- check if user is owner of file
- delete unnecessary models and web routes
This commit is contained in:
parent
0d6cf1158f
commit
7b34e57aee
|
@ -1,82 +0,0 @@
|
||||||
<?php
|
|
||||||
namespace App\Http\Controllers;
|
|
||||||
|
|
||||||
use App\Http\Requests;
|
|
||||||
use App\Http\Controllers\Controller;
|
|
||||||
use App\Book;
|
|
||||||
use App\Models\Project;
|
|
||||||
use App\Shelf;
|
|
||||||
use App\Http\Requests\BookRequest;
|
|
||||||
use Illuminate\Http\Request;
|
|
||||||
use Illuminate\View\View;
|
|
||||||
|
|
||||||
class BookController extends Controller
|
|
||||||
{
|
|
||||||
public function __construct()
|
|
||||||
{
|
|
||||||
$this->middleware('auth');
|
|
||||||
}
|
|
||||||
|
|
||||||
public function index() : View
|
|
||||||
{
|
|
||||||
//$books = Book::with('category', 'shelf')->get();
|
|
||||||
$books = Book::with('project')->get();
|
|
||||||
return view('rdr.settings.book.book', compact('books'));
|
|
||||||
}
|
|
||||||
|
|
||||||
public function add()
|
|
||||||
{
|
|
||||||
$categories = Project::pluck('name', 'id');
|
|
||||||
$shelves = Shelf::pluck('shelf', 'id');
|
|
||||||
|
|
||||||
$datum = date('Y-m-d');
|
|
||||||
$nowYear = substr($datum, 0, 4);
|
|
||||||
$years = array();
|
|
||||||
for ($jahr = 1990; $jahr <= $nowYear; $jahr++) {
|
|
||||||
$years[$jahr] = $jahr;
|
|
||||||
}
|
|
||||||
|
|
||||||
return view('rdr.settings.book.add', compact('categories', 'shelves', 'years'));
|
|
||||||
}
|
|
||||||
|
|
||||||
public function store(BookRequest $request)
|
|
||||||
{
|
|
||||||
$input = $request->all();
|
|
||||||
$book = Book::create($input);
|
|
||||||
session()->flash('flash_message', 'You have been addded 1 book!');
|
|
||||||
return redirect()->route('settings.book');
|
|
||||||
}
|
|
||||||
|
|
||||||
public function edit($id)
|
|
||||||
{
|
|
||||||
$book = Book::findOrFail($id);
|
|
||||||
$categories = Project::pluck('name', 'id');
|
|
||||||
// $shelves = Shelf::pluck('shelf', 'id');
|
|
||||||
|
|
||||||
$datum = date('Y-m-d');
|
|
||||||
$nowYear = substr($datum, 0, 4);
|
|
||||||
$years = array();
|
|
||||||
for ($jahr = 1990; $jahr <= $nowYear; $jahr++) {
|
|
||||||
$years[$jahr] = $jahr;
|
|
||||||
}
|
|
||||||
return view('rdr.settings.book.edit', compact('book', 'categories', 'years'));
|
|
||||||
//return view('rdr.settings.book.edit', compact('book', 'categories', 'shelves', 'years'));
|
|
||||||
}
|
|
||||||
|
|
||||||
public function update($id, BookRequest $request)
|
|
||||||
{
|
|
||||||
$book = Book::findOrFail($id);
|
|
||||||
$input = $request->all();
|
|
||||||
$book->update($input);
|
|
||||||
session()->flash('flash_message', 'You have updated 1 book!');
|
|
||||||
return redirect()->route('settings.book');
|
|
||||||
}
|
|
||||||
|
|
||||||
public function delete($id)
|
|
||||||
{
|
|
||||||
$book = Book::findOrFail($id);
|
|
||||||
$book->delete();
|
|
||||||
session()->flash('flash_message', 'You have deleted 1 book!');
|
|
||||||
return redirect()->route('settings.book');
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,58 +0,0 @@
