- check if user is owner of file

- delete unnecessary models and web routes
This commit is contained in:
Arno Kaimbacher 2019-09-19 13:22:05 +02:00
parent 0d6cf1158f
commit 7b34e57aee
7 changed files with 74 additions and 183 deletions

View File

@ -1,82 +0,0 @@
<?php
namespace App\Http\Controllers;
use App\Http\Requests;
use App\Http\Controllers\Controller;
use App\Book;
use App\Models\Project;
use App\Shelf;
use App\Http\Requests\BookRequest;
use Illuminate\Http\Request;
use Illuminate\View\View;
class BookController extends Controller
{
public function __construct()
{
$this->middleware('auth');
}
public function index() : View
{
//$books = Book::with('category', 'shelf')->get();
$books = Book::with('project')->get();
return view('rdr.settings.book.book', compact('books'));
}
public function add()
{
$categories = Project::pluck('name', 'id');
$shelves = Shelf::pluck('shelf', 'id');
$datum = date('Y-m-d');
$nowYear = substr($datum, 0, 4);
$years = array();
for ($jahr = 1990; $jahr <= $nowYear; $jahr++) {
$years[$jahr] = $jahr;
}
return view('rdr.settings.book.add', compact('categories', 'shelves', 'years'));
}
public function store(BookRequest $request)
{
$input = $request->all();
$book = Book::create($input);
session()->flash('flash_message', 'You have been addded 1 book!');
return redirect()->route('settings.book');
}
public function edit($id)
{
$book = Book::findOrFail($id);
$categories = Project::pluck('name', 'id');
// $shelves = Shelf::pluck('shelf', 'id');
$datum = date('Y-m-d');
$nowYear = substr($datum, 0, 4);
$years = array();
for ($jahr = 1990; $jahr <= $nowYear; $jahr++) {
$years[$jahr] = $jahr;
}
return view('rdr.settings.book.edit', compact('book', 'categories', 'years'));
//return view('rdr.settings.book.edit', compact('book', 'categories', 'shelves', 'years'));
}
public function update($id, BookRequest $request)
{
$book = Book::findOrFail($id);
$input = $request->all();
$book->update($input);
session()->flash('flash_message', 'You have updated 1 book!');
return redirect()->route('settings.book');
}
public function delete($id)
{
$book = Book::findOrFail($id);
$book->delete();
session()->flash('flash_message', 'You have deleted 1 book!');
return redirect()->route('settings.book');
}
}

View File

@ -1,58 +0,0 @@
<?php
namespace App\Http\Controllers;
use App\Http\Requests;
use App\Http\Controllers\Controller;
use App\Periode;
use App\Student;
use App\Http\Requests\PeriodeRequest;
use Illuminate\Http\Request;
class PeriodeController extends Controller
{
public function __construct()
{
$this->middleware('auth');
}
public function index()
{
$periodes = Periode::get();
return view('lms.settings.periode.periode', compact('periodes'));
}
public function edit($id)
{
$periode = Periode::findOrFail($id);
return view('lms.settings.periode.edit', compact('periode'));
}
public function update($id, PeriodeRequest $request)
{
$periode = Periode::findOrFail($id);
$input = $request->all();
$periode->update($input);
//process
$tglSekarang = time();
$students = Student::get();
foreach ($students as $student) {
$dateDiff = $tglSekarang - $student['registered_at'];
$durasi = floor($dateDiff/(60 * 60 * 24));
$periodes = Periode::first();
if ($durasi > $periodes['days']) {
$student->update(['status' => 0]);
} else {
$student->update(['status' => 1]);
}
}
session()->flash('flash_message', 'You have been updated periode!');
return redirect()->route('settings.periode');
}
}

View File

@ -64,6 +64,7 @@ class Kernel extends HttpKernel
'permission' => \Zizaco\Entrust\Middleware\EntrustPermission::class,
'ability' => \Zizaco\Entrust\Middleware\EntrustAbility::class,
'isUserDatasetAdmin' => \App\Http\Middleware\WebAuthorizeDataset::class,
'isUserFileOwner' => \App\Http\Middleware\WebAuthorizeFile::class,
];
}

