diff --git a/ProcessMaker/Http/Middleware/GenerateMenus.php b/ProcessMaker/Http/Middleware/GenerateMenus.php index cebb3afd04..d98f4affe8 100644 --- a/ProcessMaker/Http/Middleware/GenerateMenus.php +++ b/ProcessMaker/Http/Middleware/GenerateMenus.php @@ -5,6 +5,7 @@ use Closure; use Illuminate\Http\Request; use Lavary\Menu\Facade as Menu; +use ProcessMaker\Models\Permission; use ProcessMaker\Models\Setting; class GenerateMenus @@ -282,24 +283,18 @@ public function handle(Request $request, Closure $next) return $next($request); } - private function userHasPermission($permission) + public static function userHasPermission($permission) { $user = \Auth::user(); - if (!$user) { - return false; + if (!$user || !$user->is_administrator) { + return $user && $user->can($permission) && $user->hasPermission($permission); } - if ($user->is_administrator) { - return true; - } - - // Fetch the user's permissions and check if the user has the specific permission $userPermissions = $user->permissions->pluck('group')->unique()->toArray(); - if ($user->can($permission) && count($userPermissions) === 1 && $userPermissions[0] === 'Projects') { - return false; // Deny UI access if the user has only the 'Projects' permission - } + $defaultPermissions = Permission::DEFAULT_PERMISSIONS; + $userWithDefaultPermissions = empty(array_diff($userPermissions, $defaultPermissions)); - return $user->can($permission); + return !($user->can($permission) && count($userPermissions) === 2 && $userWithDefaultPermissions); } } diff --git a/ProcessMaker/Models/Permission.php b/ProcessMaker/Models/Permission.php index 04a58ab5a4..64377474d7 100644 --- a/ProcessMaker/Models/Permission.php +++ b/ProcessMaker/Models/Permission.php @@ -15,6 +15,8 @@ class Permission extends ProcessMakerModel 'group', ]; + const DEFAULT_PERMISSIONS = ['Projects', 'Process Catalog']; + public function getResourceTitleAttribute() { $match = preg_match('/(.+)-(.+)/', $this->name, $matches);