From 09fa8ce007da0a614ff51ffd2c456b98384e2a9d Mon Sep 17 00:00:00 2001 From: frederikpyt Date: Mon, 3 Aug 2020 09:39:32 +0200 Subject: [PATCH] Fixed permissions --- .../app/Http/Controllers/UserController.php | 46 ++++++++++++++++--- .../resources/views/app/users/edit.blade.php | 2 +- .../views/app/users/editpass.blade.php | 2 +- skolehjem/routes/web.php | 10 ++-- 4 files changed, 46 insertions(+), 14 deletions(-) diff --git a/skolehjem/app/Http/Controllers/UserController.php b/skolehjem/app/Http/Controllers/UserController.php index 83c285b..7dd52d5 100644 --- a/skolehjem/app/Http/Controllers/UserController.php +++ b/skolehjem/app/Http/Controllers/UserController.php @@ -18,16 +18,16 @@ class UserController extends Controller { public function __construct() { - $this->middleware([ "auth" ])->only(["logout"]); + $this->middleware([ "auth" ])->only("logout"); $this->middleware([ "guest" ])->only("login"); $this->middleware([ "check.auth:user.list" ])->only("index"); $this->middleware([ "check.auth:user.show" ])->only("show"); $this->middleware([ "check.auth:user.create" ])->only("create"); - $this->middleware([ "check.auth:user.edit" ])->only("edit", "update"); + $this->middleware([ "check.auth:user.edit" ])->only(["edit", "update"]); $this->middleware([ "check.auth:user.delete" ])->only("delete"); - $this->middleware([ "check.auth:ownuser.edit" ])->only("update", "accountedit", "accounteditpass", "account"); + $this->middleware([ "check.auth:ownuser.edit" ])->only(["accountupdate", "accountedit", "accounteditpass", "account"]); } /** @@ -123,6 +123,7 @@ class UserController extends Controller */ public function update(Request $request, $id) { + return redirect()->route("users.account"); $user = User::find($id); if($id === Auth::id() || auth()->user()->hasPermissionTo("user.edit")) { @@ -147,8 +148,6 @@ class UserController extends Controller foreach ($request->roles as $role) { $user->assignRole($role); } - - //$user->save(); } else { // Else if you're not on the admin site (user site) if ($request->input('password') != null) { // If you're editing the password $data = $request->only(['name_first', 'name_last', 'email', 'phone', 'password']); @@ -164,7 +163,7 @@ class UserController extends Controller return redirect()->route("users.login")->with('success#passwordchange', '

Dit password er hermed ændret!

'); } } else { // Else if you're not editing the password but anything else (Email, Phone Number). Then update user. - $data = $request->only(['name_first', 'name_last', 'email', 'phone']); + $data = $request->only(['email', 'phone']); $user->update($data); return redirect()->route("users.account")->with('success#credentialschanged', '

Dine oplysninger er hermed ændret!

'); @@ -262,6 +261,41 @@ class UserController extends Controller return Response::detect("users.editpass"); } + /** + * Update the specified resource in storage. + * + * @param \Illuminate\Http\Request $request + * @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\View\Factory|\Illuminate\View\View + */ + public function accountupdate(Request $request) + { + $user = User::find(Auth::id()); + + if ($request->input('password') != null) { // If you're editing the password + $data = $request->only(['name_first', 'name_last', 'email', 'phone', 'password']); + if ($request->input('password') != $request->input('confirmpassword')) { // If new password and new password confirm is not the same, go back with fail message. + return redirect()->route("users.accounteditpass")->with('error#notsamepass', '

Der stod ikke det samme i `Nyt Password` & `Bekræft Nyt Password`!

'); + } elseif (!Hash::check($request->input('oldpassword'), $user->password)) { // If the written current password and current password in DB is not the same, go back with fail message. + return redirect()->route("users.accounteditpass")->with('error#oldpass', '

Det indtastede password i `Nuværende Password` er ikke dit nuværende password!

'); + } else { // If new password and current password is the same AND current written and current DB password is the same. Then update and logout. + /** @var User $user */ + $user->update($data); + Auth::logout(); + + return redirect()->route("users.login")->with('success#passwordchange', '

Dit password er hermed ændret!

'); + } + } else { // Else if you're not editing the password but anything else (Email, Phone Number). Then update user. + $data = $request->only(['email', 'phone']); + $user->update($data); + + return redirect()->route("users.account")->with('success#credentialschanged', '

Dine oplysninger er hermed ændret!

'); + } + $users = User::query()->paginate(20); + + return Response::detect("users.index", [ + "users" => $users + ]); + } public function search(Request $request){ if($request->ajax()){ diff --git a/skolehjem/resources/views/app/users/edit.blade.php b/skolehjem/resources/views/app/users/edit.blade.php index 17f6a1f..6cdbf83 100644 --- a/skolehjem/resources/views/app/users/edit.blade.php +++ b/skolehjem/resources/views/app/users/edit.blade.php @@ -7,7 +7,7 @@ @section("content")

Konto

-
Auth::user()]) }}"> + Auth::user()]) }}"> @csrf @method("put") Navn: diff --git a/skolehjem/resources/views/app/users/editpass.blade.php b/skolehjem/resources/views/app/users/editpass.blade.php index 43b0654..8e38180 100644 --- a/skolehjem/resources/views/app/users/editpass.blade.php +++ b/skolehjem/resources/views/app/users/editpass.blade.php @@ -7,7 +7,7 @@ @section("content")

Konto

- Auth::user()]) }}" style="display: inline-table;"> + Auth::user()]) }}" style="display: inline-table;"> @csrf @method("put") Nuværende Password: diff --git a/skolehjem/routes/web.php b/skolehjem/routes/web.php index 74380a5..6d0d6b7 100644 --- a/skolehjem/routes/web.php +++ b/skolehjem/routes/web.php @@ -13,10 +13,6 @@ use Illuminate\Support\Facades\Route; | */ -//Route::get('/', function () { -// return view('welcome'); -//}); - Route::get("/", "RootController@index")->name("root.index"); Route::get("/home", "RootController@index")->name("root.index"); @@ -28,16 +24,18 @@ Route::post("/forgot", "UserController@forgot")->name("users.forgot"); Route::get("/account", "UserController@account")->name("users.account"); Route::get("/account/edit", "UserController@accountedit")->name("users.accountedit"); Route::get("/account/editpass", "UserController@accounteditpass")->name("users.accounteditpass"); -Route::post("/account/update", "UserController@update")->name("users.accountupdate"); +Route::put("/account/update", "UserController@accountupdate")->name("users.accountupdate"); Route::get("/events/signups", "EventController@signups")->name("events.signups"); Route::get("phones", "PhoneController@index")->name("phones.index"); +Route::get("/washing-reservationsapi", "WashingReservationController@api")->name("washing-reservations.api"); + Route::get("/contactsapi", "ContactController@search")->name("contacts.search"); Route::get("/eventsapi", "EventController@search")->name("events.search"); Route::get("/menuplansapi", "MenuPlanController@search")->name("menu-plans.search"); Route::get("/rolesapi", "RolesController@search")->name("roles.search"); Route::get("/userapi", "UserController@search")->name("users.search"); Route::get("/vaskeapi", "WashingReservationController@search")->name("washing-reservations.search"); -Route::get("/washing-reservationsapi", "WashingReservationController@api")->name("washing-reservations.api"); +