From 71c79d3b2a0d8e52abfb52279a9d0f5caf705a4c Mon Sep 17 00:00:00 2001
From: mwalbeck <magn3200@gmail.com>
Date: Sat, 22 Oct 2016 17:22:26 +0200
Subject: [PATCH] Added validation to site with barebones error reporting to
users
---
app/Http/Controllers/GroupController.php | 9 ++--
app/Http/Controllers/HomeController.php | 15 +++++--
app/Http/Controllers/TestController.php | 9 ++--
app/Http/Controllers/UserController.php | 5 ++-
app/Http/Requests/StoreGroup.php | 39 +++++++++++++++++
app/Http/Requests/StoreOptions.php | 40 +++++++++++++++++
app/Http/Requests/StoreQuestion.php | 43 +++++++++++++++++++
app/Http/Requests/StoreTest.php | 10 ++---
app/Http/Requests/StoreUser.php | 15 ++++++-
app/Question.php | 2 +-
app/Test.php | 4 +-
app/User.php | 10 +++--
resources/views/tests/edit.blade.php | 9 ++++
resources/views/tests/question/edit.blade.php | 9 ++++
resources/views/tests/question/new.blade.php | 9 ++++
resources/views/users/new.blade.php | 13 +++++-
resources/views/users/settings.blade.php | 9 ++++
17 files changed, 221 insertions(+), 29 deletions(-)
create mode 100644 app/Http/Requests/StoreGroup.php
create mode 100644 app/Http/Requests/StoreOptions.php
create mode 100644 app/Http/Requests/StoreQuestion.php
diff --git a/app/Http/Controllers/GroupController.php b/app/Http/Controllers/GroupController.php
index f46f02d..40598bf 100644
--- a/app/Http/Controllers/GroupController.php
+++ b/app/Http/Controllers/GroupController.php
@@ -5,6 +5,7 @@ namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Http\Requests;
+use App\Http\Requests\StoreGroup;
use App\Group;
class GroupController extends Controller
@@ -25,10 +26,10 @@ class GroupController extends Controller
return view('groups.new');
}
- public function addGroup()
+ public function addGroup(StoreGroup $request)
{
$group = new Group;
- $group->addGroup(request()->all());
+ $group->addGroup($request->all());
return redirect('/admin/groups');
}
@@ -37,9 +38,9 @@ class GroupController extends Controller
return view('groups.edit', compact('group'));
}
- public function updateGroup(Group $group)
+ public function updateGroup(Group $group, StoreGroup $request)
{
- $group->updateGroup(request()->all());
+ $group->updateGroup($request->all());
return redirect("/admin/groups");
}
diff --git a/app/Http/Controllers/HomeController.php b/app/Http/Controllers/HomeController.php
index 9a04dc9..89aa7b5 100644
--- a/app/Http/Controllers/HomeController.php
+++ b/app/Http/Controllers/HomeController.php
@@ -41,17 +41,24 @@ class HomeController extends Controller
return view('users.settings', compact('user'));
}
- public function updatePassword()
+ public function updatePassword(Request $request)
{
+ $this->validate($request, [
+ "password1_new" => "required|string|alpha_dash|min:8",
+ "password2_new" => "required|string|alpha_dash|min:8"
+ ]);
$user = Auth::user();
- $user->updatePassword(request()->all());
+ $user->updatePassword($request->all());
return redirect('/settings');
}
- public function updateEmail()
+ public function updateEmail(Request $request)
{
+ $this->validate($request, [
+ "email" => "required|email"
+ ]);
$user = Auth::user();
- $user->updateEmail(request()->all());
+ $user->updateEmail($request->all());
return redirect('/settings');
}
}
diff --git a/app/Http/Controllers/TestController.php b/app/Http/Controllers/TestController.php
index 34218ad..c2b679d 100644
--- a/app/Http/Controllers/TestController.php
+++ b/app/Http/Controllers/TestController.php
@@ -11,6 +11,7 @@ use App\Question;
use App\Option;
use App\Group;
use App\Http\Requests\StoreTest;
+use App\Http\Requests\StoreQuestion;
class TestController extends Controller
{
@@ -40,13 +41,13 @@ class TestController extends Controller
return view('tests.index', compact('question'), compact('options'));
}
- public function answerQuestion()
+ public function answerQuestion(Request $request)
{
$question = session('questions')->get(session('question_counter')-1);