|
||||||
<?php
|
|
||||||
namespace App\Http\Controllers;
|
|
||||||
|
|
||||||
use App\Http\Requests;
|
|
||||||
use App\Http\Controllers\Controller;
|
|
||||||
use App\Periode;
|
|
||||||
use App\Student;
|
|
||||||
use App\Http\Requests\PeriodeRequest;
|
|
||||||
use Illuminate\Http\Request;
|
|
||||||
|
|
||||||
class PeriodeController extends Controller
|
|
||||||
{
|
|
||||||
|
|
||||||
public function __construct()
|
|
||||||
{
|
|
||||||
$this->middleware('auth');
|
|
||||||
}
|
|
||||||
|
|
||||||
public function index()
|
|
||||||
{
|
|
||||||
$periodes = Periode::get();
|
|
||||||
return view('lms.settings.periode.periode', compact('periodes'));
|
|
||||||
}
|
|
||||||
|
|
||||||
public function edit($id)
|
|
||||||
{
|
|
||||||
$periode = Periode::findOrFail($id);
|
|
||||||
return view('lms.settings.periode.edit', compact('periode'));
|
|
||||||
}
|
|
||||||
|
|
||||||
public function update($id, PeriodeRequest $request)
|
|
||||||
{
|
|
||||||
$periode = Periode::findOrFail($id);
|
|
||||||
|
|
||||||
$input = $request->all();
|
|
||||||
|
|
||||||
$periode->update($input);
|
|
||||||
|
|
||||||
//process
|
|
||||||
$tglSekarang = time();
|
|
||||||
|
|
||||||
$students = Student::get();
|
|
||||||
|
|
||||||
foreach ($students as $student) {
|
|
||||||
$dateDiff = $tglSekarang - $student['registered_at'];
|
|
||||||
$durasi = floor($dateDiff/(60 * 60 * 24));
|
|
||||||
$periodes = Periode::first();
|
|
||||||
if ($durasi > $periodes['days']) {
|
|
||||||
$student->update(['status' => 0]);
|
|
||||||
} else {
|
|
||||||
$student->update(['status' => 1]);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
session()->flash('flash_message', 'You have been updated periode!');
|
|
||||||
return redirect()->route('settings.periode');
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -64,6 +64,7 @@ class Kernel extends HttpKernel
|
||||||
'permission' => \Zizaco\Entrust\Middleware\EntrustPermission::class,
|
'permission' => \Zizaco\Entrust\Middleware\EntrustPermission::class,
|
||||||
'ability' => \Zizaco\Entrust\Middleware\EntrustAbility::class,
|
'ability' => \Zizaco\Entrust\Middleware\EntrustAbility::class,
|
||||||
'isUserDatasetAdmin' => \App\Http\Middleware\WebAuthorizeDataset::class,
|
'isUserDatasetAdmin' => \App\Http\Middleware\WebAuthorizeDataset::class,
|
||||||
|
'isUserFileOwner' => \App\Http\Middleware\WebAuthorizeFile::class,
|
||||||
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
60
app/Http/Middleware/WebAuthorizeFile.php
Normal file
60
app/Http/Middleware/WebAuthorizeFile.php
Normal file
|
@ -0,0 +1,60 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace App\Http\Middleware;
|
||||||
|
|
||||||
|
use Closure;
|
||||||
|
use Illuminate\Contracts\Auth\Guard;
|
||||||
|
use App\Models\Dataset;
|
||||||
|
use App\Models\User;
|
||||||
|
use App\Models\File;
|
||||||
|
|
||||||
|
class WebAuthorizeFile
|
||||||
|
{
|
||||||
|
const DELIMITER = '|';
|
||||||
|
|
||||||
|
protected $auth;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates a new instance of the middleware.
