Cleaned up admin and mod authorization on routes and added UserPolicy
This commit is contained in:
parent
66bf4390a1
commit
1233f02d40
13 changed files with 116 additions and 53 deletions
app
Http
Controllers
AdminController.phpAdministrativeTestController.phpAdministrativeUserController.phpModeratorController.php
Kernel.phpMiddleware
Policies
Providers
User.phpresources/views/errors
routes
|
@ -13,7 +13,7 @@ class AdminController extends Controller
|
|||
{
|
||||
public function __construct()
|
||||
{
|
||||
$this->middleware(['auth', 'is.admin']);
|
||||
$this->middleware('auth');
|
||||
}
|
||||
|
||||
public function index()
|
||||
|
|
|
@ -16,7 +16,7 @@ class AdministrativeTestController extends Controller
|
|||
{
|
||||
public function __construct()
|
||||
{
|
||||
$this->middleware(['auth', 'is.admin.mod']);
|
||||
$this->middleware('auth');
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -13,7 +13,7 @@ class AdministrativeUserController extends Controller
|
|||
{
|
||||
public function __construct()
|
||||
{
|
||||
$this->middleware(['auth', 'is.admin.mod']);
|
||||
$this->middleware('auth');
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -23,11 +23,15 @@ class AdministrativeUserController extends Controller
|
|||
*/
|
||||
public function confirmDeleteUser(User $user)
|
||||
{
|
||||
$this->authorize('delete', $user);
|
||||
|
||||
return view('users.delete', compact('user'));
|
||||
}
|
||||
|
||||
public function deleteUser(User $user)
|
||||
{
|
||||
$this->authorize('delete', $user);
|
||||
|
||||
$user->deleteUser();
|
||||
return redirect('/admin/users');
|
||||
}
|
||||
|
@ -40,6 +44,8 @@ class AdministrativeUserController extends Controller
|
|||
*/
|
||||
public function newUser()
|
||||
{
|
||||
$this->authorize('create', User::class);
|
||||
|
||||
if (Auth::user()->isAdministrator()) {
|
||||
$groups = Group::all();
|
||||
return view('users.new', compact('groups'));
|
||||
|
@ -47,7 +53,6 @@ class AdministrativeUserController extends Controller
|
|||
return view('users.new');
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
* Function for adding a user.
|
||||
|
@ -55,6 +60,8 @@ class AdministrativeUserController extends Controller
|
|||
*/
|
||||
public function addUser(StoreUser $request)
|
||||
{
|
||||
$this->authorize('create', User::class);
|
||||
|
||||
$user = new User;
|
||||
$user->addUser($request->all());
|
||||
return redirect('/admin/users');
|
||||
|
@ -67,6 +74,8 @@ class AdministrativeUserController extends Controller
|
|||
*/
|
||||
public function editUser(User $user)
|
||||
{
|
||||
$this->authorize('edit', $user);
|
||||
|
||||
if (Auth::user()->isAdministrator()) {
|
||||
$groups = Group::all();
|
||||
return view("users.edit", compact("groups", "user"));
|
||||
|
@ -76,6 +85,8 @@ class AdministrativeUserController extends Controller
|
|||
|
||||
public function updateUser(User $user, StoreUser $request)
|
||||
{
|
||||
$this->authorize('edit', $user);
|
||||
|
||||
$user->updateUser($request->all());
|
||||
return redirect("/admin/users/group/$user->group_id");
|
||||
}
|
||||
|
|
|
@ -10,7 +10,7 @@ class ModeratorController extends Controller
|
|||
{
|
||||
public function __construct()
|
||||
{
|
||||
$this->middleware(['auth', 'is.mod']);
|
||||
$this->middleware('auth');
|
||||
}
|
||||
|
||||
public function index()
|
||||
|
|
|
@ -52,7 +52,6 @@ class Kernel extends HttpKernel
|
|||
'can' => \Illuminate\Auth\Middleware\Authorize::class,
|
||||
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
|
||||
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
|
||||
'is.admin.mod' => \App\Http\Middleware\IsAdminOrMod::class,
|
||||
'is.admin' => \App\Http\Middleware\IsAdministrator::class,
|
||||
'is.mod' => \App\Http\Middleware\IsModerator::class,
|
||||
];
|
||||
|
|
|
@ -1,24 +0,0 @@
|
|||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
|
||||
class IsAdminOrMod
|
||||
{
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Closure $next
|
||||
* @return mixed
|
||||
*/
|
||||
public function handle($request, Closure $next)
|
||||
{
|
||||
if (Auth::user()->isAdministrator() || Auth::user()->isModerator()) {
|
||||
return $next($request);
|
||||
}
|
||||
return redirect("/home");
|
||||
}
|
||||
}
|
|
@ -3,6 +3,7 @@
|
|||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
|
||||
class IsAdministrator
|
||||
{
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
|
||||
class IsModerator
|
||||
{
|
||||
|
|
45
app/Policies/UserPolicy.php
Normal file
45
app/Policies/UserPolicy.php
Normal file
|
@ -0,0 +1,45 @@
|
|||
<?php
|
||||
|
||||
namespace App\Policies;
|
||||
|
||||
use App\User;
|
||||
use Illuminate\Auth\Access\HandlesAuthorization;
|
||||
|
||||
class UserPolicy
|
||||
{
|
||||
use HandlesAuthorization;
|
||||
|
||||
/**
|
||||
* Create a new policy instance.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function __construct()
|
||||
{
|
||||
//
|
||||
}
|
||||
|
||||
public function create(User $user)
|
||||
{
|
||||
if ($user->isAdministrator() || $user->isModerator()) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public function update(User $user, User $user2)
|
||||
{
|
||||
if ($user->isAdministrator() || $user->isModerator() AND $user->group_id === $user2->group_id) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public function delete(User $user, User $user2)
|
||||
{
|
||||
if ($user->isAdministrator() || $user->isModerator() AND $user->group_id === $user2->group_id || $user === $user2) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}
|
|
@ -14,6 +14,7 @@ class AuthServiceProvider extends ServiceProvider
|
|||
*/
|
||||
protected $policies = [
|
||||
'App\Model' => 'App\Policies\ModelPolicy',
|
||||
'App\User' => 'App\Policies\UserPolicy',
|
||||
];
|
||||
|
||||
/**
|
||||
|
|
22
app/User.php
22
app/User.php
|
@ -111,28 +111,12 @@ class User extends Authenticatable
|
|||
|
||||
/**
|
||||
*
|
||||
* Function for deleting user. Checks if it is the user itself,
|
||||
* a moderator in the same group or an administrator.
