fix(ticketing): restrict settings link to admins and protect global priorities

- Show 'Go to Settings' bootstrap link only for admin/super_admin users - Pass isSiteAdmin prop to Create.vue to control settings CTA visibility - Require site admin for updatePriority/destroyPriority when priority is global (group_id = null) - Closes: non-admin users seeing forbidden settings link; agents mutating global priorities
2026-04-09 14:32:19 -07:00
parent 45b019dad2
commit bce98c0d4b
7 changed files with 493 additions and 473 deletions
--- a/resources/js/Pages/Ticketing/MyTickets.vue
+++ b/resources/js/Pages/Ticketing/MyTickets.vue
@@ -1,46 +1,49 @@
 <template>
-  <div class="max-w-3xl mx-auto py-8 px-4">
-    <div class="mb-6 flex justify-between items-center">
-      <h1 class="text-2xl font-bold text-gray-900 dark:text-white">My Tickets</h1>
-      <Link :href="route('ticketing.create')" class="inline-flex items-center gap-1 bg-indigo-600 text-white text-sm px-4 py-2 rounded-lg hover:bg-indigo-700 transition">
-        + Submit Ticket
-      </Link>
-    </div>
-
-    <div class="bg-white dark:bg-gray-800 rounded-xl shadow-sm border border-gray-200 dark:border-gray-700 divide-y divide-gray-100 dark:divide-gray-700">
-      <div v-if="tickets.data.length === 0" class="p-8 text-center text-gray-400 text-sm">
-        You haven't submitted any tickets yet.
+  <AppLayout>
+    <div class="max-w-3xl mx-auto">
+      <div class="mb-6 flex justify-between items-center">
+        <h1 class="text-2xl font-bold text-gray-900">My Tickets</h1>
+        <Link :href="route('ticketing.create')" class="inline-flex items-center gap-1 bg-gray-900 text-white text-sm px-4 py-2 rounded-lg hover:bg-gray-700 transition">
+          + Submit Ticket
+        </Link>
      </div>
-      <Link
-        v-for="ticket in tickets.data"
-        :key="ticket.id"
-        :href="route('ticketing.show', { ticket: ticket.id })"
-        class="flex items-start gap-3 px-4 py-3 hover:bg-gray-50 dark:hover:bg-gray-700 transition"
-      >
-        <span
-          class="inline-block text-xs font-mono font-semibold px-2 py-1 rounded text-white flex-shrink-0 mt-0.5"
-          :style="{ backgroundColor: ticket.group?.color || '#6366f1' }"
-        >{{ ticket.number }}</span>
-        <div class="flex-1 min-w-0">
-          <p class="text-sm font-medium text-gray-800 dark:text-gray-100 truncate">{{ ticket.title }}</p>
-          <p class="text-xs text-gray-400 mt-0.5">{{ ticket.group?.name }} · {{ timeAgo(ticket.created_at) }}</p>
-        </div>
-        <span :class="statusClass(ticket.status)" class="text-xs px-2 py-0.5 rounded-full font-medium flex-shrink-0">
-          {{ statusLabel(ticket.status) }}
-        </span>
-      </Link>
-    </div>

-    <!-- Pagination -->
-    <div v-if="tickets.last_page > 1" class="mt-4 flex justify-center gap-4 text-sm">
-      <Link v-if="tickets.prev_page_url" :href="tickets.prev_page_url" class="text-indigo-600 hover:underline">← Previous</Link>
-      <span class="text-gray-500">{{ tickets.current_page }} / {{ tickets.last_page }}</span>
-      <Link v-if="tickets.next_page_url" :href="tickets.next_page_url" class="text-indigo-600 hover:underline">Next →</Link>
+      <div class="bg-white rounded-xl shadow-sm border border-gray-200 divide-y divide-gray-100">
+        <div v-if="tickets.data.length === 0" class="p-8 text-center text-gray-400 text-sm">
+          You haven't submitted any tickets yet.
+        </div>
+        <Link
+          v-for="ticket in tickets.data"
+          :key="ticket.id"
+          :href="route('ticketing.show', { ticket: ticket.id })"
+          class="flex items-start gap-3 px-4 py-3 hover:bg-gray-50 transition"
+        >
+          <span
+            class="inline-block text-xs font-mono font-semibold px-2 py-1 rounded text-white flex-shrink-0 mt-0.5"
+            :style="{ backgroundColor: ticket.group?.color || '#6366f1' }"
+          >{{ ticket.number }}</span>
+          <div class="flex-1 min-w-0">
+            <p class="text-sm font-medium text-gray-800 truncate">{{ ticket.title }}</p>
+            <p class="text-xs text-gray-400 mt-0.5">{{ ticket.group?.name }} · {{ timeAgo(ticket.created_at) }}</p>
+          </div>
+          <span :class="statusClass(ticket.status)" class="text-xs px-2 py-0.5 rounded-full font-medium flex-shrink-0">
+            {{ statusLabel(ticket.status) }}
+          </span>
+        </Link>
+      </div>
+
+      <!-- Pagination -->
+      <div v-if="tickets.last_page > 1" class="mt-4 flex justify-center gap-4 text-sm">
+        <Link v-if="tickets.prev_page_url" :href="tickets.prev_page_url" class="text-indigo-600 hover:underline">← Previous</Link>
+        <span class="text-gray-500">{{ tickets.current_page }} / {{ tickets.last_page }}</span>
+        <Link v-if="tickets.next_page_url" :href="tickets.next_page_url" class="text-indigo-600 hover:underline">Next →</Link>
+      </div>
    </div>
-  </div>
+  </AppLayout>
 </template>

 <script setup>
+import AppLayout from '@/Layouts/AppLayout.vue'
 import { Link } from '@inertiajs/vue3'

 defineProps({ tickets: Object })
@@ -52,7 +55,7 @@ function statusLabel(status) {

 function statusClass(status) {
  const map = {
-    open: 'bg-blue-100 text-blue-700 dark:bg-blue-900 dark:text-blue-200',
+    open: 'bg-blue-100 text-blue-700',
    in_progress: 'bg-purple-100 text-purple-700',
    pending: 'bg-yellow-100 text-yellow-700',
    resolved: 'bg-green-100 text-green-700',