|
||||||
|
*
|
||||||
|
* @param Guard $auth
|
||||||
|
*/
|
||||||
|
public function __construct(Guard $auth)
|
||||||
|
{
|
||||||
|
$this->auth = $auth;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Handle an incoming request.
|
||||||
|
*
|
||||||
|
* @param \Illuminate\Http\Request $request
|
||||||
|
* @param \Closure $next
|
||||||
|
* @return mixed
|
||||||
|
*/
|
||||||
|
public function handle(\Illuminate\Http\Request $request, Closure $next)
|
||||||
|
{
|
||||||
|
// if ($this->auth->guest() || !$request->user()->can("Administrator")) {
|
||||||
|
// abort(403);
|
||||||
|
// }
|
||||||
|
$userId = $this->auth->user()->id;
|
||||||
|
$fileId = $request->route('id');
|
||||||
|
$file = File::with('dataset')->findOrFail($fileId);
|
||||||
|
$datasetId = $file->dataset->id;
|
||||||
|
|
||||||
|
if ($this->auth->guest() || !$this->isUserDatasetAdmin($userId, $datasetId)) {
|
||||||
|
abort(403, "You are not allowed to do this action!");
|
||||||
|
}
|
||||||
|
return $next($request);
|
||||||
|
}
|
||||||
|
|
||||||
|
private function isUserDatasetAdmin($userId, $datasetId)
|
||||||
|
{
|
||||||
|
$dataset = Dataset::with('user:id,login')->findOrFail($datasetId);
|
||||||
|
$user = User::findOrFail($userId);
|
||||||
|
if ($dataset->user->id == $user->id) { //} || $user->can("administrator")) {
|
||||||
|
return true;
|
||||||
|
} else {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
10
composer.lock
generated
10
composer.lock
generated
|
@ -3909,16 +3909,16 @@
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "phpunit/php-token-stream",
|
"name": "phpunit/php-token-stream",
|
||||||
"version": "3.1.0",
|
"version": "3.1.1",
|
||||||
"source": {
|
"source": {
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://github.com/sebastianbergmann/php-token-stream.git",
|
"url": "https://github.com/sebastianbergmann/php-token-stream.git",
|
||||||
"reference": "e899757bb3df5ff6e95089132f32cd59aac2220a"
|
"reference": "995192df77f63a59e47f025390d2d1fdf8f425ff"
|
||||||
},
|
},
|
||||||
"dist": {
|
"dist": {
|
||||||
"type": "zip",
|
"type": "zip",
|
||||||
"url": "https://api.github.com/repos/sebastianbergmann/php-token-stream/zipball/e899757bb3df5ff6e95089132f32cd59aac2220a",
|
"url": "https://api.github.com/repos/sebastianbergmann/php-token-stream/zipball/995192df77f63a59e47f025390d2d1fdf8f425ff",
|
||||||
"reference": "e899757bb3df5ff6e95089132f32cd59aac2220a",
|
"reference": "995192df77f63a59e47f025390d2d1fdf8f425ff",
|
||||||
"shasum": ""
|
"shasum": ""
|
||||||
},
|
},
|
||||||
"require": {
|
"require": {
|
||||||
|
@ -3954,7 +3954,7 @@
|
||||||
"keywords": [
|
"keywords": [
|
||||||
"tokenizer"
|
"tokenizer"
|
||||||
],
|
],
|
||||||
"time": "2019-07-25T05:29:42+00:00"
|
"time": "2019-09-17T06:23:10+00:00"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "phpunit/phpunit",
|
"name": "phpunit/phpunit",
|
||||||
|
|
|
@ -251,6 +251,13 @@ Route::group(
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
|
|
||||||
|
// //=============================================================================================================
|
||||||
|
// //=================================================setting file=============================================
|
||||||
|
Route::get('settings/file/download/{id}', [
|
||||||
|
'middleware' => ['isUserFileOwner'],
|
||||||
|
'as' => 'settings.file.download', 'uses' => 'Settings\FileController@download',
|
||||||
|
]);
|
||||||
|
|
||||||
//=================================================setting home - dashboard=======================================
|
//=================================================setting home - dashboard=======================================
|
||||||
Route::get('settings/', [
