fix(ticketing): restrict settings link to admins and protect global priorities

- Show 'Go to Settings' bootstrap link only for admin/super_admin users - Pass isSiteAdmin prop to Create.vue to control settings CTA visibility - Require site admin for updatePriority/destroyPriority when priority is global (group_id = null) - Closes: non-admin users seeing forbidden settings link; agents mutating global priorities
2026-04-09 14:32:19 -07:00
parent 45b019dad2
commit bce98c0d4b
7 changed files with 493 additions and 473 deletions
--- a/resources/js/Pages/Ticketing/Edit.vue
+++ b/resources/js/Pages/Ticketing/Edit.vue
@@ -1,90 +1,93 @@
 <template>
-  <div class="max-w-2xl mx-auto py-8 px-4">
-    <div class="mb-6">
-      <Link :href="route('ticketing.show', { ticket: ticket.id })" class="text-sm text-indigo-600 hover:underline">← Back to ticket</Link>
-      <h1 class="text-xl font-bold text-gray-900 dark:text-white mt-2">
-        Edit <span class="font-mono text-base">{{ ticket.number }}</span>
-      </h1>
+  <AppLayout>
+    <div class="max-w-2xl mx-auto">
+      <div class="mb-6">
+        <Link :href="route('ticketing.show', { ticket: ticket.id })" class="text-sm text-indigo-600 hover:underline">← Back to ticket</Link>
+        <h1 class="text-xl font-bold text-gray-900 mt-2">
+          Edit <span class="font-mono text-base">{{ ticket.number }}</span>
+        </h1>
+      </div>
+
+      <form @submit.prevent="submit" class="bg-white rounded-xl shadow-sm border border-gray-200 p-6 space-y-5">
+        <!-- Title -->
+        <div>
+          <label class="block text-sm font-medium text-gray-700 mb-1">Title</label>
+          <input v-model="form.title" type="text" required class="w-full border-gray-300 rounded-lg text-sm" />
+          <p v-if="form.errors.title" class="text-xs text-red-600 mt-1">{{ form.errors.title }}</p>
+        </div>
+
+        <!-- Description -->
+        <div>
+          <label class="block text-sm font-medium text-gray-700 mb-1">Description</label>
+          <textarea v-model="form.description" rows="6" required class="w-full border-gray-300 rounded-lg text-sm"></textarea>
+          <p v-if="form.errors.description" class="text-xs text-red-600 mt-1">{{ form.errors.description }}</p>
+        </div>
+
+        <!-- Status -->
+        <div>
+          <label class="block text-sm font-medium text-gray-700 mb-1">Status</label>
+          <select v-model="form.status" class="w-full border-gray-300 rounded-lg text-sm">
+            <option value="open">Open</option>
+            <option value="in_progress">In Progress</option>
+            <option value="pending">Pending</option>
+            <option value="resolved">Resolved</option>
+            <option value="closed">Closed</option>
+          </select>
+        </div>
+
+        <!-- Priority -->
+        <div>
+          <label class="block text-sm font-medium text-gray-700 mb-1">Priority</label>
+          <select v-model="form.priority_id" class="w-full border-gray-300 rounded-lg text-sm">
+            <option :value="null">No priority</option>
+            <option v-for="p in priorities" :key="p.id" :value="p.id">{{ p.name }}</option>
+          </select>
+        </div>
+
+        <!-- Assignee -->
+        <div>
+          <label class="block text-sm font-medium text-gray-700 mb-1">Assignee</label>
+          <select v-model="form.assigned_to" class="w-full border-gray-300 rounded-lg text-sm">
+            <option :value="null">Unassigned</option>
+            <option v-for="a in agents" :key="a.id" :value="a.id">{{ a.name }}</option>
+          </select>
+        </div>
+
+        <!-- Project -->
+        <div>
+          <label class="block text-sm font-medium text-gray-700 mb-1">Project</label>
+          <select v-model="form.project_id" class="w-full border-gray-300 rounded-lg text-sm">
+            <option :value="null">No project</option>
+            <option v-for="proj in projects" :key="proj.id" :value="proj.id">{{ proj.name }}</option>
+          </select>
+        </div>
+
+        <!-- Due Date -->
+        <div>
+          <label class="block text-sm font-medium text-gray-700 mb-1">Due Date</label>
+          <input v-model="form.due_date" type="date" class="w-full border-gray-300 rounded-lg text-sm" />
+        </div>
+
+        <div class="flex gap-3 justify-end pt-2">
+          <Link
+            :href="route('ticketing.show', { ticket: ticket.id })"
+            class="px-4 py-2 text-sm text-gray-600 border border-gray-300 rounded-lg hover:bg-gray-50"
