diff --git a/app/Http/Controllers/Publish/WorkflowController.php b/app/Http/Controllers/Publish/WorkflowController.php index 641a526..f5e0f29 100644 --- a/app/Http/Controllers/Publish/WorkflowController.php +++ b/app/Http/Controllers/Publish/WorkflowController.php @@ -30,7 +30,7 @@ class WorkflowController extends Controller $builder = Dataset::query(); $myDatasets = $builder ->whereIn('server_state', ['inprogress', 'released']) - ->where('account_id', $user_id) + // ->where('account_id', $user_id) ->with('user:id,login') ->get(); return view('workflow.index', [ @@ -51,7 +51,7 @@ class WorkflowController extends Controller // $q->where('login', 'admin'); // })->pluck('login', 'id'); $editors = User::with(['roles' => function ($query) { - $query->where('name', 'reviewer'); + $query->where('name', 'editor'); }]) ->pluck('login', 'id'); //$editors = Role::where('name', 'reviewer')->first()->users; @@ -105,7 +105,7 @@ class WorkflowController extends Controller } } $dataset->delete(); - session()->flash('flash_message', 'You have been deleted 1 dataset!'); + session()->flash('flash_message', 'You have deleted 1 dataset!'); return redirect()->route('publish.workflow.index'); } } @@ -115,14 +115,43 @@ class WorkflowController extends Controller * * @return \Illuminate\Http\Response */ - public function indexReleased() + public function editorIndex() { $builder = Dataset::query(); $datasets = $builder //->where('server_state', 'inprogress') ->whereIn('server_state', ['released']) ->get(); - return view('workflow.review', compact('datasets')); + return view('workflow.editor_index', compact('datasets')); + } + + /** + * Display the specified resource. + * + * @param int $id + * @return \Illuminate\View\View + */ + public function accept($id): View + { + $dataset = Dataset::with('user:id,login')->findOrFail($id); + // $editors = User::whereHas('roles', function ($q) { + // $q->where('login', 'admin'); + // })->pluck('login', 'id'); + $editors = User::with(['roles' => function ($query) { + $query->where('name', 'editor'); + }]) + ->pluck('login', 'id'); + //$editors = Role::where('name', 'reviewer')->first()->users; + + return view('workflow.accept', [ + 'dataset' => $dataset, + 'editors' => $editors, + ]); + } + + public function acceptUpdate(Request $request, $id) + { + $dataset = Dataset::findOrFail($id); } // public function release() diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index 6966c71..a0eca54 100755 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -63,6 +63,7 @@ class Kernel extends HttpKernel // 'role' => \Zizaco\Entrust\Middleware\EntrustRole::class, 'permission' => \Zizaco\Entrust\Middleware\EntrustPermission::class, 'ability' => \Zizaco\Entrust\Middleware\EntrustAbility::class, + 'isUserDatasetAdmin' => \App\Http\Middleware\WebAuthorizeDataset::class, ]; } diff --git a/app/Http/Middleware/WebAuthorizeDataset.php b/app/Http/Middleware/WebAuthorizeDataset.php new file mode 100644 index 0000000..c10b20d --- /dev/null +++ b/app/Http/Middleware/WebAuthorizeDataset.php @@ -0,0 +1,57 @@ +auth = $auth; + } + + /** + * Handle an incoming request. + * + * @param \Illuminate\Http\Request $request + * @param \Closure $next + * @return mixed + */ + public function handle(\Illuminate\Http\Request $request, Closure $next, bool $requiresDatasetAdministrator) + { + // if ($this->auth->guest() || !$request->user()->can("Administrator")) { + // abort(403); + // } + $userId = $this->auth->user()->id; + $datasetId = $request->route('id'); + + if ($this->auth->guest() || !$this->isUserDatasetAdmin($userId, $datasetId)) { + abort(403, "You are not allowed to do this action!"); + } + return $next($request); + } + + private function isUserDatasetAdmin($userId, $datasetId) + { + $dataset = Dataset::with('user:id,login')->findOrFail($datasetId); + $user = User::findOrFail($userId); + if ($dataset->user->id == $user->id) { //} || $user->can("administrator")) { + return true; + } else { + return false; + } + } +} diff --git a/resources/views/errors/403.blade.php b/resources/views/errors/403.blade.php index c610da1..e57fbf6 100644 --- a/resources/views/errors/403.blade.php +++ b/resources/views/errors/403.blade.php @@ -5,7 +5,9 @@

