- check if user is owner of file
- delete unnecessary models and web routes
This commit is contained in:
parent
0d6cf1158f
commit
7b34e57aee
|
@ -1,82 +0,0 @@
|
|||
<?php
|
||||
namespace App\Http\Controllers;
|
||||
|
||||
use App\Http\Requests;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Book;
|
||||
use App\Models\Project;
|
||||
use App\Shelf;
|
||||
use App\Http\Requests\BookRequest;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\View\View;
|
||||
|
||||
class BookController extends Controller
|
||||
{
|
||||
public function __construct()
|
||||
{
|
||||
$this->middleware('auth');
|
||||
}
|
||||
|
||||
public function index() : View
|
||||
{
|
||||
//$books = Book::with('category', 'shelf')->get();
|
||||
$books = Book::with('project')->get();
|
||||
return view('rdr.settings.book.book', compact('books'));
|
||||
}
|
||||
|
||||
public function add()
|
||||
{
|
||||
$categories = Project::pluck('name', 'id');
|
||||
$shelves = Shelf::pluck('shelf', 'id');
|
||||
|
||||
$datum = date('Y-m-d');
|
||||
$nowYear = substr($datum, 0, 4);
|
||||
$years = array();
|
||||
for ($jahr = 1990; $jahr <= $nowYear; $jahr++) {
|
||||
$years[$jahr] = $jahr;
|
||||
}
|
||||
|
||||
return view('rdr.settings.book.add', compact('categories', 'shelves', 'years'));
|
||||
}
|
||||
|
||||
public function store(BookRequest $request)
|
||||
{
|
||||
$input = $request->all();
|
||||
$book = Book::create($input);
|
||||
session()->flash('flash_message', 'You have been addded 1 book!');
|
||||
return redirect()->route('settings.book');
|
||||
}
|
||||
|
||||
public function edit($id)
|
||||
{
|
||||
$book = Book::findOrFail($id);
|
||||
$categories = Project::pluck('name', 'id');
|
||||
// $shelves = Shelf::pluck('shelf', 'id');
|
||||
|
||||
$datum = date('Y-m-d');
|
||||
$nowYear = substr($datum, 0, 4);
|
||||
$years = array();
|
||||
for ($jahr = 1990; $jahr <= $nowYear; $jahr++) {
|
||||
$years[$jahr] = $jahr;
|
||||
}
|
||||
return view('rdr.settings.book.edit', compact('book', 'categories', 'years'));
|
||||
//return view('rdr.settings.book.edit', compact('book', 'categories', 'shelves', 'years'));
|
||||
}
|
||||
|
||||
public function update($id, BookRequest $request)
|
||||
{
|
||||
$book = Book::findOrFail($id);
|
||||
$input = $request->all();
|
||||
$book->update($input);
|
||||
session()->flash('flash_message', 'You have updated 1 book!');
|
||||
return redirect()->route('settings.book');
|
||||
}
|
||||
|
||||
public function delete($id)
|
||||
{
|
||||
$book = Book::findOrFail($id);
|
||||
$book->delete();
|
||||
session()->flash('flash_message', 'You have deleted 1 book!');
|
||||
return redirect()->route('settings.book');
|
||||
}
|
||||
}
|
|
@ -1,58 +0,0 @@
|
|||
<?php
|
||||
namespace App\Http\Controllers;
|
||||
|
||||
use App\Http\Requests;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Periode;
|
||||
use App\Student;
|
||||
use App\Http\Requests\PeriodeRequest;
|
||||
use Illuminate\Http\Request;
|
||||
|
||||
class PeriodeController extends Controller
|
||||
{
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
$this->middleware('auth');
|
||||
}
|
||||
|
||||
public function index()
|
||||
{
|
||||
$periodes = Periode::get();
|
||||
return view('lms.settings.periode.periode', compact('periodes'));
|
||||
}
|
||||
|
||||
public function edit($id)
|
||||
{
|
||||
$periode = Periode::findOrFail($id);
|
||||
return view('lms.settings.periode.edit', compact('periode'));
|
||||
}
|
||||
|
||||
public function update($id, PeriodeRequest $request)
|
||||
{
|
||||
$periode = Periode::findOrFail($id);
|
||||
|
||||
$input = $request->all();
|
||||
|
||||
$periode->update($input);
