initial: bootstrap from BukidBountyApp base
This commit is contained in:
Jonathan Sykes
68
ai-docs/todo-completed/todo-1a2b3c4d5e6f.md
Normal file
68
ai-docs/todo-completed/todo-1a2b3c4d5e6f.md
Normal file
@@ -0,0 +1,68 @@
|
||||
# TODO: Add Backend Interception for Disabled Pages
|
||||
|
||||
## Problem Statement
|
||||
Pages disabled through the Ultimate Console are still accessible via direct URL `/p/{page}/s/{data}`. The `VueRouteMap` already has disabled page checks, but `viewHelperController` does not.
|
||||
|
||||
## Implementation Plan
|
||||
|
||||
### Step 1: Add Disabled Page Check to viewHelperController
|
||||
- **File:** `app/Http/Controllers/viewHelperController.php`
|
||||
- **Method:** `servePageFragmentUnified()`
|
||||
- **Changes:**
|
||||
- Add check for `disabled_pages` system setting at the start of the method
|
||||
- Retrieve disabled pages list using `SystemSetting::getValue('disabled_pages', [])`
|
||||
- Check if current page name is in the disabled list (case-insensitive)
|
||||
- If disabled and user is not Ultimate type, return redirect to `/` or 403 error
|
||||
- Allow Ultimate users to still access disabled pages (for fixing settings)
|
||||
|
||||
### Step 2: Add Helper Method for Disabled Page Checking
|
||||
- **File:** `app/Http/Controllers/viewHelperController.php`
|
||||
- **New Method:** `isPageDisabled(string $pageName): bool`
|
||||
- **Purpose:** Centralized logic to check if a page is disabled
|
||||
- **Logic:**
|
||||
- Get `disabled_pages` from SystemSetting
|
||||
- Compare page name case-insensitively
|
||||
- Return true if disabled, false otherwise
|
||||
|
||||
### Step 3: Add Helper Method for Access Permission
|
||||
- **File:** `app/Http/Controllers/viewHelperController.php`
|
||||
- **New Method:** `canAccessDisabledPage(): bool`
|
||||
- **Purpose:** Check if current user can access disabled pages
|
||||
- **Logic:**
|
||||
- Check if user is authenticated
|
||||
- Check if user has Ultimate account type
|
||||
- Return true only for Ultimate users
|
||||
|
||||
### Step 4: Update servePageFragmentUnified Method
|
||||
- **Location:** After user authentication check, before viewMap lookup
|
||||
- **Logic Flow:**
|
||||
1. Check if page is disabled using `isPageDisabled()`
|
||||
2. If disabled, check if user can access using `canAccessDisabledPage()`
|
||||
3. If user cannot access, return appropriate response:
|
||||
- Option A: Redirect to `/` (consistent with VueRouteMap)
|
||||
- Option B: Return 403 Forbidden with message
|
||||
4. If user can access (Ultimate), continue normal flow
|
||||
|
||||
### Step 5: Handle Edge Cases
|
||||
- Ensure case-insensitive matching for page names
|
||||
- Handle null/empty disabled_pages gracefully
|
||||
- Maintain backward compatibility with existing functionality
|
||||
- Ensure public pages are not affected by this check
|
||||
|
||||
### Step 6: Testing Considerations
|
||||
- Test with disabled page list containing various page names
|
||||
- Test with Ultimate user accessing disabled page
|
||||
- Test with non-Ultimate user accessing disabled page
|
||||
- Test with empty disabled_pages setting
|
||||
- Test with case variations in page names
|
||||
|
||||
## Files to Modify
|
||||
1. `app/Http/Controllers/viewHelperController.php` - Main changes
|
||||
|
||||
## Dependencies
|
||||
- `App\Models\SystemSetting` - For retrieving disabled_pages setting
|
||||
- `App\Enums\UserTypes` - For checking Ultimate user type
|
||||
- `Hypervel\Support\Facades\Auth` - For user authentication
|
||||
|
||||
## Expected Outcome
|
||||
After implementation, pages disabled in the Ultimate Console will be inaccessible via direct URL `/p/{page}/s/{data}` for non-Ultimate users, while Ultimate users retain access to fix settings.
|
||||
Reference in New Issue
Block a user