- nur user kann sich selbst editieren

- admin kann alles user editieren
This commit is contained in:
Arno Kaimbacher 2019-05-16 10:34:04 +02:00
parent aac9196650
commit abc0360835
5 changed files with 105 additions and 51 deletions

View File

@ -6,7 +6,6 @@ use App\Models\Dataset;
use App\Http\Controllers\Controller; use App\Http\Controllers\Controller;
use App\Models\License; use App\Models\License;
use App\Models\File; use App\Models\File;
use App\Models\Person;
use App\Models\Project; use App\Models\Project;
use App\Models\Title; use App\Models\Title;
use App\Models\Description; use App\Models\Description;

View File

@ -5,6 +5,8 @@ use App\Http\Controllers\Controller;
use App\Models\Role; use App\Models\Role;
use App\Models\User; use App\Models\User;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Auth;
class UserController extends Controller class UserController extends Controller
{ {
@ -105,14 +107,23 @@ class UserController extends Controller
public function edit($id) public function edit($id)
{ {
$user = User::find($id); $user = User::find($id);
$roles = Role::all('id', 'name'); if ($user == null) {
return abort(404, 'User not found.');
}
$roles = Role::all('id', 'name');
//$userRoles = $user->roles->pluck('name','name')->all(); //$userRoles = $user->roles->pluck('name','name')->all();
$checkeds = $user->roles->pluck('id')->toArray(); $checkeds = $user->roles->pluck('id')->toArray();
return view('settings.access.user.edit', compact('user', 'roles', 'checkeds')); return view('settings.access.user.edit', compact('user', 'roles', 'checkeds'));
} }
private function validateUser($id, $current_password)
{
$user = User::findOrFail($id);
return Hash::check($current_password, $user->password);
}
/** /**
* Update the specified resource in storage. * Update the specified resource in storage.
* *
@ -122,36 +133,69 @@ class UserController extends Controller
*/ */
public function update(Request $request, $id) public function update(Request $request, $id)
{ {
// if model state is valid
$this->validate(request(), [ $this->validate(request(), [
'login' => 'required', 'login' => 'required',
'email' => 'required|email|unique:accounts,email,' . $id, 'email' => 'required|email|unique:accounts,email,' . $id,
'password' => 'required|min:6|confirmed', 'password' => 'nullable|min:6|confirmed',
//'current_password' => 'required_with:password'
]); ]);
$valid = true;
$user = User::findOrFail($id); $user = User::findOrFail($id);
// $input = $request->except('roles'); $roles = Role::all('id', 'name');
// $user->fill($input)->save(); $input = $request->all();
$flash_message = '';
$errors = new \Illuminate\Support\MessageBag();
$input = $request->only(['login', 'email', 'password']); //Retreive the name, email and password fields if (array_key_exists('current_password', $input)) {
//$input = $request->all(); // if user is not admin he must enter old_password if a new password is defined
if (!Auth::user()->hasRole('Administrator') && $input['current_password'] == null && $input['password'] != null) {
//ModelState.AddModelError("OldPassword", Resources.User_Edit_OldPasswordEmpty);
//$flash_message = 'Current password should not be empty.';
// add your error messages:
$errors->add('your_custom_error', 'Current password cannot not be empty, if you define a new password');
$valid = false;
}
if ($input['current_password'] != null && $this->validateUser($user->id, $input['current_password']) == false) {
//$flash_message = 'Password does not match the current password.';
$errors->add('your_custom_error', 'Password does not match the current password.');
$valid = false;
}
}
//$input = $request->only(['login', 'email', 'password']); //Retreive the name, email and password fields
if ($valid == true) {
$user->login = $input['login']; $user->login = $input['login'];
$user->email = $input['email']; $user->email = $input['email'];
$user->password = bcrypt($input['password']); if ($input['password']) {
$user->password = Hash::make($input['password']);
}
$user->save(); $user->save();
$roles = $request['roles']; //Retreive all roles $roles = $request['roles']; //Retreive all roles
if (array_key_exists('roles', $input)) {
if (isset($roles)) { if (isset($roles)) {
$user->roles()->sync($roles); //If one or more role is selected associate user to roles $user->roles()->sync($roles); //If one or more role is selected associate user to roles
} else { } else {
$user->roles()->detach(); //If no role is selected remove exisiting role associated to a user $user->roles()->detach(); //If no role is selected remove exisiting role associated to a user
} }
}
//return back()->with('flash_message', 'user successfully updated.'); return back()->with('flash_message', 'user successfully updated.');
return redirect() // return redirect()
->route('access.user.index') // ->route('access.user.index')
->with('flash_message', 'User successfully edited.'); // ->with('flash_message', 'User successfully edited.');
}
return back()
->withInput($input)
->withErrors($errors);
} }
/** /**

