diff --git a/ci4/app/Controllers/BaseResourceController.php b/ci4/app/Controllers/BaseResourceController.php index 2da29e8b..ada6006f 100755 --- a/ci4/app/Controllers/BaseResourceController.php +++ b/ci4/app/Controllers/BaseResourceController.php @@ -77,6 +77,14 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr */ public $alertStyle = 'alerts'; + /** + * Permiso requerido para borrar. Si es false/null, no se valida. + * Si es un string (nombre del permiso), se valida. + * + * @var string|false|null + */ + protected $deletePermission = false; + /** * An array of helpers to be loaded automatically upon @@ -222,6 +230,13 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr */ public function delete($id = null) { + + // 🔒 Verificar permiso solo si está definido como string + if (is_string($this->deletePermission) && !auth()->user()->can($this->deletePermission)) { + $message = lang('Basic.global.permissionDenied'); // O el mensaje que uses + return $this->failWithNewToken($message, 403); // Estilo coherente con tu clase + } + if (!empty(static::$pluralObjectNameCc) && !empty(static::$singularObjectNameCc)) { $objName = mb_strtolower(lang(ucfirst(static::$pluralObjectNameCc) . '.' . static::$singularObjectNameCc)); } else { @@ -236,8 +251,10 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr } else { $datetime = (new \CodeIgniter\I18n\Time("now")); $rawResult = $this->model->where('id', $id) - ->set(['deleted_at' => $datetime->format('Y-m-d H:i:s'), - 'is_deleted' => $this->delete_flag]) + ->set([ + 'deleted_at' => $datetime->format('Y-m-d H:i:s'), + 'is_deleted' => $this->delete_flag + ]) ->update(); if (!$rawResult) { return $this->failNotFound(lang('Basic.global.deleteError', [$objName])); @@ -270,7 +287,8 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr } if ($customValidationMessages == null) { - $validationErrorMessages = $this->model->validationMessages ?? $this->formValidationErrorMessagess ?? null;; + $validationErrorMessages = $this->model->validationMessages ?? $this->formValidationErrorMessagess ?? null; + ; } else { $validationErrorMessages = $customValidationMessages; } @@ -366,12 +384,12 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr $queryStr = !is_null($query) ? $query->getQuery() : ''; $dbError = $this->model->db->error(); $userFriendlyErrMsg = lang('Basic.global.persistErr1', [static::$singularObjectNameCc]); - if (isset($dbError['code']) && $dbError['code'] == 1062) : + if (isset($dbError['code']) && $dbError['code'] == 1062): $userFriendlyErrMsg .= PHP_EOL . lang('Basic.global.persistDuplErr', [static::$singularObjectNameCc]); endif; // $userFriendlyErrMsg = str_replace("'", "\'", $userFriendlyErrMsg); // Uncomment if experiencing unescaped single quote errors log_message('error', $userFriendlyErrMsg . PHP_EOL . $e->getMessage() . PHP_EOL . $queryStr); - if (isset($dbError['message']) && !empty($dbError['message'])) : + if (isset($dbError['message']) && !empty($dbError['message'])): log_message('error', $dbError['code'] . ' : ' . $dbError['message']); endif; $this->viewData['errorMessage'] = $userFriendlyErrMsg; diff --git a/ci4/app/Controllers/Compras/Proveedores.php b/ci4/app/Controllers/Compras/Proveedores.php index 61161a78..bb1dfbff 100755 --- a/ci4/app/Controllers/Compras/Proveedores.php +++ b/ci4/app/Controllers/Compras/Proveedores.php @@ -25,6 +25,7 @@ class Proveedores extends \App\Controllers\BaseResourceController { protected $indexRoute = 'proveedorList'; + protected $deletePermission = 'proveedores.delete'; public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger) { diff --git a/ci4/app/Controllers/Configuracion/FormasPago.php b/ci4/app/Controllers/Configuracion/FormasPago.php index 6fa53297..4eecd298 100755 --- a/ci4/app/Controllers/Configuracion/FormasPago.php +++ b/ci4/app/Controllers/Configuracion/FormasPago.php @@ -26,6 +26,8 @@ class FormasPago extends \App\Controllers\BaseResourceController protected $indexRoute = 'formaDePagoList'; + protected $deletePermission = 'formas-pago.delete'; + public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger) { diff --git a/ci4/app/Controllers/Configuracion/Group.php b/ci4/app/Controllers/Configuracion/Group.php index dc6e4925..84b47b9b 100755 --- a/ci4/app/Controllers/Configuracion/Group.php +++ b/ci4/app/Controllers/Configuracion/Group.php @@ -21,6 +21,8 @@ class Group extends \App\Controllers\GoBaseController protected $indexRoute = 'userGroupList'; + protected $deletePermission = 'roles-permisos.delete'; + public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger) { self::$viewPath = getenv('theme.path') . 