#1008 If user role editor can't edit ads #297

2026-01-11 18:01:10 -06:00 · 2020-03-26 13:53:30 +03:00 · 2020-03-26 13:53:30 +03:00 · 94af6de8c1
commit 94af6de8c1
parent c3c63c1820
2 changed files with 3 additions and 3 deletions
--- a/addons/default/visiosoft/advs-module/resources/views/ad-detail/partials/dropleft-edit.twig
+++ b/addons/default/visiosoft/advs-module/resources/views/ad-detail/partials/dropleft-edit.twig
@ -1,4 +1,4 @@
-{% if app.auth.id == adv.created_by_id %}
+{% if auth_user().id == adv.created_by_id or auth_user().hasPermission('visiosoft.module.advs::advs.write') %}
    <div class="btn-group dropleft dropleft-edit position-fixed">
        <button type="button" class="btn btn-secondary dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
            {{ trans('visiosoft.module.advs::field.ad_actions') }}
--- a/addons/default/visiosoft/advs-module/src/Http/Controller/advsController.php
+++ b/addons/default/visiosoft/advs-module/src/Http/Controller/advsController.php
@ -642,8 +642,8 @@ class AdvsController extends PublicController
        $isActive = new AdvModel();
        $adv = $advRepository->getAdvArray($id);

-
-        if ($adv['created_by_id'] != Auth::id() && !Auth::user()->hasRole('admin')) {
+        if ($adv['created_by_id'] != auth()->id()
+            && !auth()->user()->hasPermission('visiosoft.module.advs::advs.write')) {
            abort(403);
        }
        $cats_d = array();