|
||||
|
||||
//process
|
||||
$tglSekarang = time();
|
||||
|
||||
$students = Student::get();
|
||||
|
||||
foreach ($students as $student) {
|
||||
$dateDiff = $tglSekarang - $student['registered_at'];
|
||||
$durasi = floor($dateDiff/(60 * 60 * 24));
|
||||
$periodes = Periode::first();
|
||||
if ($durasi > $periodes['days']) {
|
||||
$student->update(['status' => 0]);
|
||||
} else {
|
||||
$student->update(['status' => 1]);
|
||||
}
|
||||
}
|
||||
|
||||
session()->flash('flash_message', 'You have been updated periode!');
|
||||
return redirect()->route('settings.periode');
|
||||
}
|
||||
}
|
|
@ -64,6 +64,7 @@ class Kernel extends HttpKernel
|
|||
'permission' => \Zizaco\Entrust\Middleware\EntrustPermission::class,
|
||||
'ability' => \Zizaco\Entrust\Middleware\EntrustAbility::class,
|
||||
'isUserDatasetAdmin' => \App\Http\Middleware\WebAuthorizeDataset::class,
|
||||
'isUserFileOwner' => \App\Http\Middleware\WebAuthorizeFile::class,
|
||||
|
||||
];
|
||||
}
|
||||
|
|
60
app/Http/Middleware/WebAuthorizeFile.php
Normal file
60
app/Http/Middleware/WebAuthorizeFile.php
Normal file
|
@ -0,0 +1,60 @@
|
|||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Contracts\Auth\Guard;
|
||||
use App\Models\Dataset;
|
||||
use App\Models\User;
|
||||
use App\Models\File;
|
||||
|
||||
class WebAuthorizeFile
|
||||
{
|
||||
const DELIMITER = '|';
|
||||
|
||||
protected $auth;
|
||||
|
||||
/**
|
||||
* Creates a new instance of the middleware.
|
||||
*
|
||||
* @param Guard $auth
|
||||
*/
|
||||
public function __construct(Guard $auth)
|
||||
{
|
||||
$this->auth = $auth;
|
||||
}
|
||||
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Closure $next
|
||||
* @return mixed
|
||||
*/
|
||||
public function handle(\Illuminate\Http\Request $request, Closure $next)
|
||||
{
|
||||
// if ($this->auth->guest() || !$request->user()->can("Administrator")) {
|
||||
// abort(403);
|
||||
// }
|
||||
$userId = $this->auth->user()->id;
|
||||
$fileId = $request->route('id');
|
||||
$file = File::with('dataset')->findOrFail($fileId);
|
||||
$datasetId = $file->dataset->id;
|
||||
|
||||
if ($this->auth->guest() || !$this->isUserDatasetAdmin($userId, $datasetId)) {
|
||||
abort(403, "You are not allowed to do this action!");
|
||||
}
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
private function isUserDatasetAdmin($userId, $datasetId)
|
||||
{
|
||||
$dataset = Dataset::with('user:id,login')->findOrFail($datasetId);
|
||||
$user = User::findOrFail($userId);
|
||||
if ($dataset->user->id == $user->id) { //} || $user->can("administrator")) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
10
composer.lock
generated
10
composer.lock
generated
|
@ -3909,16 +3909,16 @@
|
|||
},
|
||||
{
|
||||
"name": "phpunit/php-token-stream",
|
||||
"version": "3.1.0",
|
||||
"version": "3.1.1",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/sebastianbergmann/php-token-stream.git",
|
||||
"reference": "e899757bb3df5ff6e95089132f32cd59aac2220a"
|
||||
"reference": "995192df77f63a59e47f025390d2d1fdf8f425ff"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/sebastianbergmann/php-token-stream/zipball/e899757bb3df5ff6e95089132f32cd59aac2220a",
|
||||
"reference": "e899757bb3df5ff6e95089132f32cd59aac2220a",
|
||||
"url": "https://api.github.com/repos/sebastianbergmann/php-token-stream/zipball/995192df77f63a59e47f025390d2d1fdf8f425ff",
|
||||
"reference": "995192df77f63a59e47f025390d2d1fdf8f425ff",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
|
@ -3954,7 +3954,7 @@
|
|||
"keywords": [
|
||||
"tokenizer"
|
||||
],
|
||||
"time": "2019-07-25T05:29:42+00:00"
|
||||