'form/group/'; diff --git a/ci4/app/Controllers/Configuracion/Maquinas.php b/ci4/app/Controllers/Configuracion/Maquinas.php index 5661f339..a5b2cbd0 100755 --- a/ci4/app/Controllers/Configuracion/Maquinas.php +++ b/ci4/app/Controllers/Configuracion/Maquinas.php @@ -28,6 +28,7 @@ class Maquinas extends \App\Controllers\BaseResourceController protected static $viewPath = 'themes/vuexy/form/configuracion/maquinas/'; protected $indexRoute = 'maquinaList'; + protected MaquinaService $maquinaService; protected Validation $validation; diff --git a/ci4/app/Controllers/Configuracion/Maquinasdefecto.php b/ci4/app/Controllers/Configuracion/Maquinasdefecto.php index 68dcabb7..edd6ff13 100755 --- a/ci4/app/Controllers/Configuracion/Maquinasdefecto.php +++ b/ci4/app/Controllers/Configuracion/Maquinasdefecto.php @@ -28,6 +28,8 @@ class Maquinasdefecto extends \App\Controllers\BaseResourceController protected $indexRoute = 'maquinaPorDefectoList'; + protected $deletePermission = 'maquinas-defecto.delete'; + public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger) { diff --git a/ci4/app/Controllers/Configuracion/Paises.php b/ci4/app/Controllers/Configuracion/Paises.php index e684a033..7444acee 100755 --- a/ci4/app/Controllers/Configuracion/Paises.php +++ b/ci4/app/Controllers/Configuracion/Paises.php @@ -29,6 +29,7 @@ class Paises extends \App\Controllers\BaseResourceController protected $indexRoute = 'paisList'; + protected $deletePermission = 'paises.delete'; public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger) { diff --git a/ci4/app/Controllers/Configuracion/Papelesgenericos.php b/ci4/app/Controllers/Configuracion/Papelesgenericos.php index c011489f..22d49362 100755 --- a/ci4/app/Controllers/Configuracion/Papelesgenericos.php +++ b/ci4/app/Controllers/Configuracion/Papelesgenericos.php @@ -28,6 +28,7 @@ class Papelesgenericos extends \App\Controllers\BaseResourceController protected $indexRoute = 'papelGenericoList'; + protected $deletePermission = 'papel-generico.delete'; public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger) diff --git a/ci4/app/Controllers/Configuracion/Papelesimpresion.php b/ci4/app/Controllers/Configuracion/Papelesimpresion.php index 5c478162..10522f37 100755 --- a/ci4/app/Controllers/Configuracion/Papelesimpresion.php +++ b/ci4/app/Controllers/Configuracion/Papelesimpresion.php @@ -52,6 +52,9 @@ class Papelesimpresion extends \App\Controllers\BaseResourceController protected static $viewPath = 'themes/vuexy/form/configuracion/papel/'; protected $indexRoute = 'papelImpresionList'; + + protected $deletePermission = 'papel-impresion.delete'; + protected Validation $validation; public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger) diff --git a/ci4/app/Controllers/Configuracion/SeriesFacturas.php b/ci4/app/Controllers/Configuracion/SeriesFacturas.php index 5920b7ff..9155c1f7 100755 --- a/ci4/app/Controllers/Configuracion/SeriesFacturas.php +++ b/ci4/app/Controllers/Configuracion/SeriesFacturas.php @@ -22,6 +22,8 @@ class SeriesFacturas extends BaseResourceController protected $indexRoute = 'seriesFacturasList'; + protected $deletePermission = 'series-facturas.delete'; + public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger) { diff --git a/ci4/app/Controllers/Configuracion/Ubicaciones.php b/ci4/app/Controllers/Configuracion/Ubicaciones.php index 26597ae1..1ea8575f 100755 --- a/ci4/app/Controllers/Configuracion/Ubicaciones.php +++ b/ci4/app/Controllers/Configuracion/Ubicaciones.php @@ -22,6 +22,8 @@ class Ubicaciones extends BaseResourceController protected $indexRoute = 'ubicacionesList'; + protected $deletePermission = 'ubicaciones.delete'; + public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger) { diff --git a/ci4/app/Controllers/Presupuestos/Buscador.php b/ci4/app/Controllers/Presupuestos/Buscador.php index 8fbf545b..6cfe1a13 100755 --- a/ci4/app/Controllers/Presupuestos/Buscador.php +++ b/ci4/app/Controllers/Presupuestos/Buscador.php @@ -36,6 +36,8 @@ class Buscador extends \App\Controllers\BaseResourceController protected $indexRoute = 'buscadorPresupuestosList'; + protected $deletePermission = 'presupuesto.delete'; + public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger) { diff --git a/ci4/app/Controllers/Tarifas/Acabados/ServiciosAcabado.php b/ci4/app/Controllers/Tarifas/Acabados/ServiciosAcabado.php index 340d9793..68fe53d0 100755 --- a/ci4/app/Controllers/Tarifas/Acabados/ServiciosAcabado.php +++ b/ci4/app/Controllers/Tarifas/Acabados/ServiciosAcabado.php @@ -25,6 +25,8 @@ class ServiciosAcabado extends BaseResourceController protected $indexRoute = 'serviciosAcabadoList'; + protected $deletePermission = 'tarifa-acabado.delete'; + public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger) { diff --git a/ci4/app/Controllers/Tarifas/Acabados/TarifaAcabados.php b/ci4/app/Controllers/Tarifas/Acabados/TarifaAcabados.php index a6e66616..5a90f6d7 100755 --- a/ci4/app/Controllers/Tarifas/Acabados/TarifaAcabados.php +++ b/ci4/app/Controllers/Tarifas/Acabados/TarifaAcabados.php @@ -28,6 +28,8 @@ class TarifaAcabados extends BaseResourceController protected $indexRoute = 'tarifaAcabadoList'; + protected $deletePermission = 'tarifa-acabado.delete'; + public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger) { diff --git a/ci4/app/Controllers/Tarifas/Tarifaextra.php b/ci4/app/Controllers/Tarifas/Tarifaextra.php index 049c07d6..317512c2 100755 --- a/ci4/app/Controllers/Tarifas/Tarifaextra.php +++ b/ci4/app/Controllers/Tarifas/Tarifaextra.php @@ -19,6 +19,8 @@ class Tarifaextra extends \App\Controllers\GoBaseController protected $indexRoute = 'tarifaextraList'; + protected $deletePermission = 'tarifa-extra.delete'; + public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger) { diff --git a/ci4/app/Controllers/Tarifas/Tarifapreimpresion.php b/ci4/app/Controllers/Tarifas/Tarifapreimpresion.php index 474d60f1..0d9a329d 100755 --- a/ci4/app/Controllers/Tarifas/Tarifapreimpresion.php +++ b/ci4/app/Controllers/Tarifas/Tarifapreimpresion.php @@ -19,6 +19,8 @@ class Tarifapreimpresion extends \App\Controllers\GoBaseController protected $indexRoute = 'tarifapreimpresionList'; + protected $deletePermission = 'tarifa-preimpresion.delete'; + public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger) { diff --git a/ci4/app/Controllers/Tarifas/Tarifasencuadernacion.php b/ci4/app/Controllers/Tarifas/Tarifasencuadernacion.php index 11d8b273..adf67cd7 100755 --- a/ci4/app/Controllers/Tarifas/Tarifasencuadernacion.php +++ b/ci4/app/Controllers/Tarifas/Tarifasencuadernacion.php @@ -32,6 +32,8 @@ class Tarifasencuadernacion extends \App\Controllers\BaseResourceController protected $indexRoute = 'tarifaEncuadernacionList'; + protected $deletePermission = 'tarifa-encuadernacion.delete'; + public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger) { diff --git a/ci4/app/Controllers/Tarifas/Tarifasmanipulado.php b/ci4/app/Controllers/Tarifas/Tarifasmanipulado.php index a55c900b..706ee32a 100755 --- a/ci4/app/Controllers/Tarifas/Tarifasmanipulado.php +++ b/ci4/app/Controllers/Tarifas/Tarifasmanipulado.php @@ -28,6 +28,8 @@ class Tarifasmanipulado extends \App\Controllers\BaseResourceController protected $indexRoute = 'tarifaManipuladoList'; + protected $deletePermission = 'tarifa-manipulado.delete'; + public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger) { diff --git a/ci4/app/Helpers/rbac_helper.php b/ci4/app/Helpers/rbac_helper.php index 5ab2808b..b14a32d0 100755 --- a/ci4/app/Helpers/rbac_helper.php +++ b/ci4/app/Helpers/rbac_helper.php @@ -123,7 +123,7 @@ if (!function_exists('checkPermission')) { $response = \Config\Services::response(); if (!auth()->user()->can($sectionPermission)) { - $session->setFlashdata('errorMessage', "No tiene permisos de acceso"); + $session->setFlashdata('errorMessage', lang('Basic.global.permissionDenied')); $route = $redirectRoute ?? 'home'; return $response->redirect(route_to($route)); diff --git a/ci4/app/Language/en/Basic.php b/ci4/app/Language/en/Basic.php index 4863c32d..c86c256a 100755 --- a/ci4/app/Language/en/Basic.php +++ b/ci4/app/Language/en/Basic.php @@ -90,6 +90,7 @@ return [ 'wait' => 'Wait', 'yes' => 'Yes', 'back' => 'Back', + 'permissionDenied' => 'You do not have permission for this action' ], diff --git a/ci4/app/Language/es/Basic.php b/ci4/app/Language/es/Basic.php index 3f1c5bf5..b32ec3fd 100755 --- a/ci4/app/Language/es/Basic.php +++ b/ci4/app/Language/es/Basic.php @@ -94,6 +94,7 @@ return [ 'yes' => 'Si', 'no' => 'No', 'back' => 'Volver', + 'permissionDenied' => 'No tiene permisos de acceso' ],