geolba/tethys
6
0
Fork 0
Code Issues 2 Pull Requests Packages Projects 1 Releases Wiki Activity

- check if user is owner of file

Browse Source 
- delete unnecessary models and web routes
This commit is contained in:
Arno Kaimbacher 2019-09-19 13:22:05 +02:00
parent 0d6cf1158f
commit 7b34e57aee
7 changed files with 74 additions and 183 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
app/Http/Controllers/BookController.php
View File

@ -1,82 +0,0 @@
<?php
namespace App\Http\Controllers;
use App\Http\Requests;
use App\Http\Controllers\Controller;
use App\Book;
use App\Models\Project;
use App\Shelf;
use App\Http\Requests\BookRequest;
use Illuminate\Http\Request;
use Illuminate\View\View;
class BookController extends Controller
{
public function __construct()
{
$this->middleware('auth');
}
public function index() : View
{
//$books = Book::with('category', 'shelf')->get();
$books = Book::with('project')->get();
return view('rdr.settings.book.book', compact('books'));
}
public function add()
{
$categories = Project::pluck('name', 'id');
$shelves = Shelf::pluck('shelf', 'id');
$datum = date('Y-m-d');
$nowYear = substr($datum, 0, 4);
$years = array();
for ($jahr = 1990; $jahr <= $nowYear; $jahr++) {
$years[$jahr] = $jahr;
}
return view('rdr.settings.book.add', compact('categories', 'shelves', 'years'));
}
public function store(BookRequest $request)
{
$input = $request->all();
$book = Book::create($input);
session()->flash('flash_message', 'You have been addded 1 book!');
return redirect()->route('settings.book');
}
public function edit($id)
{
$book = Book::findOrFail($id);
$categories = Project::pluck('name', 'id');
// $shelves = Shelf::pluck('shelf', 'id');
$datum = date('Y-m-d');
$nowYear = substr($datum, 0, 4);
$years = array();
for ($jahr = 1990; $jahr <= $nowYear; $jahr++) {
$years[$jahr] = $jahr;
}
return view('rdr.settings.book.edit', compact('book', 'categories', 'years'));
//return view('rdr.settings.book.edit', compact('book', 'categories', 'shelves', 'years'));
}
public function update($id, BookRequest $request)
{
$book = Book::findOrFail($id);
$input = $request->all();
$book->update($input);
session()->flash('flash_message', 'You have updated 1 book!');
return redirect()->route('settings.book');
}
public function delete($id)
{
$book = Book::findOrFail($id);
$book->delete();
session()->flash('flash_message', 'You have deleted 1 book!');
return redirect()->route('settings.book');
}
}

58
app/Http/Controllers/PeriodeController.php
View File

@ -1,58 +0,0 @@
<?php
namespace App\Http\Controllers;
use App\Http\Requests;
use App\Http\Controllers\Controller;
use App\Periode;
use App\Student;
use App\Http\Requests\PeriodeRequest;
use Illuminate\Http\Request;
class PeriodeController extends Controller
{
public function __construct()
{
$this->middleware('auth');
}
public function index()
{
$periodes = Periode::get();
return view('lms.settings.periode.periode', compact('periodes'));
}
public function edit($id)
{
$periode = Periode::findOrFail($id);
return view('lms.settings.periode.edit', compact('periode'));
}
public function update($id, PeriodeRequest $request)
{
$periode = Periode::findOrFail($id);
$input = $request->all();
$periode->update($input);
//process
$tglSekarang = time();
$students = Student::get();
foreach ($students as $student) {
$dateDiff = $tglSekarang - $student['registered_at'];
$durasi = floor($dateDiff/(60 * 60 * 24));
$periodes = Periode::first();
if ($durasi > $periodes['days']) {
$student->update(['status' => 0]);
} else {
$student->update(['status' => 1]);
}
}
session()->flash('flash_message', 'You have been updated periode!');
return redirect()->route('settings.periode');
}
}