View File

@ -0,0 +1,60 @@
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Contracts\Auth\Guard;
use App\Models\Dataset;
use App\Models\User;
use App\Models\File;
class WebAuthorizeFile
{
const DELIMITER = '|';
protected $auth;
/**
* Creates a new instance of the middleware.
*
* @param Guard $auth
*/
public function __construct(Guard $auth)
{
$this->auth = $auth;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle(\Illuminate\Http\Request $request, Closure $next)
{
// if ($this->auth->guest() || !$request->user()->can("Administrator")) {
// abort(403);
// }
$userId = $this->auth->user()->id;
$fileId = $request->route('id');
$file = File::with('dataset')->findOrFail($fileId);
$datasetId = $file->dataset->id;
if ($this->auth->guest() || !$this->isUserDatasetAdmin($userId, $datasetId)) {
abort(403, "You are not allowed to do this action!");
}
return $next($request);
}
private function isUserDatasetAdmin($userId, $datasetId)
{
$dataset = Dataset::with('user:id,login')->findOrFail($datasetId);
$user = User::findOrFail($userId);
if ($dataset->user->id == $user->id) { //} || $user->can("administrator")) {
return true;
} else {
return false;
}
}
}

10
composer.lock generated
View File

@ -3909,16 +3909,16 @@
},
{
"name": "phpunit/php-token-stream",
"version": "3.1.0",
"version": "3.1.1",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/php-token-stream.git",
"reference": "e899757bb3df5ff6e95089132f32cd59aac2220a"
"reference": "995192df77f63a59e47f025390d2d1fdf8f425ff"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/php-token-stream/zipball/e899757bb3df5ff6e95089132f32cd59aac2220a",
"reference": "e899757bb3df5ff6e95089132f32cd59aac2220a",
"url": "https://api.github.com/repos/sebastianbergmann/php-token-stream/zipball/995192df77f63a59e47f025390d2d1fdf8f425ff",
"reference": "995192df77f63a59e47f025390d2d1fdf8f425ff",
"shasum": ""
},
"require": {
@ -3954,7 +3954,7 @@
"keywords": [
"tokenizer"
],
"time": "2019-07-25T05:29:42+00:00"
"time": "2019-09-17T06:23:10+00:00"
},
{
"name": "phpunit/phpunit",

View File

@ -251,6 +251,13 @@ Route::group(
}
);
// //=============================================================================================================
// //=================================================setting file=============================================
Route::get('settings/file/download/{id}', [
'middleware' => ['isUserFileOwner'],
'as' => 'settings.file.download', 'uses' => 'Settings\FileController@download',
]);
//=================================================setting home - dashboard=======================================
Route::get('settings/', [
'as' => 'settings.dashboard', 'uses' => 'Settings\DashboardController@index',
@ -275,11 +282,6 @@ Route::group(['middleware' => ['permission:settings']], function () {
// Route::get('settings/file/download/{id}', [
// 'as' => 'settings.file.download', 'uses' => 'Settings\DatasetController@download',
// ]);
// //=============================================================================================================
// //=================================================setting file=============================================
Route::get('settings/file/download/{id}', [
'as' => 'settings.file.download', 'uses' => 'Settings\FileController@download',
]);
//=================================================setting mimetype=============================================
Route::get('/settings/mimetype', [
@ -499,38 +501,6 @@ Route::get('history', [
'as' => 'borrow.history', 'uses' => 'BorrowController@histori',
]);
//=========================================================================================================
//=================================================setting periode=========================================
Route::get('/settings/periode', [
'as' => 'settings.periode', 'uses' => 'PeriodeController@index',
]);
Route::get('settings/periode/edit/{id}', [
'as' => 'settings.periode.edit', 'uses' => 'PeriodeController@edit',
]);
Route::patch('settings/periode/edit/{id}', [
'as' => 'settings.periode.update', 'uses' => 'PeriodeController@update',
]);
//=============================================================================================================
//=================================================setting book================================================
Route::get('/settings/book', [
'as' => 'settings.book', 'uses' => 'BookController@index',
]);
Route::get('/settings/book/add', [
'as' => 'settings.book.add', 'uses' => 'BookController@add',
]);
Route::post('settings/book/add', [
'as' => 'settings.book.post', 'uses' => 'BookController@store',
]);
Route::get('settings/book/edit/{id}', [
'as' => 'settings.book.edit', 'uses' => 'BookController@edit',
]);
Route::patch('settings/book/edit/{id}', [
'as' => 'settings.book.update', 'uses' => 'BookController@update',
]);
Route::get('settings/book/delete/{id}', [
'as' => 'settings.book.delete', 'uses' => 'BookController@delete',
]);
//====================================authentication===========================================================================
// Route::controllers([