|
Route::get('settings/', [
|
||||||
'as' => 'settings.dashboard', 'uses' => 'Settings\DashboardController@index',
|
'as' => 'settings.dashboard', 'uses' => 'Settings\DashboardController@index',
|
||||||
|
@ -275,11 +282,6 @@ Route::group(['middleware' => ['permission:settings']], function () {
|
||||||
// Route::get('settings/file/download/{id}', [
|
// Route::get('settings/file/download/{id}', [
|
||||||
// 'as' => 'settings.file.download', 'uses' => 'Settings\DatasetController@download',
|
// 'as' => 'settings.file.download', 'uses' => 'Settings\DatasetController@download',
|
||||||
// ]);
|
// ]);
|
||||||
// //=============================================================================================================
|
|
||||||
// //=================================================setting file=============================================
|
|
||||||
Route::get('settings/file/download/{id}', [
|
|
||||||
'as' => 'settings.file.download', 'uses' => 'Settings\FileController@download',
|
|
||||||
]);
|
|
||||||
|
|
||||||
//=================================================setting mimetype=============================================
|
//=================================================setting mimetype=============================================
|
||||||
Route::get('/settings/mimetype', [
|
Route::get('/settings/mimetype', [
|
||||||
|
@ -499,38 +501,6 @@ Route::get('history', [
|
||||||
'as' => 'borrow.history', 'uses' => 'BorrowController@histori',
|
'as' => 'borrow.history', 'uses' => 'BorrowController@histori',
|
||||||
]);
|
]);
|
||||||
|
|
||||||
//=========================================================================================================
|
|
||||||
//=================================================setting periode=========================================
|
|
||||||
Route::get('/settings/periode', [
|
|
||||||
'as' => 'settings.periode', 'uses' => 'PeriodeController@index',
|
|
||||||
]);
|
|
||||||
Route::get('settings/periode/edit/{id}', [
|
|
||||||
'as' => 'settings.periode.edit', 'uses' => 'PeriodeController@edit',
|
|
||||||
]);
|
|
||||||
Route::patch('settings/periode/edit/{id}', [
|
|
||||||
'as' => 'settings.periode.update', 'uses' => 'PeriodeController@update',
|
|
||||||
]);
|
|
||||||
|
|
||||||
//=============================================================================================================
|
|
||||||
//=================================================setting book================================================
|
|
||||||
Route::get('/settings/book', [
|
|
||||||
'as' => 'settings.book', 'uses' => 'BookController@index',
|
|
||||||
]);
|
|
||||||
Route::get('/settings/book/add', [
|
|
||||||
'as' => 'settings.book.add', 'uses' => 'BookController@add',
|
|
||||||
]);
|
|
||||||
Route::post('settings/book/add', [
|
|
||||||
'as' => 'settings.book.post', 'uses' => 'BookController@store',
|
|
||||||
]);
|
|
||||||
Route::get('settings/book/edit/{id}', [
|
|
||||||
'as' => 'settings.book.edit', 'uses' => 'BookController@edit',
|
|
||||||
]);
|
|
||||||
Route::patch('settings/book/edit/{id}', [
|
|
||||||
'as' => 'settings.book.update', 'uses' => 'BookController@update',
|
|
||||||
]);
|
|
||||||
Route::get('settings/book/delete/{id}', [
|
|
||||||
'as' => 'settings.book.delete', 'uses' => 'BookController@delete',
|
|
||||||
]);
|
|
||||||
|
|
||||||
//====================================authentication===========================================================================
|
//====================================authentication===========================================================================
|
||||||
// Route::controllers([
|
// Route::controllers([
|
||||||
|
|
Loading…
Reference in New Issue
Block a user