View File

@ -10,12 +10,12 @@
<div class="pure-g box-content"> <div class="pure-g box-content">
<div class="pure-u-1 pure-u-md-2-3"> <div class="pure-u-1 pure-u-md-2-3">
<div> {{-- <div>
<a href="{{ route('access.user.index') }}" class="pure-button button-small"> <a href="{{ route('access.user.index') }}" class="pure-button button-small">
<i class="fa fa-chevron-left"></i> <i class="fa fa-chevron-left"></i>
<span>BACK</span> <span>BACK</span>
</a> </a>
</div> </div> --}}
@if (count($errors) > 0) @if (count($errors) > 0)
<div class="alert alert-danger"> <div class="alert alert-danger">
@ -40,36 +40,45 @@
<div class="pure-control-group @if ($errors->has('email')) field-validation-error @endif"> <div class="pure-control-group @if ($errors->has('email')) field-validation-error @endif">
<label>Email:</label> <label>Email:</label>
{!! Form::text('email', null, array('placeholder' => 'Email','class' => 'form-control')) !!} {!! Form::text('email', null, array('readonly', 'placeholder' => 'Email','class' => 'form-control')) !!}
<em>*</em> <em>*</em>
</div> </div>
@if (!Auth::user()->hasRole("administrator"))
<div class="pure-control-group">
{!! Form::label('current_password', 'Current Password:') !!}
{!! Form::password ('current_password', null, array('placeholder' => 'current password', 'id' => 'old_password', 'class' => 'form-control')) !!}
{{-- <em>*</em> --}}
</div>
@endif
<div class="pure-control-group @if ($errors->has('password')) field-validation-error @endif"> <div class="pure-control-group @if ($errors->has('password')) field-validation-error @endif">
<label>Password:</label> <label>New Password:</label>
{!! Form::password('password', array('placeholder' => 'Password','class' => 'form-control')) !!} {!! Form::password('password', array('placeholder' => 'new password','class' => 'form-control')) !!}
<em>*</em>
</div> </div>
<div class="pure-control-group @if ($errors->has('password')) field-validation-error @endif"> <div class="pure-control-group @if ($errors->has('password')) field-validation-error @endif">
<label>Confirm Password:</label> <label>Confirm Password:</label>
{!! Form::password('password_confirmation', array('placeholder' => 'Confirm Password','class' => 'form-control')) !!} {!! Form::password('password_confirmation', array('placeholder' => 'confirm password','class' => 'form-control')) !!}
<em>*</em>
</div> </div>
@if (Auth::user()->hasRole("administrator"))
<h5><b>Assign Roles</b></h5> <h5><b>Assign Roles</b></h5>
<div class="pure-control-group checkboxlist @if ($errors->has('roles')) field-validation-error @endif"> <div class="pure-control-group checkboxlist @if ($errors->has('roles')) field-validation-error @endif">
<!-- <label for="Roles">Assign Roles</label>--> <!-- <label for="Roles">Assign Roles</label>-->
@foreach ($roles as $role) @foreach ($roles as $role)
<label for={{"role". $role->id }} class="pure-checkbox"> <label for={{"role". $role->id }} class="pure-checkbox">
<input name="roles[]" value={{ $role->id }} {{ (in_array($role->id, $checkeds)) ? 'checked=checked' : '' }} type="checkbox" class="form-check-input"> <input name="roles[]" value={{ $role->id }} {{ (in_array($role->id, $checkeds)) ? 'checked=checked' : '' }} type="checkbox" class="form-check-input">
{{ $role->name }} {{ $role->name }}
</label> </label>
@endforeach @endforeach
<i class="fa fa-info-circle" title="Administrators have access to all datasets and are allowed to do all operations with datasets and users."></i>
</div> </div>
@endif
<button type="submit" class="pure-button button-small">Save</button> <button type="submit" class="pure-button button-small">Save</button>