$options = session('options');
$answers = collect([]);
foreach ($options as $option) {
- if (array_key_exists("answer{$option->id}", request()->all())) {
+ if (array_key_exists("answer{$option->id}", $request->all())) {
$answers->push($option);
}
}
@@ -201,7 +202,7 @@ class TestController extends Controller
return view('tests.edit', compact('test'));
}
- public function addQuestion(Test $test, Request $request)
+ public function addQuestion(Test $test, StoreQuestion $request)
{
$question = new Question;
$question->addQuestion($test, $request);
@@ -216,7 +217,7 @@ class TestController extends Controller
return redirect("/admin/tests/$test->id");
}
- public function updateQuestion(Question $question, Request $request)
+ public function updateQuestion(Question $question, StoreQuestion $request)
{
$test = $question->test;
$question->updateQuestion($request);
diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
index 13ea978..f3363ed 100644
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@@ -5,6 +5,7 @@ namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use App\Http\Requests;
+use App\Http\Requests\StoreUser;
use App\User;
use App\Group;
@@ -31,10 +32,10 @@ class UserController extends Controller
return redirect('/admin/users');
}
- public function addUser()
+ public function addUser(StoreUser $request)
{
$user = new User;
- $user->addUser(request()->all());
+ $user->addUser($request->all());
return redirect('/admin/users');
}
diff --git a/app/Http/Requests/StoreGroup.php b/app/Http/Requests/StoreGroup.php
new file mode 100644
index 0000000..c0fadcb
--- /dev/null
+++ b/app/Http/Requests/StoreGroup.php
@@ -0,0 +1,39 @@
+<?php
+
+namespace App\Http\Requests;
+
+use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Support\Facades\Auth;
+
+class StoreGroup extends FormRequest
+{
+ /**
+ * Determine if the user is authorized to make this request.
+ *
+ * @return bool
+ */
+ public function authorize()
+ {
+ if (Auth::user()->isAdministrator()) {
+ return true;
+ }
+
+ if (Auth::user()->isModerator()) {
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ * Get the validation rules that apply to the request.
+ *
+ * @return array
+ */
+ public function rules()
+ {
+ return [
+ "name" => "required|string|alpha_dash|max:255",
+ "enabled" => "boolean"
+ ];
+ }
+}
diff --git a/app/Http/Requests/StoreOptions.php b/app/Http/Requests/StoreOptions.php
new file mode 100644
index 0000000..e2a96f1
--- /dev/null
+++ b/app/Http/Requests/StoreOptions.php
@@ -0,0 +1,40 @@
+<?php
+
+namespace App\Http\Requests;
+
+use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Support\Facades\Auth;
+
+class StoreOptions extends FormRequest
+{
+ /**
+ * Determine if the user is authorized to make this request.
+ *
+ * @return bool
+ */
+ public function authorize()
+ {
+ if (Auth::user()->isAdministrator()) {
+ return true;
+ }
+
+ if (Auth::user()->isModerator()) {
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ * Get the validation rules that apply to the request.
+ *
+ * @return array
+ */
+ public function rules()
+ {
+ return [
+ "question_id" => "required|integer|exists:questions,id|min:1",
+ "option" => "required|string|alpha_dash|max:255",
+ "correct_answer" => "boolean"
+ ];
+ }
+}
diff --git a/app/Http/Requests/StoreQuestion.php b/app/Http/Requests/StoreQuestion.php
new file mode 100644
index 0000000..7a24661
--- /dev/null
+++ b/app/Http/Requests/StoreQuestion.php
@@ -0,0 +1,43 @@
+<?php
+
+namespace App\Http\Requests;
+
+use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Support\Facades\Auth;
+
+class StoreQuestion extends FormRequest
+{
+ /**
+ * Determine if the user is authorized to make this request.
+ *
+ * @return bool
+ */
+ public function authorize()
+ {
+ if (Auth::user()->isAdministrator()) {
+ return true;
+ }
+
+ if (Auth::user()->isModerator()) {
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ * Get the validation rules that apply to the request.
