diff --git a/ProcessMaker/Providers/AuthServiceProvider.php b/ProcessMaker/Providers/AuthServiceProvider.php index 551233dc1e..ed40c1ecdf 100644 --- a/ProcessMaker/Providers/AuthServiceProvider.php +++ b/ProcessMaker/Providers/AuthServiceProvider.php @@ -135,13 +135,11 @@ private function checkAllowedEndpoints(array $projectIds, string $currentPath): { $allowedEndpoints = [ 'api', - 'script/', - 'designer/screens', - 'processes/', - 'designer/decision-tables', - 'designer/data-sources', ]; + $dataSourceClass = 'ProcessMaker\Packages\Connectors\DataSources\Models\DataSource'; + $decisionTableClass = 'ProcessMaker\Package\PackageDecisionEngine\Models\DecisionTable'; + // Get the assets associated with the user's projects $projectAssets = DB::table('project_assets') ->select('asset_id', 'asset_type') @@ -156,10 +154,20 @@ private function checkAllowedEndpoints(array $projectIds, string $currentPath): // Check asset types and push to $allowedEndpoints if ($assetType === Process::class) { - $allowedEndpoints[] = 'modeler/' . $assetId; + $allowedEndpoints[] = "modeler/{$assetId}"; } elseif ($assetType === Screen::class) { - $allowedEndpoints[] = 'designer/screen-builder/' . $assetId . '/edit'; + $allowedEndpoints[] = "designer/screen-builder/{$assetId}/edit"; + $allowedEndpoints[] = "designer/screens/{$assetId}/edit"; } elseif ($assetType === Script::class) { + $allowedEndpoints[] = "designer/scripts/{$assetId}/builder"; + $allowedEndpoints[] = "designer/scripts/{$assetId}/edit"; + } + + if (class_exists($dataSourceClass) && $assetType === $dataSourceClass) { + $allowedEndpoints[] = "designer/data-sources/{$assetId}/edit"; + } + if (class_exists($decisionTableClass) && $assetType === $decisionTableClass) { + $allowedEndpoints[] = "decision-tables/table-builder/{$assetId}/edit"; $allowedEndpoints[] = 'designer/scripts/' . $assetId . '/builder'; $allowedEndpoints[] = 'designer/scripts/' . $assetId . '/edit'; $allowedEndpoints[] = 'designer/scripts/preview';