources/views/user/show.blade.php b/resources/views/user/show.blade.php
@@ -52,61 +52,64 @@
 </div>
 
 <div class="row">
-    <div class="col-xl-4 col-md-12 mb-12">
-        <div class="card shadow mb-4">
-            <div class="card-header bg-primary py-3 d-flex flex-row align-items-center justify-content-between">
-                <h6 class="m-0 font-weight-bold text-white">
-                    Access
-                </h6>
-            </div>
-            <div class="card-body">
-                <form action="{{ route('user.update', $user->id) }}" method="POST">
-                    @method('PATCH')
-                    @csrf
 
-                    <p>Select none, one or multiple permissions for the user.</p>
+    @if (\Illuminate\Support\Facades\Gate::inspect('viewAccess', $user)->allowed())
+        <div class="col-xl-4 col-md-12 mb-12">
+            <div class="card shadow mb-4">
+                <div class="card-header bg-primary py-3 d-flex flex-row align-items-center justify-content-between">
+                    <h6 class="m-0 font-weight-bold text-white">
+                        Access
+                    </h6>
+                </div>
+                <div class="card-body">
+                    <form action="{{ route('user.update', $user->id) }}" method="POST">
+                        @method('PATCH')
+                        @csrf
 
-                    <table class="table table-bordered table-hover table-responsive w-100 d-block d-md-table">
-                        <thead>
-                            <tr>
-                                <th>Area</th>
-                                @foreach($groups as $group)
-                                    <th class="text-center">{{ $group->name }} <i class="fas fa-question-circle text-gray-400" title="{{ $group->description }}"></i></th>
-                                @endforeach
-                            </tr>
-                        </thead>
-                        <tbody>
+                        <p>Select none, one or multiple permissions for the user.</p>
 
-                            @foreach($areas as $area)
+                        <table class="table table-bordered table-hover table-responsive w-100 d-block d-md-table">
+                            <thead>
                                 <tr>
-                                    <td>{{ $area->name }}</td>
-
+                                    <th>Area</th>
                                     @foreach($groups as $group)
-
-                                        @if (\Illuminate\Support\Facades\Gate::inspect('updateGroup', [$user, $group, $area])->allowed() && $group->id != 1)
-                                            <td class="text-center"><input type="checkbox" name="{{ $area->name }}_{{ $group->name }}" {{ $user->groups()->where('group_id', $group->id)->where('area_id', $area->id)->count() ? "checked" : "" }}></td>
-                                        @else
-                                            <td class="text-center"><input type="checkbox" {{ $user->groups()->where('group_id', $group->id)->where('area_id', $area->id)->count() ? "checked" : "" }} disabled></td>
-                                        @endif
-
+                                        <th class="text-center">{{ $group->name }} <i class="fas fa-question-circle text-gray-400" title="{{ $group->description }}"></i></th>
                                     @endforeach
-
                                 </tr>
-                            @endforeach
+                            </thead>
+                            <tbody>
 
-                        </tbody>
-                    </table>
+                                @foreach($areas as $area)
+                                    <tr>
+                                        <td>{{ $area->name }}</td>
+
+                                        @foreach($groups as $group)
 
-                    @if (\Illuminate\Support\Facades\Gate::inspect('update', $user)->allowed())
-                        <div class="form-group">
-                            <button type="submit" class="btn btn-primary">Save access</button>
-                        </div>
-                    @endif
+                                            @if (\Illuminate\Support\Facades\Gate::inspect('updateGroup', [$user, $group, $area])->allowed() && $group->id != 1)
+                                                <td class="text-center"><input type="checkbox" name="{{ $area->name }}_{{ $group->name }}" {{ $user->groups()->where('group_id', $group->id)->where('area_id', $area->id)->count() ? "checked" : "" }}></td>
+                                            @else
+                                                <td class="text-center"><input type="checkbox" {{ $user->groups()->where('group_id', $group->id)->where('area_id', $area->id)->count() ? "checked" : "" }} disabled></td>
+                                            @endif
+
+                                        @endforeach
 
-                </form>
+                                    </tr>
+                                @endforeach
+
+                            </tbody>
+                        </table>
+
+                        @if (\Illuminate\Support\Facades\Gate::inspect('update', $user)->allowed())
+                            <div class="form-group">
+                                <button type="submit" class="btn btn-primary">Save access</button>
+                            </div>
+                        @endif
+
+                    </form>
+                </div>
             </div>
         </div>
-    </div>
+    @endif
 
     <div class="col-xl-4 col-md-12 mb-12">
         <div class="card shadow mb-4">