fix api security issues and update pages issue
This commit is contained in:
@@ -22,6 +22,7 @@ class DashboardRouteService
|
||||
];
|
||||
}
|
||||
|
||||
$currentRole = strtolower(trim((string) session('role', '')));
|
||||
$roles = $user->roles()
|
||||
->pluck('roles.name')
|
||||
->map(fn ($name) => strtolower((string) $name))
|
||||
@@ -40,7 +41,12 @@ class DashboardRouteService
|
||||
];
|
||||
}
|
||||
|
||||
$rows = Role::findByNamesOrSlugs($roles);
|
||||
$lookupRoles = $roles;
|
||||
if ($currentRole !== '' && in_array($currentRole, $roles, true)) {
|
||||
$lookupRoles = [$currentRole];
|
||||
}
|
||||
|
||||
$rows = Role::findByNamesOrSlugs($lookupRoles);
|
||||
|
||||
if (!empty($rows)) {
|
||||
$role = $rows[0];
|
||||
@@ -51,6 +57,7 @@ class DashboardRouteService
|
||||
'role' => $role->name ?? null,
|
||||
'role_slug' => $role->slug ?? null,
|
||||
'roles' => $roles,
|
||||
'current_role' => $currentRole !== '' ? $currentRole : null,
|
||||
];
|
||||
}
|
||||
|
||||
@@ -64,6 +71,7 @@ class DashboardRouteService
|
||||
'role' => null,
|
||||
'role_slug' => null,
|
||||
'roles' => $roles,
|
||||
'current_role' => $currentRole !== '' ? $currentRole : null,
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user