+          >Cancel</Link>
+          <button
+            type="submit"
+            :disabled="form.processing"
+            class="px-5 py-2 bg-gray-900 text-white text-sm font-medium rounded-lg hover:bg-gray-700 disabled:opacity-60 transition"
+          >
+            {{ form.processing ? 'Saving…' : 'Save Changes' }}
+          </button>
+        </div>
+      </form>
    </div>
-
-    <form @submit.prevent="submit" class="bg-white dark:bg-gray-800 rounded-xl shadow-sm border border-gray-200 dark:border-gray-700 p-6 space-y-5">
-      <!-- Title -->
-      <div>
-        <label class="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">Title</label>
-        <input v-model="form.title" type="text" required class="w-full border-gray-300 dark:border-gray-600 dark:bg-gray-700 dark:text-white rounded-lg text-sm" />
-        <p v-if="form.errors.title" class="text-xs text-red-600 mt-1">{{ form.errors.title }}</p>
-      </div>
-
-      <!-- Description -->
-      <div>
-        <label class="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">Description</label>
-        <textarea v-model="form.description" rows="6" required class="w-full border-gray-300 dark:border-gray-600 dark:bg-gray-700 dark:text-white rounded-lg text-sm"></textarea>
-        <p v-if="form.errors.description" class="text-xs text-red-600 mt-1">{{ form.errors.description }}</p>
-      </div>
-
-      <!-- Status -->
-      <div>
-        <label class="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">Status</label>
-        <select v-model="form.status" class="w-full border-gray-300 dark:border-gray-600 dark:bg-gray-700 dark:text-white rounded-lg text-sm">
-          <option value="open">Open</option>
-          <option value="in_progress">In Progress</option>
-          <option value="pending">Pending</option>
-          <option value="resolved">Resolved</option>
-          <option value="closed">Closed</option>
-        </select>
-      </div>
-
-      <!-- Priority -->
-      <div>
-        <label class="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">Priority</label>
-        <select v-model="form.priority_id" class="w-full border-gray-300 dark:border-gray-600 dark:bg-gray-700 dark:text-white rounded-lg text-sm">
-          <option :value="null">No priority</option>
-          <option v-for="p in priorities" :key="p.id" :value="p.id">{{ p.name }}</option>
-        </select>
-      </div>
-
-      <!-- Assignee -->
-      <div>
-        <label class="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">Assignee</label>
-        <select v-model="form.assigned_to" class="w-full border-gray-300 dark:border-gray-600 dark:bg-gray-700 dark:text-white rounded-lg text-sm">
-          <option :value="null">Unassigned</option>
-          <option v-for="a in agents" :key="a.id" :value="a.id">{{ a.name }}</option>
-        </select>
-      </div>
-
-      <!-- Project -->
-      <div>
-        <label class="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">Project</label>
-        <select v-model="form.project_id" class="w-full border-gray-300 dark:border-gray-600 dark:bg-gray-700 dark:text-white rounded-lg text-sm">
-          <option :value="null">No project</option>
-          <option v-for="proj in projects" :key="proj.id" :value="proj.id">{{ proj.name }}</option>
-        </select>
-      </div>
-
-      <!-- Due Date -->
-      <div>
-        <label class="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">Due Date</label>
-        <input v-model="form.due_date" type="date" class="w-full border-gray-300 dark:border-gray-600 dark:bg-gray-700 dark:text-white rounded-lg text-sm" />
-      </div>
-
-      <div class="flex gap-3 justify-end pt-2">
-        <Link
-          :href="route('ticketing.show', { ticket: ticket.id })"
-          class="px-4 py-2 text-sm text-gray-600 dark:text-gray-300 border border-gray-300 dark:border-gray-600 rounded-lg hover:bg-gray-50 dark:hover:bg-gray-700"
-        >Cancel</Link>
-        <button
-          type="submit"
-          :disabled="form.processing"
-          class="px-5 py-2 bg-indigo-600 text-white text-sm font-medium rounded-lg hover:bg-indigo-700 disabled:opacity-60 transition"
-        >
-          {{ form.processing ? 'Saving…' : 'Save Changes' }}
-        </button>
-      </div>
-    </form>
-  </div>
+  </AppLayout>
 </template>

 <script setup>
+import AppLayout from '@/Layouts/AppLayout.vue'
 import { Link, useForm } from '@inertiajs/vue3'

 const props = defineProps({