mirror of
https://git.imnavajas.es/jjimenez/safekat.git
synced 2025-07-25 22:52:08 +00:00
Implementado control de permiso de borrado
This commit is contained in:
Ignacio Martinez Navajas
@ -77,6 +77,14 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr
|
||||
*/
|
||||
public $alertStyle = 'alerts';
|
||||
|
||||
/**
|
||||
* Permiso requerido para borrar. Si es false/null, no se valida.
|
||||
* Si es un string (nombre del permiso), se valida.
|
||||
*
|
||||
* @var string|false|null
|
||||
*/
|
||||
protected $deletePermission = false;
|
||||
|
||||
|
||||
/**
|
||||
* An array of helpers to be loaded automatically upon
|
||||
@ -222,6 +230,13 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr
|
||||
*/
|
||||
public function delete($id = null)
|
||||
{
|
||||
|
||||
// 🔒 Verificar permiso solo si está definido como string
|
||||
if (is_string($this->deletePermission) && !auth()->user()->can($this->deletePermission)) {
|
||||
$message = lang('Basic.global.permissionDenied'); // O el mensaje que uses
|
||||
return $this->failWithNewToken($message, 403); // Estilo coherente con tu clase
|
||||
}
|
||||
|
||||
if (!empty(static::$pluralObjectNameCc) && !empty(static::$singularObjectNameCc)) {
|
||||
$objName = mb_strtolower(lang(ucfirst(static::$pluralObjectNameCc) . '.' . static::$singularObjectNameCc));
|
||||
} else {
|
||||
@ -236,8 +251,10 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr
|
||||
} else {
|
||||
$datetime = (new \CodeIgniter\I18n\Time("now"));
|
||||
$rawResult = $this->model->where('id', $id)
|
||||
->set(['deleted_at' => $datetime->format('Y-m-d H:i:s'),
|
||||
'is_deleted' => $this->delete_flag])
|
||||
->set([
|
||||
'deleted_at' => $datetime->format('Y-m-d H:i:s'),
|
||||
'is_deleted' => $this->delete_flag
|
||||
])
|
||||
->update();
|
||||
if (!$rawResult) {
|
||||
return $this->failNotFound(lang('Basic.global.deleteError', [$objName]));
|
||||
@ -270,7 +287,8 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr
|
||||
}
|
||||
|
||||
if ($customValidationMessages == null) {
|
||||
$validationErrorMessages = $this->model->validationMessages ?? $this->formValidationErrorMessagess ?? null;;
|
||||
$validationErrorMessages = $this->model->validationMessages ?? $this->formValidationErrorMessagess ?? null;
|
||||
;
|
||||
} else {
|
||||
$validationErrorMessages = $customValidationMessages;
|
||||
}
|
||||
@ -366,12 +384,12 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr
|
||||
$queryStr = !is_null($query) ? $query->getQuery() : '';
|
||||
$dbError = $this->model->db->error();
|
||||
$userFriendlyErrMsg = lang('Basic.global.persistErr1', [static::$singularObjectNameCc]);
|
||||
if (isset($dbError['code']) && $dbError['code'] == 1062) :
|
||||
if (isset($dbError['code']) && $dbError['code'] == 1062):
|
||||
$userFriendlyErrMsg .= PHP_EOL . lang('Basic.global.persistDuplErr', [static::$singularObjectNameCc]);
|
||||
endif;
|
||||
// $userFriendlyErrMsg = str_replace("'", "\'", $userFriendlyErrMsg); // Uncomment if experiencing unescaped single quote errors
|
||||
log_message('error', $userFriendlyErrMsg . PHP_EOL . $e->getMessage() . PHP_EOL . $queryStr);
|
||||
if (isset($dbError['message']) && !empty($dbError['message'])) :
|
||||
if (isset($dbError['message']) && !empty($dbError['message'])):
|
||||
log_message('error', $dbError['code'] . ' : ' . $dbError['message']);
|
||||
endif;
|
||||
$this->viewData['errorMessage'] = $userFriendlyErrMsg;
|
||||
|
||||
@ -25,6 +25,7 @@ class Proveedores extends \App\Controllers\BaseResourceController {
|
||||
|
||||
protected $indexRoute = 'proveedorList';
|
||||
|
||||
protected $deletePermission = 'proveedores.delete';
|
||||
|
||||
|
||||
public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger) {
|
||||
|
||||
@ -26,6 +26,8 @@ class FormasPago extends \App\Controllers\BaseResourceController
|
||||
|
||||
protected $indexRoute = 'formaDePagoList';
|
||||
|
||||
protected $deletePermission = 'formas-pago.delete';
|
||||
|
||||
|
||||
public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger)
|
||||
{
|
||||
|
||||
@ -21,6 +21,8 @@ class Group extends \App\Controllers\GoBaseController
|
||||
|
||||
protected $indexRoute = 'userGroupList';
|
||||
|
||||
protected $deletePermission = 'roles-permisos.delete';
|
||||
|
||||
public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger)
|
||||
{
|
||||
self::$viewPath = getenv('theme.path') . 'form/group/';
|
||||
|
||||
@ -28,6 +28,7 @@ class Maquinas extends \App\Controllers\BaseResourceController
|
||||
protected static $viewPath = 'themes/vuexy/form/configuracion/maquinas/';
|
||||
|
||||
protected $indexRoute = 'maquinaList';
|
||||
|
||||
protected MaquinaService $maquinaService;
|
||||
protected Validation $validation;
|
||||
|
||||
|
||||
@ -28,6 +28,8 @@ class Maquinasdefecto extends \App\Controllers\BaseResourceController
|
||||
|
||||
protected $indexRoute = 'maquinaPorDefectoList';
|
||||
|
||||
