Normal users should not be able to access our Users and CRUD menu. This requires new config file to be published with new key.

ModestasV · ModestasV · commit 56f9f49f861b · 2015-12-07T17:29:19.000+02:00
diff --git a/src/Config/quickadmin.php b/src/Config/quickadmin.php
@@ -17,5 +17,7 @@
     'route'              => 'admin',
     // Default home route
     'homeRoute'          => 'admin',
+    // Default role to access users and CRUD
+    'defaultRole'        => 1
 
 ];
diff --git a/src/Traits/AdminPermissionsTrait.php b/src/Traits/AdminPermissionsTrait.php
@@ -10,9 +10,7 @@ public function permissionCan($request)
         if (is_null($request->route()->getName())) {
             return true;
         }
-
         list($role, $crud) = $this->parseData($request);
-
         if (in_array($role, explode(',', $crud->roles))) {
             return true;
         }
@@ -28,8 +26,17 @@ public function permissionCan($request)
     private function parseData($request)
     {
         $role     = $request->user()->role_id;
-        $crudName = explode('.', $request->route()->getName())[1];
-        $crud     = Crud::where('name', ucfirst($crudName))->firstOrFail();
+        $route    = explode('.', $request->route()->getName());
+        $official = [
+            'crud',
+            'users'
+        ];
+        if (in_array($route[0], $official)) {
+            return [$role, (object) ['roles' => config('quickadmin.defaultRole') . ',']];
+        } else {
+            $crudName = $route[1];
+        }
+        $crud = Crud::where('name', ucfirst($crudName))->firstOrFail();
 
         return [$role, $crud];
     }
diff --git a/src/routes.php b/src/routes.php
@@ -29,14 +29,28 @@
 ], function () {
     // Dashboard home page route
     Route::get(config('quickadmin.homeRoute'), 'QuickadminController@index');
-    Route::get(config('quickadmin.route') . '/crud', 'QuickadminCrudController@create');
-    Route::post(config('quickadmin.route') . '/crud', 'QuickadminCrudController@insert');
+    Route::group([
+        'middleware' => 'role'
+    ], function () {
+        Route::get(config('quickadmin.route') . '/crud', [
+            'as'   => 'crud',
+            'uses' => 'QuickadminCrudController@create'
+        ]);
+        Route::post(config('quickadmin.route') . '/crud', [
+            'as'   => 'crud',
+            'uses' => 'QuickadminCrudController@insert'
+        ]);
+    });
 });
 
 // @todo move to default routes.php
 Route::group(['namespace' => 'App\Http\Controllers'], function () {
     // Point to App\Http\Controllers\UsersController as a resource
-    resource('users', 'UsersController');
+    Route::group([
+        'middleware' => 'role'
+    ], function () {
+        resource('users', 'UsersController');
+    });
     // Authentication routes...
     Route::get('auth/login', 'Auth\AuthController@getLogin');
     Route::post('auth/login', 'Auth\AuthController@postLogin');
