diff --git a/app-modules/application/src/Http/Middleware/EnsureOnlineAdmissionsFeatureIsActive.php b/app-modules/application/src/Http/Middleware/EnsureOnlineAdmissionsFeatureIsActive.php index f63c8708b0..c03917a13b 100644 --- a/app-modules/application/src/Http/Middleware/EnsureOnlineAdmissionsFeatureIsActive.php +++ b/app-modules/application/src/Http/Middleware/EnsureOnlineAdmissionsFeatureIsActive.php @@ -46,7 +46,7 @@ class EnsureOnlineAdmissionsFeatureIsActive public function handle(Request $request, Closure $next): Response { if (! app(LicenseSettings::class)->data->addons->onlineAdmissions) { - return response()->json(['error' => 'Online Admissions is not enabled.'], 403); + return response()->json(['error' => 'Online Admissions is not enabled.'], Response::HTTP_FORBIDDEN); } return $next($request); diff --git a/app-modules/form/routes/api.php b/app-modules/form/routes/api.php index e8bec86dbf..9f11985f73 100644 --- a/app-modules/form/routes/api.php +++ b/app-modules/form/routes/api.php @@ -35,10 +35,15 @@ */ use AdvisingApp\Form\Http\Controllers\FormWidgetController; +use AdvisingApp\Form\Http\Middleware\EnsureFormsFeatureIsActive; use AdvisingApp\Form\Http\Middleware\EnsureSubmissibleIsEmbeddableAndAuthorized; Route::prefix('api') - ->middleware(['api', EnsureSubmissibleIsEmbeddableAndAuthorized::class . ':form']) + ->middleware([ + 'api', + EnsureFormsFeatureIsActive::class, + EnsureSubmissibleIsEmbeddableAndAuthorized::class . ':form', + ]) ->group(function () { Route::prefix('forms') ->name('forms.') diff --git a/app-modules/form/routes/web.php b/app-modules/form/routes/web.php index 06365d5cf1..f847754519 100644 --- a/app-modules/form/routes/web.php +++ b/app-modules/form/routes/web.php @@ -35,10 +35,14 @@ */ use App\Livewire\RenderForm; +use AdvisingApp\Form\Http\Middleware\EnsureFormsFeatureIsActive; -Route::middleware('web') - ->prefix('forms') +Route::prefix('forms') ->name('forms.') + ->middleware([ + 'web', + EnsureFormsFeatureIsActive::class, + ]) ->group(function () { Route::get('/{form}/respond', RenderForm::class) ->name('show'); diff --git a/app-modules/form/src/Http/Middleware/EnsureFormsFeatureIsActive.php b/app-modules/form/src/Http/Middleware/EnsureFormsFeatureIsActive.php new file mode 100644 index 0000000000..962819d42e --- /dev/null +++ b/app-modules/form/src/Http/Middleware/EnsureFormsFeatureIsActive.php @@ -0,0 +1,58 @@ + + + Copyright © 2022-2023, Canyon GBS LLC. All rights reserved. + + Advising App™ is licensed under the Elastic License 2.0. For more details, + see https://github.com/canyongbs/advisingapp/blob/main/LICENSE. + + Notice: + + - You may not provide the software to third parties as a hosted or managed + service, where the service provides users with access to any substantial set of + the features or functionality of the software. + - You may not move, change, disable, or circumvent the license key functionality + in the software, and you may not remove or obscure any functionality in the + software that is protected by the license key. + - You may not alter, remove, or obscure any licensing, copyright, or other notices + of the licensor in the software. Any use of the licensor’s trademarks is subject + to applicable law. + - Canyon GBS LLC respects the intellectual property rights of others and expects the + same in return. Canyon GBS™ and Advising App™ are registered trademarks of + Canyon GBS LLC, and we are committed to enforcing and protecting our trademarks + vigorously. + - The software solution, including services, infrastructure, and code, is offered as a + Software as a Service (SaaS) by Canyon GBS LLC. + - Use of this software implies agreement to the license terms and conditions as stated + in the Elastic License 2.0. + + For more information or inquiries please visit our website at + https://www.canyongbs.com or contact us via email at legal@canyongbs.com. + + +*/ + +namespace AdvisingApp\Form\Http\Middleware; + +use Closure; +use Illuminate\Http\Request; +use App\Settings\LicenseSettings; +use Symfony\Component\HttpFoundation\Response; + +class EnsureFormsFeatureIsActive +{ + public function handle(Request $request, Closure $next): Response + { + if (! app(LicenseSettings::class)->data->addons->dynamicForms) { + if ($request->wantsJson() || $request->fullUrlIs('*/api/forms/*')) { + return response()->json(['error' => 'Dynamic Forms are not enabled.'], Response::HTTP_FORBIDDEN); + } + + abort(Response::HTTP_FORBIDDEN); + } + + return $next($request); + } +} diff --git a/app-modules/form/src/Policies/FormPolicy.php b/app-modules/form/src/Policies/FormPolicy.php index ff495734c5..d6d72f6300 100644 --- a/app-modules/form/src/Policies/FormPolicy.php +++ b/app-modules/form/src/Policies/FormPolicy.php @@ -36,12 +36,17 @@ namespace AdvisingApp\Form\Policies; +use App\Enums\Feature; use App\Models\Authenticatable; use AdvisingApp\Form\Models\Form; use Illuminate\Auth\Access\Response; +use App\Concerns\FeatureAccessEnforcedPolicyBefore; +use App\Policies\Contracts\FeatureAccessEnforcedPolicy; -class FormPolicy +class FormPolicy implements FeatureAccessEnforcedPolicy { + use FeatureAccessEnforcedPolicyBefore; + public function viewAny(Authenticatable $authenticatable): Response { return $authenticatable->canOrElse( @@ -97,4 +102,9 @@ public function forceDelete(Authenticatable $authenticatable, Form $form): Respo denyResponse: 'You do not have permission to permanently delete this form.' ); } + + protected function requiredFeatures(): array + { + return [Feature::DynamicForms]; + } }