2
app/Http/Controllers/Publish/EditorController.php
View File

@ -116,7 +116,7 @@ class EditorController extends Controller
$referenceTypes = ["rdr-id", "arXiv", "bibcode", "DOI", "EAN13", "EISSN", "Handle", "IGSN", "ISBN", "ISSN", "ISTC", "LISSN", "LSID", "PMID", "PURL", "UPC", "URL", "URN"]; $referenceTypes = ["rdr-id", "arXiv", "bibcode", "DOI", "EAN13", "EISSN", "Handle", "IGSN", "ISBN", "ISSN", "ISTC", "LISSN", "LSID", "PMID", "PURL", "UPC", "URL", "URN"];
$referenceTypes = array_combine($referenceTypes, $referenceTypes); $referenceTypes = array_combine($referenceTypes, $referenceTypes);
$relationTypes = ["IsCitedBy", "Cites", "IsSupplementTo", "IsSupplementedBy", "IsContinuedBy", "Continues", "HasMetadata", "IsMetadataFor","IsNewVersionOf", "IsPreviousVersionOf", "IsPartOf", "HasPart", "IsReferencedBy", "References"]; $relationTypes = ["IsCitedBy", "Cites", "IsSupplementTo", "IsSupplementedBy", "IsContinuedBy", "Continues", "HasMetadata", "IsMetadataFor","IsNewVersionOf", "IsPreviousVersionOf", "IsPartOf", "HasPart", "IsReferencedBy", "References"];
// "IsDocumentedBy", "Documents", "IsCompiledBy", "Compiles", "IsVariantFormOf", "IsOriginalFormOf", "IsIdenticalTo", "IsReviewedBy", "Reviews", "IsDerivedFrom", "IsSourceOf"]; // "IsDocumentedBy", "Documents", "IsCompiledBy", "Compiles", "IsVariantFormOf", "IsOriginalFormOf", "IsIdenticalTo", "IsReviewedBy", "Reviews", "IsDerivedFrom", "IsSourceOf"];
$relationTypes = array_combine($relationTypes, $relationTypes); $relationTypes = array_combine($relationTypes, $relationTypes);

1
app/Http/Kernel.php
View File

@ -64,6 +64,7 @@ class Kernel extends HttpKernel
'permission' => \Zizaco\Entrust\Middleware\EntrustPermission::class, 'permission' => \Zizaco\Entrust\Middleware\EntrustPermission::class,
'ability' => \Zizaco\Entrust\Middleware\EntrustAbility::class, 'ability' => \Zizaco\Entrust\Middleware\EntrustAbility::class,
'isUserDatasetAdmin' => \App\Http\Middleware\WebAuthorizeDataset::class, 'isUserDatasetAdmin' => \App\Http\Middleware\WebAuthorizeDataset::class,
'isUserFileOwner' => \App\Http\Middleware\WebAuthorizeFile::class,
]; ];
} }

60
app/Http/Middleware/WebAuthorizeFile.php Normal file
View File

@ -0,0 +1,60 @@
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Contracts\Auth\Guard;
use App\Models\Dataset;
use App\Models\User;
use App\Models\File;
class WebAuthorizeFile
{
const DELIMITER = '|';
protected $auth;
/**
* Creates a new instance of the middleware.
*
* @param Guard $auth
*/
public function __construct(Guard $auth)
{
$this->auth = $auth;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle(\Illuminate\Http\Request $request, Closure $next)
{
// if ($this->auth->guest() || !$request->user()->can("Administrator")) {
// abort(403);
// }
$userId = $this->auth->user()->id;
$fileId = $request->route('id');
$file = File::with('dataset')->findOrFail($fileId);
$datasetId = $file->dataset->id;
if ($this->auth->guest() || !$this->isUserDatasetAdmin($userId, $datasetId)) {
abort(403, "You are not allowed to do this action!");
}
return $next($request);
}
private function isUserDatasetAdmin($userId, $datasetId)
{
$dataset = Dataset::with('user:id,login')->findOrFail($datasetId);
$user = User::findOrFail($userId);
if ($dataset->user->id == $user->id) { //} || $user->can("administrator")) {
return true;
} else {
return false;
}
}
}