"time": "2019-09-17T06:23:10+00:00"
|
||||
},
|
||||
{
|
||||
"name": "phpunit/phpunit",
|
||||
|
|
|
@ -251,6 +251,13 @@ Route::group(
|
|||
}
|
||||
);
|
||||
|
||||
// //=============================================================================================================
|
||||
// //=================================================setting file=============================================
|
||||
Route::get('settings/file/download/{id}', [
|
||||
'middleware' => ['isUserFileOwner'],
|
||||
'as' => 'settings.file.download', 'uses' => 'Settings\FileController@download',
|
||||
]);
|
||||
|
||||
//=================================================setting home - dashboard=======================================
|
||||
Route::get('settings/', [
|
||||
'as' => 'settings.dashboard', 'uses' => 'Settings\DashboardController@index',
|
||||
|
@ -275,11 +282,6 @@ Route::group(['middleware' => ['permission:settings']], function () {
|
|||
// Route::get('settings/file/download/{id}', [
|
||||
// 'as' => 'settings.file.download', 'uses' => 'Settings\DatasetController@download',
|
||||
// ]);
|
||||
// //=============================================================================================================
|
||||
// //=================================================setting file=============================================
|
||||
Route::get('settings/file/download/{id}', [
|
||||
'as' => 'settings.file.download', 'uses' => 'Settings\FileController@download',
|
||||
]);
|
||||
|
||||
//=================================================setting mimetype=============================================
|
||||
Route::get('/settings/mimetype', [
|
||||
|
@ -499,38 +501,6 @@ Route::get('history', [
|
|||
'as' => 'borrow.history', 'uses' => 'BorrowController@histori',
|
||||
]);
|
||||
|
||||
//=========================================================================================================
|
||||
//=================================================setting periode=========================================
|
||||
Route::get('/settings/periode', [
|
||||
'as' => 'settings.periode', 'uses' => 'PeriodeController@index',
|
||||
]);
|
||||
Route::get('settings/periode/edit/{id}', [
|
||||
'as' => 'settings.periode.edit', 'uses' => 'PeriodeController@edit',
|
||||
]);
|
||||
Route::patch('settings/periode/edit/{id}', [
|
||||
'as' => 'settings.periode.update', 'uses' => 'PeriodeController@update',
|
||||
]);
|
||||
|
||||
//=============================================================================================================
|
||||
//=================================================setting book================================================
|
||||
Route::get('/settings/book', [
|
||||
'as' => 'settings.book', 'uses' => 'BookController@index',
|
||||
]);
|
||||
Route::get('/settings/book/add', [
|
||||
'as' => 'settings.book.add', 'uses' => 'BookController@add',
|
||||
]);
|
||||
Route::post('settings/book/add', [
|
||||
'as' => 'settings.book.post', 'uses' => 'BookController@store',
|
||||
]);
|
||||
Route::get('settings/book/edit/{id}', [
|
||||
'as' => 'settings.book.edit', 'uses' => 'BookController@edit',
|
||||
]);
|
||||
Route::patch('settings/book/edit/{id}', [
|
||||
'as' => 'settings.book.update', 'uses' => 'BookController@update',
|
||||
]);
|
||||
Route::get('settings/book/delete/{id}', [
|
||||
'as' => 'settings.book.delete', 'uses' => 'BookController@delete',
|
||||
]);
|
||||
|
||||
//====================================authentication===========================================================================
|
||||
// Route::controllers([
|
||||
|
|
Loading…
Reference in New Issue
Block a user