|
||||
* If this is not case, the user will not be deleted.
|
||||
* Function for deleting user.
|
||||
*
|
||||
*/
|
||||
public function deleteUser()
|
||||
{
|
||||
if ($this->id == Auth::user()->id) {
|
||||
$this->delete();
|
||||
return true;
|
||||
}
|
||||
|
||||
if (Auth::user()->group_id == $this->group_id && Auth::user()->isModerator) {
|
||||
$this->delete();
|
||||
return true;
|
||||
}
|
||||
|
||||
if (Auth::user()->isAdministrator()) {
|
||||
$this->delete();
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
$this->delete();
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -145,14 +129,12 @@ class User extends Authenticatable
|
|||
$email = trim($email);
|
||||
$this->email = $email;
|
||||
$this->update();
|
||||
return true;
|
||||
}
|
||||
|
||||
public function updatePassword($password)
|
||||
{
|
||||
$this->passwordHash($password);
|
||||
$this->update();
|
||||
return true;
|
||||
}
|
||||
|
||||
public function testTaken($test_id)
|
||||
|
|
47
resources/views/errors/403.blade.php
Normal file
47
resources/views/errors/403.blade.php
Normal file
|
@ -0,0 +1,47 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>Be right back.</title>
|
||||
|
||||
<link href="https://fonts.googleapis.com/css?family=Lato:100" rel="stylesheet" type="text/css">
|
||||
|
||||
<style>
|
||||
html, body {
|
||||
height: 100%;
|
||||
}
|
||||
|
||||
body {
|
||||
margin: 0;
|
||||
padding: 0;
|
||||
width: 100%;
|
||||
color: #B0BEC5;
|
||||
display: table;
|
||||
font-weight: 100;
|
||||
font-family: 'Lato', sans-serif;
|
||||
}
|
||||
|
||||
.container {
|
||||
text-align: center;
|
||||
display: table-cell;
|
||||
vertical-align: middle;
|
||||
}
|
||||
|
||||
.content {
|
||||
text-align: center;
|
||||
display: inline-block;
|
||||
}
|
||||
|
||||
.title {
|
||||
font-size: 72px;
|
||||
margin-bottom: 40px;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<div class="container">
|
||||
<div class="content">
|
||||
<div class="title">Be right back.</div>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
|
@ -36,7 +36,7 @@ Route::group(['prefix' => 'test'], function () {
|
|||
|
||||
/*---------- Routes for the moderator section ----------*/
|
||||
|
||||
Route::group(['prefix' => 'mod'], function () {
|
||||
Route::group(['prefix' => 'mod', 'middleware' => 'is.mod'], function () {
|
||||
|
||||
Route::get('/', 'ModeratorController@index');
|
||||
Route::get('/tests', 'ModeratorController@showTests');
|
||||
|
@ -66,7 +66,7 @@ Route::group(['prefix' => 'mod'], function () {
|
|||
|
||||
/*---------- Routes for the administrator section ----------*/
|
||||
|
||||
Route::group(['prefix' => 'admin'], function () {
|
||||
Route::group(['prefix' => 'admin', 'middleware' => 'is.admin'], function () {
|
||||
|
||||
Route::get('/', 'AdminController@index');
|
||||
|
||||
|
@ -85,7 +85,7 @@ Route::group(['prefix' => 'admin'], function () {
|
|||
Route::get('/questions/{question}/edit', 'AdministrativeTestController@editQuestion');
|
||||
Route::patch('/questions/{question}', 'AdministrativeTestController@updateQuestion');
|
||||
Route::get('/questions/{question}/delete', 'AdministrativeTestController@confirmDeleteQuestion');
|
||||
Route::delete('/questions/{question}/', 'AdministrativeTestController@deleteQuestion');
|
||||
Route::delete('/quphpestions/{question}/', 'AdministrativeTestController@deleteQuestion');
|
||||
|
||||
Route::get('/users', 'AdminController@showGroups');
|
||||
Route::get('/users/all', 'AdminController@showAllUsers');
|
||||
|
|
Reference in a new issue