10
composer.lock generated
View File

@ -3909,16 +3909,16 @@
}, },
{ {
"name": "phpunit/php-token-stream", "name": "phpunit/php-token-stream",
"version": "3.1.0", "version": "3.1.1",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/sebastianbergmann/php-token-stream.git", "url": "https://github.com/sebastianbergmann/php-token-stream.git",
"reference": "e899757bb3df5ff6e95089132f32cd59aac2220a" "reference": "995192df77f63a59e47f025390d2d1fdf8f425ff"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/php-token-stream/zipball/e899757bb3df5ff6e95089132f32cd59aac2220a", "url": "https://api.github.com/repos/sebastianbergmann/php-token-stream/zipball/995192df77f63a59e47f025390d2d1fdf8f425ff",
"reference": "e899757bb3df5ff6e95089132f32cd59aac2220a", "reference": "995192df77f63a59e47f025390d2d1fdf8f425ff",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -3954,7 +3954,7 @@
"keywords": [ "keywords": [
"tokenizer" "tokenizer"
], ],
"time": "2019-07-25T05:29:42+00:00" "time": "2019-09-17T06:23:10+00:00"
}, },
{ {
"name": "phpunit/phpunit", "name": "phpunit/phpunit",

44
routes/web.php
View File

@ -251,6 +251,13 @@ Route::group(
} }
); );
// //=============================================================================================================
// //=================================================setting file=============================================
Route::get('settings/file/download/{id}', [
'middleware' => ['isUserFileOwner'],
'as' => 'settings.file.download', 'uses' => 'Settings\FileController@download',
]);
//=================================================setting home - dashboard======================================= //=================================================setting home - dashboard=======================================
Route::get('settings/', [ Route::get('settings/', [
'as' => 'settings.dashboard', 'uses' => 'Settings\DashboardController@index', 'as' => 'settings.dashboard', 'uses' => 'Settings\DashboardController@index',
@ -275,11 +282,6 @@ Route::group(['middleware' => ['permission:settings']], function () {
// Route::get('settings/file/download/{id}', [ // Route::get('settings/file/download/{id}', [
// 'as' => 'settings.file.download', 'uses' => 'Settings\DatasetController@download', // 'as' => 'settings.file.download', 'uses' => 'Settings\DatasetController@download',
// ]); // ]);
// //=============================================================================================================
// //=================================================setting file=============================================
Route::get('settings/file/download/{id}', [
'as' => 'settings.file.download', 'uses' => 'Settings\FileController@download',
]);
//=================================================setting mimetype============================================= //=================================================setting mimetype=============================================
Route::get('/settings/mimetype', [ Route::get('/settings/mimetype', [
@ -499,38 +501,6 @@ Route::get('history', [
'as' => 'borrow.history', 'uses' => 'BorrowController@histori', 'as' => 'borrow.history', 'uses' => 'BorrowController@histori',
]); ]);
//=========================================================================================================
//=================================================setting periode=========================================
Route::get('/settings/periode', [
'as' => 'settings.periode', 'uses' => 'PeriodeController@index',
]);
Route::get('settings/periode/edit/{id}', [
'as' => 'settings.periode.edit', 'uses' => 'PeriodeController@edit',
]);
Route::patch('settings/periode/edit/{id}', [
'as' => 'settings.periode.update', 'uses' => 'PeriodeController@update',
]);
//=============================================================================================================
//=================================================setting book================================================
Route::get('/settings/book', [
'as' => 'settings.book', 'uses' => 'BookController@index',
]);
Route::get('/settings/book/add', [
'as' => 'settings.book.add', 'uses' => 'BookController@add',
]);
Route::post('settings/book/add', [
'as' => 'settings.book.post', 'uses' => 'BookController@store',
]);
Route::get('settings/book/edit/{id}', [
'as' => 'settings.book.edit', 'uses' => 'BookController@edit',
]);
Route::patch('settings/book/edit/{id}', [
'as' => 'settings.book.update', 'uses' => 'BookController@update',
]);
Route::get('settings/book/delete/{id}', [
'as' => 'settings.book.delete', 'uses' => 'BookController@delete',
]);
//====================================authentication=========================================================================== //====================================authentication===========================================================================
// Route::controllers([ // Route::controllers([