View File

@ -147,17 +147,18 @@
<a class="pure-menu-link" href="{{ route('login') }}">LOGIN</a> <a class="pure-menu-link" href="{{ route('login') }}">LOGIN</a>
</li> </li>
@else @else
<li class="pure-menu-item {{ Route::is('access.user.edit') ? 'active' : '' }}">
<a class="pure-menu-link" href="{{ route('access.user.edit',['id'=>Auth::user()->id]) }}"><i class="fa fa-user"></i> EDIT</a>
</li>
@permission('settings') @permission('settings')
<li class="pure-menu-item {{ Route::is('access.user.*') ? 'active' : '' }}"> <li class="pure-menu-item {{ Route::is('access.user.index') ? 'active' : '' }}">
<a class="pure-menu-link" href="{{route('access.user.index') }}"><i class="fa fa-users"></i> User Management</a> <a class="pure-menu-link" href="{{route('access.user.index') }}"><i class="fa fa-users"></i> User Management</a>
</li> </li>
<li class="pure-menu-item {{ Route::is('access.role.*') ? 'active' : '' }}"> <li class="pure-menu-item {{ Route::is('access.role.*') ? 'active' : '' }}">
<a class="pure-menu-link" href="{{route('access.role.index') }}"><i class="fa fa-key"></i> Role Management</a> <a class="pure-menu-link" href="{{route('access.role.index') }}"><i class="fa fa-key"></i> Role Management</a>
</li> </li>
<li class="pure-menu-item">
<a class="pure-menu-link" href="{{ route('access.user.edit',['id'=>Auth::user()->id]) }}"><i class="fa fa-user"></i> EDIT</a>
</li>
@endpermission @endpermission
{{-- <li class="pure-menu-item"> {{-- <li class="pure-menu-item">
<a class="pure-menu-link" href="{{ route('logout') }}"><i class="fas fa-sign-out-alt"></i> Logout</a> <a class="pure-menu-link" href="{{ route('logout') }}"><i class="fas fa-sign-out-alt"></i> Logout</a>
</li> --}} </li> --}}
@ -187,7 +188,9 @@
<div class="pure-u-1-2 text-right"> <div class="pure-u-1-2 text-right">
<section class="user-info"> <section class="user-info">
@if(Auth::user()) @if(Auth::user())
<i class="fa fa-user"></i> <a href="#" rel="User">{{ Auth::user()->login }}</a> {{-- <i class="fa fa-user"></i>
<a href="#" rel="User">{{ Auth::user()->login }}</a> --}}
<a href="{{ route('access.user.edit',['id'=>Auth::user()->id]) }}"><i class="fa fa-user"></i> {{ Auth::user()->login }}</a>
<span class="divider"></span> <span class="divider"></span>
<i class="fas fa-sign-out-alt"></i><a href="{{ route('logout') }}">Logout</a> <i class="fas fa-sign-out-alt"></i><a href="{{ route('logout') }}">Logout</a>
{{-- <span class="divider"></span> --}} {{-- <span class="divider"></span> --}}

View File

@ -140,46 +140,45 @@ Route::group(
Route::group( Route::group(
[ [
'namespace' => 'Settings\Access', 'namespace' => 'Settings\Access',
'middleware' => ['permission:settings'],
'prefix' => 'settings/access', 'prefix' => 'settings/access',
'as' => 'access.', 'as' => 'access.',
], ],
function () { function () {
//Route::resource('users','UserController'); //Route::resource('users','UserController');
Route::get('user', [ Route::get('user', [
'as' => 'user.index', 'uses' => 'UserController@index', 'as' => 'user.index', 'uses' => 'UserController@index', 'middleware' => ['permission:settings'],
]); ]);
Route::get('user/create', [ Route::get('user/create', [
'as' => 'user.create', 'uses' => 'UserController@create', 'as' => 'user.create', 'uses' => 'UserController@create', 'middleware' => ['permission:settings'],
]); ]);
Route::post('user/store', [ Route::post('user/store', [
'as' => 'user.store', 'uses' => 'UserController@store', 'as' => 'user.store', 'uses' => 'UserController@store','middleware' => ['permission:settings'],
]); ]);
Route::get('user/edit/{id}', [ Route::get('user/edit/{id}', [
'as' => 'user.edit', 'uses' => 'UserController@edit', 'as' => 'user.edit', 'uses' => 'UserController@edit', 'middleware' => ['auth']
]); ]);
Route::patch('user/update/{id}', [ Route::patch('user/update/{id}', [
'as' => 'user.update', 'uses' => 'UserController@update', 'as' => 'user.update', 'uses' => 'UserController@update', 'middleware' => ['auth']
]); ]);
Route::get('user/destroy/{id}', [ Route::get('user/destroy/{id}', [
'as' => 'user.destroy', 'uses' => 'UserController@destroy', 'as' => 'user.destroy', 'uses' => 'UserController@destroy','middleware' => ['permission:settings'],
]); ]);
//Route::resource('users','RoleController'); //Route::resource('users','RoleController');
Route::get('role', [ Route::get('role', [
'as' => 'role.index', 'uses' => 'RoleController@index', 'as' => 'role.index', 'uses' => 'RoleController@index', 'middleware' => ['permission:settings'],
]); ]);
Route::get('role/create', [ Route::get('role/create', [
'as' => 'role.create', 'uses' => 'RoleController@create', 'as' => 'role.create', 'uses' => 'RoleController@create','middleware' => ['permission:settings'],
]); ]);
Route::post('role/store', [ Route::post('role/store', [
'as' => 'role.store', 'uses' => 'RoleController@store', 'as' => 'role.store', 'uses' => 'RoleController@store','middleware' => ['permission:settings'],
]); ]);
Route::get('role/edit/{id}', [ Route::get('role/edit/{id}', [
'as' => 'role.edit', 'uses' => 'RoleController@edit', 'as' => 'role.edit', 'uses' => 'RoleController@edit','middleware' => ['permission:settings'],
]); ]);
Route::patch('role/update/{id}', [ Route::patch('role/update/{id}', [
'as' => 'role.update', 'uses' => 'RoleController@update', 'as' => 'role.update', 'uses' => 'RoleController@update','middleware' => ['permission:settings'],
]); ]);
} }
); );