Cleaned up panel acl (alexjustesen#2375)

Co-authored-by: Alex Justesen <[email protected]>

Author: alexjustesen

app/Http/Middleware/PublicDashboard.php

@@ -4,6 +4,7 @@
 
 use Closure;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Gate;
 use Symfony\Component\HttpFoundation\Response;
 
 class PublicDashboard
@@ -15,7 +16,7 @@ class PublicDashboard
      */
     public function handle(Request $request, Closure $next): Response
     {
-        if (! config('speedtest.public_dashboard')) {
+        if (Gate::denies('view-dashboard')) {
             return redirect()->route('filament.admin.auth.login');
         }
 

app/Livewire/Topbar/RunSpeedtestAction.php

@@ -27,8 +27,7 @@ public function dashboardAction(): Action
             ->icon('heroicon-o-chart-bar')
             ->iconPosition(IconPosition::Before)
             ->color('gray')
-            ->hidden(fn (): bool => ! config('speedtest.public_dashboard'))
-            ->url(shouldOpenInNewTab: true, url: '/')
+            ->url(shouldOpenInNewTab: true, url: route('home'))
             ->extraAttributes([
                 'id' => 'dashboardAction',
             ]);

app/Models/User.php

@@ -36,6 +36,7 @@ class User extends Authenticatable implements FilamentUser
     protected $hidden = [
         'password',
         'remember_token',
+        'role',
     ];
 
     /**

app/Providers/AppServiceProvider.php

@@ -2,10 +2,13 @@
 
 namespace App\Providers;
 
+use App\Enums\UserRole;
+use App\Models\User;
 use Illuminate\Cache\RateLimiting\Limit;
 use Illuminate\Foundation\Console\AboutCommand;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Blade;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Support\Facades\RateLimiter;
 use Illuminate\Support\Facades\URL;
 use Illuminate\Support\ServiceProvider;
@@ -38,12 +41,10 @@ public function register(): void
     public function boot(): void
     {
         $this->defineCustomIfStatements();
+        $this->defineGates();
+        $this->forceHttps();
         $this->setApiRateLimit();
 
-        if (config('app.force_https')) {
-            URL::forceScheme('https');
-        }
-
         AboutCommand::add('Speedtest Tracker', fn () => [
             'Version' => config('speedtest.build_version'),
         ]);
@@ -71,6 +72,38 @@ protected function defineCustomIfStatements(): void
         });
     }
 
+    /**
+     * Define any application gates.
+     */
+    protected function defineGates(): void
+    {
+        Gate::define('access-admin-panel', function (User $user) {
+            return in_array($user->role, [UserRole::Admin, UserRole::User]);
+        });
+
+        Gate::define('view-dashboard', function (?User $user) {
+            if (config('speedtest.public_dashboard')) {
+                return true;
+            }
+
+            if ($user === null) {
+                return false;
+            }
+
+            return in_array($user->role, [UserRole::Admin, UserRole::User]);
+        });
+    }
+
+    /**
+     * Force https scheme in non-local environments.
+     */
+    protected function forceHttps(): void
+    {
+        if (! app()->environment('local') && config('app.force_https')) {
+            URL::forceScheme('https');
+        }
+    }
+
     protected function setApiRateLimit(): void
     {
         RateLimiter::for('api', function (Request $request) {