68 lines
3.1 KiB
Markdown
68 lines
3.1 KiB
Markdown
# TODO: Add Backend Interception for Disabled Pages
|
|
|
|
## Problem Statement
|
|
Pages disabled through the Ultimate Console are still accessible via direct URL `/p/{page}/s/{data}`. The `VueRouteMap` already has disabled page checks, but `viewHelperController` does not.
|
|
|
|
## Implementation Plan
|
|
|
|
### Step 1: Add Disabled Page Check to viewHelperController
|
|
- **File:** `app/Http/Controllers/viewHelperController.php`
|
|
- **Method:** `servePageFragmentUnified()`
|
|
- **Changes:**
|
|
- Add check for `disabled_pages` system setting at the start of the method
|
|
- Retrieve disabled pages list using `SystemSetting::getValue('disabled_pages', [])`
|
|
- Check if current page name is in the disabled list (case-insensitive)
|
|
- If disabled and user is not Ultimate type, return redirect to `/` or 403 error
|
|
- Allow Ultimate users to still access disabled pages (for fixing settings)
|
|
|
|
### Step 2: Add Helper Method for Disabled Page Checking
|
|
- **File:** `app/Http/Controllers/viewHelperController.php`
|
|
- **New Method:** `isPageDisabled(string $pageName): bool`
|
|
- **Purpose:** Centralized logic to check if a page is disabled
|
|
- **Logic:**
|
|
- Get `disabled_pages` from SystemSetting
|
|
- Compare page name case-insensitively
|
|
- Return true if disabled, false otherwise
|
|
|
|
### Step 3: Add Helper Method for Access Permission
|
|
- **File:** `app/Http/Controllers/viewHelperController.php`
|
|
- **New Method:** `canAccessDisabledPage(): bool`
|
|
- **Purpose:** Check if current user can access disabled pages
|
|
- **Logic:**
|
|
- Check if user is authenticated
|
|
- Check if user has Ultimate account type
|
|
- Return true only for Ultimate users
|
|
|
|
### Step 4: Update servePageFragmentUnified Method
|
|
- **Location:** After user authentication check, before viewMap lookup
|
|
- **Logic Flow:**
|
|
1. Check if page is disabled using `isPageDisabled()`
|
|
2. If disabled, check if user can access using `canAccessDisabledPage()`
|
|
3. If user cannot access, return appropriate response:
|
|
- Option A: Redirect to `/` (consistent with VueRouteMap)
|
|
- Option B: Return 403 Forbidden with message
|
|
4. If user can access (Ultimate), continue normal flow
|
|
|
|
### Step 5: Handle Edge Cases
|
|
- Ensure case-insensitive matching for page names
|
|
- Handle null/empty disabled_pages gracefully
|
|
- Maintain backward compatibility with existing functionality
|
|
- Ensure public pages are not affected by this check
|
|
|
|
### Step 6: Testing Considerations
|
|
- Test with disabled page list containing various page names
|
|
- Test with Ultimate user accessing disabled page
|
|
- Test with non-Ultimate user accessing disabled page
|
|
- Test with empty disabled_pages setting
|
|
- Test with case variations in page names
|
|
|
|
## Files to Modify
|
|
1. `app/Http/Controllers/viewHelperController.php` - Main changes
|
|
|
|
## Dependencies
|
|
- `App\Models\SystemSetting` - For retrieving disabled_pages setting
|
|
- `App\Enums\UserTypes` - For checking Ultimate user type
|
|
- `Hypervel\Support\Facades\Auth` - For user authentication
|
|
|
|
## Expected Outcome
|
|
After implementation, pages disabled in the Ultimate Console will be inaccessible via direct URL `/p/{page}/s/{data}` for non-Ultimate users, while Ultimate users retain access to fix settings. |