403
ACCESS DENIED

+ Back

{{ $exception->getMessage() }}

+
@endsection diff --git a/resources/views/partials/nav.blade.php b/resources/views/partials/nav.blade.php index 495dfae..14822c2 100755 --- a/resources/views/partials/nav.blade.php +++ b/resources/views/partials/nav.blade.php @@ -65,7 +65,7 @@
  • COLLECTION
  • PROJECT
    • - +
  • LICENSES
    • diff --git a/resources/views/settings/layouts/app.blade.php b/resources/views/settings/layouts/app.blade.php index f3b52dd..2900447 100644 --- a/resources/views/settings/layouts/app.blade.php +++ b/resources/views/settings/layouts/app.blade.php @@ -88,7 +88,7 @@ @endpermission - @permission('review') + @role(array('administrator', 'editor', 'reviewer'))

  • Publish

    • - @endpermission + @endrole diff --git a/resources/views/workflow/accept.blade.php b/resources/views/workflow/accept.blade.php new file mode 100644 index 0000000..73e80da --- /dev/null +++ b/resources/views/workflow/accept.blade.php @@ -0,0 +1,89 @@ +@extends('settings.layouts.app') +@section('content') +
    +

    + Accept released dataset +

    +
    + +
    +

    + Release your dataset for Editor +

    +
    + +
    + +
    +
    + + + BACK + +
    +
    + @php + //if userid changed from last iteration, store new userid and change color + // $lastid = $detail->payment->userid; + if ($dataset->editor->id == Auth::user()->id) { + $userIsDesiredEditor = true; + } else { + $userIsDesiredEditor = false; + $message = 'you are not the desired editor, but you can still accept the dataset'; + } + @endphp + + {!! Form::model($dataset, [ 'method' => 'POST', 'id' => 'acceptForm', + 'class' => 'pure-form', 'enctype' => 'multipart/form-data', 'v-on:submit.prevent' => 'checkForm']) !!} +
    + General +
    + +
    + {!! Form::label('editor_id', 'preferred editor:') !!} + {!! $dataset->editor->login !!} + @if($userIsDesiredEditor == false) + {!! $message !!} + @endif + {{-- --}} + +
    +
    + {!! Form::label('owner', 'dataset owner:') !!} + {!! $dataset->user->login !!} + {{-- --}} + +
    +
    + {!! Form::label('title', 'dataset title:') !!} + @if ($dataset->titles()->first()) + {{ $dataset->titles()->first()->value }} + @endif +
    +
    +
    + +
    +
    + +
    + + {!! Form::close() !!} +
    +
    + +
    + +@stop + +@section('after-scripts') {{-- + --}} {{-- + +--}} {{-- + --}} + + +@stop \ No newline at end of file diff --git a/resources/views/workflow/review.blade.php b/resources/views/workflow/editor_index.blade.php similarity index 57% rename from resources/views/workflow/review.blade.php rename to resources/views/workflow/editor_index.blade.php index 2384f09..8b66152 100644 --- a/resources/views/workflow/review.blade.php +++ b/resources/views/workflow/editor_index.blade.php @@ -2,7 +2,7 @@ @section('content')