+ *
+ * @return array
+ */
+ public function rules()
+ {
+ return [
+ "test_id" => "integer|exists:tests,id|min:1",
+ "title" => "required|string|alpha_dash|max:255",
+ "question" => "required|string|alpha_dash",
+ "question_type" => "string|in:radio,checkbox|max:255",
+ "correct_answers" => "integer|min:1",
+ "multiple_anwsers_question" => "boolean"
+ ];
+ }
+}
diff --git a/app/Http/Requests/StoreTest.php b/app/Http/Requests/StoreTest.php
index dbbdd6c..41f1dc9 100644
--- a/app/Http/Requests/StoreTest.php
+++ b/app/Http/Requests/StoreTest.php
@@ -32,11 +32,11 @@ class StoreTest extends FormRequest
public function rules()
{
return [
- "title" => "required|max:255|string",
- "question_count" => "required|numeric",
- "question_count_to_fail" => "numeric",
- "time_limit" => "numeric",
- "group_id" => "numeric"
+ "title" => "required|string|alpha_dash|max:255",
+ "question_count" => "required|integer|min:1",
+ "question_count_to_fail" => "integer|min:0",
+ "time_limit" => "integer|min:0",
+ "group_id" => "integer|exists:groups,id|min:1"
];
}
}
diff --git a/app/Http/Requests/StoreUser.php b/app/Http/Requests/StoreUser.php
index 60cd2e1..7a05eb5 100644
--- a/app/Http/Requests/StoreUser.php
+++ b/app/Http/Requests/StoreUser.php
@@ -3,6 +3,7 @@
namespace App\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Support\Facades\Auth;
class StoreUser extends FormRequest
{
@@ -13,6 +14,13 @@ class StoreUser extends FormRequest
*/
public function authorize()
{
+ if (Auth::user()->isAdministrator()) {
+ return true;
+ }
+
+ if (Auth::user()->isModerator()) {
+ return true;
+ }
return false;
}
@@ -24,7 +32,12 @@ class StoreUser extends FormRequest
public function rules()
{
return [
- //
+ "name" => "required|string|alpha_dash|max:255",
+ "email" => "required|email|unique:users,email|max:255",
+ "password" => "required|alpha_dash|min:8",
+ "group_id" => "integer|exists:groups,id|min:1",
+ "enabled" => "required|boolean",
+ "access_level" => "integer|min:1",
];
}
}
diff --git a/app/Question.php b/app/Question.php
index d0e9e05..e84a96a 100644
--- a/app/Question.php
+++ b/app/Question.php
@@ -65,7 +65,7 @@ class Question extends Model
$test->questions()->save($this);
}
- public function updateQuestion($request)
+ public function updateQuestion(Request $request)
{
$this->title = $request->title;
$this->question = $request->question;
diff --git a/app/Test.php b/app/Test.php
index 2739a5a..03b7357 100644
--- a/app/Test.php
+++ b/app/Test.php
@@ -47,7 +47,7 @@ class Test extends Model
return false;
}
- public function createTest(Request $request)
+ public function createTest($request)
{
$this->title = $request["title"];
$this->question_count = $request["question_count"];
@@ -64,7 +64,7 @@ class Test extends Model
return true;
}
- public function updateTest(Request $request)
+ public function updateTest($request)
{
$this->update($request);
}
diff --git a/app/User.php b/app/User.php
index 99b495c..6f2687f 100644
--- a/app/User.php
+++ b/app/User.php
@@ -52,7 +52,7 @@ class User extends Authenticatable
public function passwordCompare($password1, $password2)
{
- return $password1 == $password2;
+ return $password1 === $password2;
}
public function passwordVerify($password, $hash)
@@ -62,7 +62,7 @@ class User extends Authenticatable
public function isModerator()
{
- if ($this->access_level == 2) {
+ if ($this->access_level === 2) {
return true;
}
return false;
@@ -70,7 +70,7 @@ class User extends Authenticatable
public function isAdministrator()
{
- if ($this->access_level == 3) {
+ if ($this->access_level === 3) {
return true;
}
return false;
@@ -86,7 +86,9 @@ class User extends Authenticatable
$this->name = $request["name"];
$this->email = $request["email"];
