From f4f8e9fa94f7089c3d1c03bd724ade5afc798a47 Mon Sep 17 00:00:00 2001
From: Deon George <deon@dege.au>
Date: Wed, 16 Oct 2024 08:44:46 +1100
Subject: [PATCH] Fix some user permissions, when viewing netmails and other
 systems

---
 app/Policies/NetmailPolicy.php                | 11 +++-----
 .../views/system/widget/system.blade.php      | 26 ++++++++++---------
 2 files changed, 18 insertions(+), 19 deletions(-)

diff --git a/app/Policies/NetmailPolicy.php b/app/Policies/NetmailPolicy.php
index d4dae03..2745f58 100644
--- a/app/Policies/NetmailPolicy.php
+++ b/app/Policies/NetmailPolicy.php
@@ -19,17 +19,14 @@ class NetmailPolicy
 	 */
 	public function view(User $user, Netmail $o): bool
 	{
-		$zones = $user->zc()->pluck('zone')
-			//->merge($user->rc()->pluck('zone'))
-			//->merge($user->nc()->pluck('zone'))
-			//->merge($user->hub()->pluck('zone'))
-			->merge($user->points()->pluck('zone'));
+		$addresses = $user->addresses()->pluck('id');
 
 		// Site Admins can always view
 		return (
 			$user->isAdmin()
-			|| ($zones->contains($o->fftn->zone))
-			|| ($zones->contains($o->tftn->zone))
+			|| $user->isZC()
+			|| ($addresses->contains($o->fftn_id))
+			|| ($addresses->contains($o->tftn_id))
 		);
 	}
 }
\ No newline at end of file
diff --git a/resources/views/system/widget/system.blade.php b/resources/views/system/widget/system.blade.php
index 9834c79..599914b 100644
--- a/resources/views/system/widget/system.blade.php
+++ b/resources/views/system/widget/system.blade.php
@@ -159,7 +159,7 @@ use App\Models\{Mailer,User};
 										<span class="input-group-text"><i class="bi bi-modem-fill"></i></span>
 										<input type="text" class="form-control text-end @error('mailer_details.'.$mo->id.'.port') is-invalid @enderror" id="mailer_port_{{ $mo->id }}" placeholder="Port" name="mailer_details[{{ $mo->id }}][port]" value="{{ old('mailer_details.'.$mo->id.'.port',$x?->pivot->port) }}" @cannot($action,$o)readonly @endcannot>
 										<div class="input-group-text">
-											<input type="checkbox" class="form-control-input" name="mailer_details[{{ $mo->id }}][active]" value="1" title="Active" @if(old('mailer_details.'.$mo->id.'.active',$x?->pivot->active))checked @endif>
+											<input type="checkbox" class="form-control-input" name="mailer_details[{{ $mo->id }}][active]" value="1" title="Active" @if(old('mailer_details.'.$mo->id.'.active',$x?->pivot->active))checked @endif @cannot($action,$o)disabled @endcannot>
 										</div>
 										<span class="invalid-feedback" role="alert">
 											@error('mailer_details.'.$mo->id.'.port')
@@ -177,7 +177,7 @@ use App\Models\{Mailer,User};
 						<label for="pkt_type" class="form-label">Mail Packet</label>
 						<div class="input-group">
 							<span class="input-group-text"><i class="bi bi-ui-radios"></i></span>
-							<select class="form-select @error('pkt_type') is-invalid @enderror" id="pkt_type" name="pkt_type" @cannot($action,$o)readonly @endcannot>
+							<select class="form-select @error('pkt_type') is-invalid @enderror" id="pkt_type" name="pkt_type" @cannot($action,$o)disabled @endcannot>
 								@foreach (Packet::PACKET_TYPES as $type => $class)
 									<option value="{{ $type }}" @if(old('pkt_type',$o->pkt_type ?: config('fido.packet_default')) === $type)selected @endif>{{ $type }}</option>
 								@endforeach
@@ -217,7 +217,7 @@ use App\Models\{Mailer,User};
 						<label for="method" class="form-label">Connection Method</label>
 						<div class="input-group">
 							<span class="input-group-text"><i class="bi bi-wifi"></i></span>
-							<select class="form-select @error('method') is-invalid @enderror" id="method" name="method" @cannot($action,$o)readonly @endcannot>
+							<select class="form-select @error('method') is-invalid @enderror" id="method" name="method" @cannot($action,$o)disabled @endcannot>
 								<option></option>
 								<option value="23" @if(old('method',$o->method) == 23)selected @endif>Telnet</option>
 								<option value="22" @if(old('method',$o->method) == 22)selected @endif>SSH</option>
@@ -303,15 +303,15 @@ use App\Models\{Mailer,User};
 		<div class="row">
 			<div class="col-12">
 				<div class="row p-0">
-					<div class="col-6">
-						<label for="autohold" class="form-label">Auto Hold</label>
-						<div class="input-group">
-							<button id="autohold" @class(['btn','btn-warning'=>$o->autohold,'btn-outline-success'=>(! $o->autohold)])><i @class(['bi-toggle-on'=>$o->autohold,'bi-toggle-off'=>(! $o->autohold)])></i></button>
-						</div>
-					</div>
-
-					<!-- @todo This is only relevant for uplinks, so hide it if this system isnt an uplink -->
 					@can('admin',$o)
+						<div class="col-6">
+							<label for="autohold" class="form-label">Auto Hold</label>
+							<div class="input-group">
+								<button id="autohold" @class(['btn','btn-warning'=>$o->autohold,'btn-outline-success'=>(! $o->autohold)])><i @class(['bi-toggle-on'=>$o->autohold,'bi-toggle-off'=>(! $o->autohold)])></i></button>
+							</div>
+						</div>
+
+						<!-- @todo This is only relevant for uplinks, so hide it if this system isnt an uplink -->
 						<div class="col-6 @if((old('pollmode') === "0") || is_null($o->pollmode))d-none @endif" id="heartbeat_option">
 							<label for="heartbeat" class="form-label">Heartbeat <i class="bi bi-info-circle" title="Attempt contact after last seen"></i></label>
 							<div class="input-group has-validation">
@@ -438,7 +438,9 @@ use App\Models\{Mailer,User};
 			@else
 				<input type="hidden" name="system_id" value="{{ $o->id }}">
 				<span><small><strong>NOTE:</strong> You'll be able to update these details after registration is completed.</small></span>
-				<button type="submit" class="btn btn-success float-end" name="submit" value="register">Register</button>
+				{{--
+					<button type="submit" class="btn btn-success float-end" name="submit" value="register">Register</button>
+				--}}
 			@endcan
 		@else
 			<button type="submit" class="btn btn-success float-end" name="submit" value="create">Register</button>