protected $deletePermission = 'maquinas-defecto.delete';
|
||||
|
||||
|
||||
public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger)
|
||||
{
|
||||
|
||||
@ -29,6 +29,7 @@ class Paises extends \App\Controllers\BaseResourceController
|
||||
|
||||
protected $indexRoute = 'paisList';
|
||||
|
||||
protected $deletePermission = 'paises.delete';
|
||||
|
||||
public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger)
|
||||
{
|
||||
|
||||
@ -28,6 +28,7 @@ class Papelesgenericos extends \App\Controllers\BaseResourceController
|
||||
|
||||
protected $indexRoute = 'papelGenericoList';
|
||||
|
||||
protected $deletePermission = 'papel-generico.delete';
|
||||
|
||||
|
||||
public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger)
|
||||
|
||||
@ -52,6 +52,9 @@ class Papelesimpresion extends \App\Controllers\BaseResourceController
|
||||
protected static $viewPath = 'themes/vuexy/form/configuracion/papel/';
|
||||
|
||||
protected $indexRoute = 'papelImpresionList';
|
||||
|
||||
protected $deletePermission = 'papel-impresion.delete';
|
||||
|
||||
protected Validation $validation;
|
||||
|
||||
public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger)
|
||||
|
||||
@ -22,6 +22,8 @@ class SeriesFacturas extends BaseResourceController
|
||||
|
||||
protected $indexRoute = 'seriesFacturasList';
|
||||
|
||||
protected $deletePermission = 'series-facturas.delete';
|
||||
|
||||
|
||||
public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger)
|
||||
{
|
||||
|
||||
@ -22,6 +22,8 @@ class Ubicaciones extends BaseResourceController
|
||||
|
||||
protected $indexRoute = 'ubicacionesList';
|
||||
|
||||
protected $deletePermission = 'ubicaciones.delete';
|
||||
|
||||
|
||||
public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger)
|
||||
{
|
||||
|
||||
@ -36,6 +36,8 @@ class Buscador extends \App\Controllers\BaseResourceController
|
||||
|
||||
protected $indexRoute = 'buscadorPresupuestosList';
|
||||
|
||||
protected $deletePermission = 'presupuesto.delete';
|
||||
|
||||
|
||||
public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger)
|
||||
{
|
||||
|
||||
@ -25,6 +25,8 @@ class ServiciosAcabado extends BaseResourceController
|
||||
|
||||
protected $indexRoute = 'serviciosAcabadoList';
|
||||
|
||||
protected $deletePermission = 'tarifa-acabado.delete';
|
||||
|
||||
|
||||
public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger)
|
||||
{
|
||||
|
||||
@ -28,6 +28,8 @@ class TarifaAcabados extends BaseResourceController
|
||||
|
||||
protected $indexRoute = 'tarifaAcabadoList';
|
||||
|
||||
protected $deletePermission = 'tarifa-acabado.delete';
|
||||
|
||||
|
||||
public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger)
|
||||
{
|
||||
|
||||
@ -19,6 +19,8 @@ class Tarifaextra extends \App\Controllers\GoBaseController
|
||||
|
||||
protected $indexRoute = 'tarifaextraList';
|
||||
|
||||
protected $deletePermission = 'tarifa-extra.delete';
|
||||
|
||||
|
||||
public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger)
|
||||
{
|
||||
|
||||
@ -19,6 +19,8 @@ class Tarifapreimpresion extends \App\Controllers\GoBaseController
|
||||
|
||||
protected $indexRoute = 'tarifapreimpresionList';
|
||||
|
||||
protected $deletePermission = 'tarifa-preimpresion.delete';
|
||||
|
||||
|
||||
public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger)
|
||||
{
|
||||
|
||||
@ -32,6 +32,8 @@ class Tarifasencuadernacion extends \App\Controllers\BaseResourceController
|
||||
|
||||
protected $indexRoute = 'tarifaEncuadernacionList';
|
||||
|
||||
protected $deletePermission = 'tarifa-encuadernacion.delete';
|
||||
|
||||
|
||||
public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger)
|
||||
{
|
||||
|
||||
@ -28,6 +28,8 @@ class Tarifasmanipulado extends \App\Controllers\BaseResourceController
|
||||
|
||||
protected $indexRoute = 'tarifaManipuladoList';
|
||||
|
||||
protected $deletePermission = 'tarifa-manipulado.delete';
|
||||
|
||||
|
||||
public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger)
|
||||
{
|
||||
|
||||
@ -123,7 +123,7 @@ if (!function_exists('checkPermission')) {
|
||||
$response = \Config\Services::response();
|
||||
|
||||
if (!auth()->user()->can($sectionPermission)) {
|
||||
$session->setFlashdata('errorMessage', "No tiene permisos de acceso");
|
||||
$session->setFlashdata('errorMessage', lang('Basic.global.permissionDenied'));
|
||||
|
||||
$route = $redirectRoute ?? 'home';
|
||||
return $response->redirect(route_to($route));
|
||||
|
||||
@ -90,6 +90,7 @@ return [
|
||||
'wait' => 'Wait',
|
||||
'yes' => 'Yes',
|
||||
'back' => 'Back',
|
||||
'permissionDenied' => 'You do not have permission for this action'
|
||||
],
|
||||
|
||||
|
||||
|
||||
@ -94,6 +94,7 @@ return [
|
||||
'yes' => 'Si',
|
||||
'no' => 'No',
|
||||
'back' => 'Volver',
|
||||
'permissionDenied' => 'No tiene permisos de acceso'
|
||||
|
||||
],
|
||||
|
||||
|
||||
Reference in New Issue
Block a user