From abc0360835eb0c5d89bfe91420cb4277ae5a3b99 Mon Sep 17 00:00:00 2001 From: Arno Kaimbacher Date: Thu, 16 May 2019 10:34:04 +0200 Subject: [PATCH] - nur user kann sich selbst editieren - admin kann alles user editieren --- .../Controllers/Publish/IndexController.php | 1 - .../Settings/Access/UserController.php | 86 ++++++++++++++----- .../views/settings/access/user/edit.blade.php | 31 ++++--- .../views/settings/layouts/app.blade.php | 15 ++-- routes/web.php | 23 +++-- 5 files changed, 105 insertions(+), 51 deletions(-) diff --git a/app/Http/Controllers/Publish/IndexController.php b/app/Http/Controllers/Publish/IndexController.php index b465500..f665bc9 100644 --- a/app/Http/Controllers/Publish/IndexController.php +++ b/app/Http/Controllers/Publish/IndexController.php @@ -6,7 +6,6 @@ use App\Models\Dataset; use App\Http\Controllers\Controller; use App\Models\License; use App\Models\File; -use App\Models\Person; use App\Models\Project; use App\Models\Title; use App\Models\Description; diff --git a/app/Http/Controllers/Settings/Access/UserController.php b/app/Http/Controllers/Settings/Access/UserController.php index c6dd8d9..664187b 100644 --- a/app/Http/Controllers/Settings/Access/UserController.php +++ b/app/Http/Controllers/Settings/Access/UserController.php @@ -5,6 +5,8 @@ use App\Http\Controllers\Controller; use App\Models\Role; use App\Models\User; use Illuminate\Http\Request; +use Illuminate\Support\Facades\Hash; +use Illuminate\Support\Facades\Auth; class UserController extends Controller { @@ -105,14 +107,23 @@ class UserController extends Controller public function edit($id) { $user = User::find($id); - $roles = Role::all('id', 'name'); + if ($user == null) { + return abort(404, 'User not found.'); + } + $roles = Role::all('id', 'name'); //$userRoles = $user->roles->pluck('name','name')->all(); $checkeds = $user->roles->pluck('id')->toArray(); return view('settings.access.user.edit', compact('user', 'roles', 'checkeds')); } + private function validateUser($id, $current_password) + { + $user = User::findOrFail($id); + return Hash::check($current_password, $user->password); + } + /** * Update the specified resource in storage. * @@ -122,36 +133,69 @@ class UserController extends Controller */ public function update(Request $request, $id) { - + // if model state is valid $this->validate(request(), [ 'login' => 'required', 'email' => 'required|email|unique:accounts,email,' . $id, - 'password' => 'required|min:6|confirmed', + 'password' => 'nullable|min:6|confirmed', + //'current_password' => 'required_with:password' ]); + $valid = true; $user = User::findOrFail($id); - // $input = $request->except('roles'); - // $user->fill($input)->save(); + $roles = Role::all('id', 'name'); + $input = $request->all(); + $flash_message = ''; + $errors = new \Illuminate\Support\MessageBag(); - $input = $request->only(['login', 'email', 'password']); //Retreive the name, email and password fields - //$input = $request->all(); - $user->login = $input['login']; - $user->email = $input['email']; - $user->password = bcrypt($input['password']); - $user->save(); + if (array_key_exists('current_password', $input)) { + // if user is not admin he must enter old_password if a new password is defined + if (!Auth::user()->hasRole('Administrator') && $input['current_password'] == null && $input['password'] != null) { + //ModelState.AddModelError("OldPassword", Resources.User_Edit_OldPasswordEmpty); + //$flash_message = 'Current password should not be empty.'; + // add your error messages: + $errors->add('your_custom_error', 'Current password cannot not be empty, if you define a new password'); + $valid = false; + } - $roles = $request['roles']; //Retreive all roles - - if (isset($roles)) { - $user->roles()->sync($roles); //If one or more role is selected associate user to roles - } else { - $user->roles()->detach(); //If no role is selected remove exisiting role associated to a user + + if ($input['current_password'] != null && $this->validateUser($user->id, $input['current_password']) == false) { + //$flash_message = 'Password does not match the current password.'; + $errors->add('your_custom_error', 'Password does not match the current password.'); + $valid = false; + } } - //return back()->with('flash_message', 'user successfully updated.'); - return redirect() - ->route('access.user.index') - ->with('flash_message', 'User successfully edited.'); + + + //$input = $request->only(['login', 'email', 'password']); //Retreive the name, email and password fields + if ($valid == true) { + $user->login = $input['login']; + $user->email = $input['email']; + if ($input['password']) { + $user->password = Hash::make($input['password']); + } + + $user->save(); + + $roles = $request['roles']; //Retreive all roles + + if (array_key_exists('roles', $input)) { + if (isset($roles)) { + $user->roles()->sync($roles); //If one or more role is selected associate user to roles + } else { + $user->roles()->detach(); //If no role is selected remove exisiting role associated to a user + } + } + + return back()->with('flash_message', 'user successfully updated.'); + // return redirect() + // ->route('access.user.index') + // ->with('flash_message', 'User successfully edited.'); + } + return back() + ->withInput($input) + ->withErrors($errors); } /** diff --git a/resources/views/settings/access/user/edit.blade.php b/resources/views/settings/access/user/edit.blade.php index 8e8af0d..033e365 100644 --- a/resources/views/settings/access/user/edit.blade.php +++ b/resources/views/settings/access/user/edit.blade.php @@ -10,12 +10,12 @@
-
+ {{--
BACK -
+
--}} @if (count($errors) > 0)
@@ -40,36 +40,45 @@
- {!! Form::text('email', null, array('placeholder' => 'Email','class' => 'form-control')) !!} + {!! Form::text('email', null, array('readonly', 'placeholder' => 'Email','class' => 'form-control')) !!} *
+ @if (!Auth::user()->hasRole("administrator")) +
+ {!! Form::label('current_password', 'Current Password:') !!} + {!! Form::password ('current_password', null, array('placeholder' => 'current password', 'id' => 'old_password', 'class' => 'form-control')) !!} + {{-- * --}} +
+ @endif +
- - {!! Form::password('password', array('placeholder' => 'Password','class' => 'form-control')) !!} - * + + {!! Form::password('password', array('placeholder' => 'new password','class' => 'form-control')) !!} +
- {!! Form::password('password_confirmation', array('placeholder' => 'Confirm Password','class' => 'form-control')) !!} - * + {!! Form::password('password_confirmation', array('placeholder' => 'confirm password','class' => 'form-control')) !!} +
+ @if (Auth::user()->hasRole("administrator"))
Assign Roles
@foreach ($roles as $role) - - + @endforeach +
+ @endif diff --git a/resources/views/settings/layouts/app.blade.php b/resources/views/settings/layouts/app.blade.php index 03864e4..88c5115 100644 --- a/resources/views/settings/layouts/app.blade.php +++ b/resources/views/settings/layouts/app.blade.php @@ -147,17 +147,18 @@ LOGIN @else +
  • + EDIT +
  • @permission('settings') -
  • +
  • User Management
  • Role Management -
  • -
  • - EDIT -
  • + @endpermission + {{--
  • Logout
  • --}} @@ -187,7 +188,9 @@