    - Review unpblished datasets + EDITOR PAGE: Approve released datasets

    @@ -14,6 +14,7 @@ Dataset Title ID Server State + Preferred Editor @@ -33,13 +34,25 @@ {{ $dataset->server_state }} - + {{ optional($dataset->editor)->login }} - @if ($dataset->server_state == "unpublished") - Publish - {{-- Restrict --}} + @if ($dataset->server_state == "released") + + + Accept editor task + + {{-- + + Reject + --}} + @endif + {{-- + @if ($dataset->server_state == "unpublished") + Publish + @endif + --}} @endforeach diff --git a/routes/web.php b/routes/web.php index 30b0e1e..15889cc 100644 --- a/routes/web.php +++ b/routes/web.php @@ -21,7 +21,7 @@ Route::get( 'setlocale/{lang}', [ 'as' => 'setlocale', //name() - 'uses' => 'Frontend\LocalizationController@setLocale' + 'uses' => 'Frontend\LocalizationController@setLocale', ] ); @@ -29,44 +29,65 @@ Route::get( Route::group( [ 'namespace' => 'Publish', - 'middleware' => ['permission:review'], + // 'middleware' => ['permission:publish'], + // 'middleware' => ['role:administrator|reviewer|editor'], 'prefix' => 'publish', - 'as' => 'publish.' + 'as' => 'publish.', ], function () { Route::get('dataset', [ 'as' => 'dataset.index', 'uses' => 'IndexController@index', ]); - Route::get('dataset/create-step1', ['as' => 'dataset.create', 'uses' => 'IndexController@createStep1']); + Route::get('dataset/create-step1', [ + 'middleware' => ['permission:dataset-create'], + 'as' => 'dataset.create', + 'uses' => 'IndexController@createStep1', + ]); // Route::post('dataset/store-step1', ['as' => 'dataset.store1', 'uses' => 'IndexController@storeStep1']); // Route::get('dataset/create-step2', ['as' => 'dataset.create2', 'uses' => 'IndexController@createStep2']); // Route::post('dataset/store-step2', ['as' => 'dataset.store2', 'uses' => 'IndexController@storeStep2']); // Route::get('dataset/create-step3', ['as' => 'dataset.create3', 'uses' => 'IndexController@createStep3']); - Route::post('dataset/store', ['as' => 'dataset.store', 'uses' => 'IndexController@store']); + Route::post('dataset/store', [ + 'middleware' => ['permission:dataset-create'], + 'as' => 'dataset.store', + 'uses' => 'IndexController@store', + ]); Route::get('workflow/index', [ + 'middleware' => ['permission:dataset-list'], 'as' => 'workflow.index', 'uses' => 'WorkflowController@index', ]); Route::get('workflow/release/{id}', [ + 'middleware' => ['permission:dataset-create', 'isUserDatasetAdmin:true'], 'as' => 'workflow.release', 'uses' => 'WorkflowController@release', ]); Route::post('workflow/release/{id}', [ + 'middleware' => ['permission:dataset-create', 'isUserDatasetAdmin:true'], 'as' => 'workflow.releaseUpdate', 'uses' => 'WorkflowController@releaseUpdate', ]); Route::get('workflow/delete/{id}', [ + 'middleware' => ['isUserDatasetAdmin:true'], 'as' => 'workflow.delete', 'uses' => 'WorkflowController@delete', ]); - Route::get('workflow/release/{id}', [ - 'as' => 'workflow.release', 'uses' => 'WorkflowController@release', + // Route::get('workflow/release/{id}', [ + // 'as' => 'workflow.release', 'uses' => 'WorkflowController@release', + // ]); + + Route::get('workflow/editor_index', [ + 'middleware' => ['permission:dataset-released-list'], + 'as' => 'workflow.editorIndex', 'uses' => 'WorkflowController@editorIndex', + ]); + Route::get('workflow/accept/{id}', [ + 'middleware' => ['permission:dataset-accept'], + 'as' => 'workflow.accept', 'uses' => 'WorkflowController@accept', + ]); + Route::post('workflow/accept/{id}', [ + 'middleware' => ['permission:dataset-accept'], + 'as' => 'workflow.acceptUpdate', 'uses' => 'WorkflowController@acceptUpdate', ]); - - Route::get('workflow/indexreleased', [ - 'as' => 'workflow.indexReleased', 'uses' => 'WorkflowController@indexReleased', - ]); - Route::get('workflow/changestate/{id}/changestate/{targetState}', [ 'as' => 'review.changestate', 'uses' => 'WorkflowController@changestate', ]); @@ -79,7 +100,7 @@ Route::group( 'namespace' => 'Settings\Access', 'middleware' => ['permission:settings'], 'prefix' => 'settings/access', - 'as' => 'access.' + 'as' => 'access.', ], function () { //Route::resource('users','UserController'); @@ -102,7 +123,7 @@ Route::group( 'as' => 'user.destroy', 'uses' => 'UserController@destroy', ]); - //Route::resource('users','RoleController'); + //Route::resource('users','RoleController'); Route::get('role', [ 'as' => 'role.index', 'uses' => 'RoleController@index', ]); @@ -129,7 +150,7 @@ Route::group( 'middleware' => ['permission:settings'], 'namespace' => 'Settings', 'prefix' => 'settings', - 'as' => 'settings.' + 'as' => 'settings.', ], function () { //Route::resource('page', 'PageController', ['except' => ['show', 'update']]); @@ -147,7 +168,6 @@ Route::group( } ); - //=================================================setting home - dashboard======================================= Route::get('settings/', [ 'as' => 'settings.dashboard', 'uses' => 'Settings\DashboardController@index', @@ -178,7 +198,7 @@ Route::group(['middleware' => ['permission:settings']], function () { 'as' => 'settings.file.download', 'uses' => 'Settings\FileController@download', ]); - //=================================================setting mimetype============================================= + //=================================================setting mimetype============================================= Route::get('/settings/mimetype', [ 'as' => 'settings.mimetype.index', 'uses' => 'Settings\MimetypeController@index', ]); @@ -341,7 +361,7 @@ Route::group(['namespace' => 'Frontend', 'as' => 'frontend.'], function () { //=================================================Crawlers==================================================== Route::get('sitelinks', [ - 'as' => 'sitelinks.index', 'uses' => 'SitelinkController@index', + 'as' => 'sitelinks.index', 'uses' => 'SitelinkController@index', ]); Route::get('sitelinks/list/{year}', 'SitelinkController@listDocs')->name('sitelinks.list'); @@ -353,8 +373,8 @@ Route::group(['namespace' => 'Frontend', 'as' => 'frontend.'], function () { ]); /* - * Show pages - */ + * Show pages + */ Route::get('pages/{slug}', 'HomeController@showPage')->name('pages.show'); //=================================================solr search====================================================