$this->passwordHash($request["password"]);
- $this->enabled = $request["enabled"];
+ if ($request["enabled"]) {
+ $this->enabled = $request["enabled"];
+ }
if (Auth::user()->isModerator()) {
Group::find(Auth::user()->group_id)->tests()->save($this);
return true;
diff --git a/resources/views/tests/edit.blade.php b/resources/views/tests/edit.blade.php
index 341b9bf..e3fe54c 100644
--- a/resources/views/tests/edit.blade.php
+++ b/resources/views/tests/edit.blade.php
@@ -3,6 +3,15 @@
@section('content')
<div class="container-fluid">
<div class="col-md-6 col-md-offset-3">
+ @if (count($errors) > 0)
+ <div class="alert alert-danger">
+ <ul>
+ @foreach ($errors->all() as $error)
+ <li>{{ $error }}</li>
+ @endforeach
+ </ul>
+ </div>
+ @endif
<h1>Edit Test: {{ $test->title }}</h1>
</br>
<form method="POST" action="/{{ Auth::user()->getAdminPath() }}/tests/{{ $test->id }}/edit">
diff --git a/resources/views/tests/question/edit.blade.php b/resources/views/tests/question/edit.blade.php
index 29b723e..18a9c87 100644
--- a/resources/views/tests/question/edit.blade.php
+++ b/resources/views/tests/question/edit.blade.php
@@ -4,6 +4,15 @@
<div class="container-fluid">
<div class="col-md-6 col-md-offset-3">
+ @if (count($errors) > 0)
+ <div class="alert alert-danger">
+ <ul>
+ @foreach ($errors->all() as $error)
+ <li>{{ $error }}</li>
+ @endforeach
+ </ul>
+ </div>
+ @endif
<h1>Edit Question</h1>
</br>
<form method="POST" action="/{{ Auth::user()->getAdminPath() }}/questions/{{ $question->id }}">
diff --git a/resources/views/tests/question/new.blade.php b/resources/views/tests/question/new.blade.php
index fcca9c8..06d2942 100644
--- a/resources/views/tests/question/new.blade.php
+++ b/resources/views/tests/question/new.blade.php
@@ -3,6 +3,15 @@
@section('content')
<div class="container-fluid">
<div class="col-md-6 col-md-offset-3">
+ @if (count($errors) > 0)
+ <div class="alert alert-danger">
+ <ul>
+ @foreach ($errors->all() as $error)
+ <li>{{ $error }}</li>
+ @endforeach
+ </ul>
+ </div>
+ @endif
<h1>Question {{ $question_number }}</h1>
</br>
<form method="POST" action="/{{ Auth::user()->getAdminPath() }}/tests/{{ $test->id }}/question">
diff --git a/resources/views/users/new.blade.php b/resources/views/users/new.blade.php
index 41ad8e2..e76b9c3 100644
--- a/resources/views/users/new.blade.php
+++ b/resources/views/users/new.blade.php
@@ -3,9 +3,18 @@
@section('content')
<div class="container-fluid">
<div class="col-md-6 col-md-offset-3">
+ @if (count($errors) > 0)
+ <div class="alert alert-danger">
+ <ul>
+ @foreach ($errors->all() as $error)
+ <li>{{ $error }}</li>
+ @endforeach
+ </ul>
+ </div>
+ @endif
<h1>Create New User</h1>
</br>
- <form method="POST" action="//users/new">
+ <form method="POST" action="/{{ Auth::user()->getAdminPath() }}/users/new">
{{ csrf_field() }}
<div class="form-group">
<label>Name</label>
@@ -21,7 +30,7 @@
</div>
<div class="form-group">
<label>Enabled</label>
- <select class="form-control">
+ <select name="enabled" class="form-control">
<option value="1">Yes</option>
<option value="0">No</option>
</select>
diff --git a/resources/views/users/settings.blade.php b/resources/views/users/settings.blade.php
index c5aa239..2956f80 100644
--- a/resources/views/users/settings.blade.php
+++ b/resources/views/users/settings.blade.php
@@ -4,6 +4,15 @@
<div class="container-fluid">
<div class="row">
<div class="col-md-6 col-md-offset-3">
+ @if (count($errors) > 0)
+ <div class="alert alert-danger">
+ <ul>
+ @foreach ($errors->all() as $error)
+ <li>{{ $error }}</li>
+ @endforeach
+ </ul>
+ </div>
+ @endif
<div class="panel panel-default">
<div class="panel-heading">Password</div>
<div class="panel-body">