Fixed permissions
This commit is contained in:
frederikpyt
@@ -18,16 +18,16 @@ class UserController extends Controller
|
||||
{
|
||||
public function __construct()
|
||||
{
|
||||
$this->middleware([ "auth" ])->only(["logout"]);
|
||||
$this->middleware([ "auth" ])->only("logout");
|
||||
$this->middleware([ "guest" ])->only("login");
|
||||
|
||||
$this->middleware([ "check.auth:user.list" ])->only("index");
|
||||
$this->middleware([ "check.auth:user.show" ])->only("show");
|
||||
$this->middleware([ "check.auth:user.create" ])->only("create");
|
||||
$this->middleware([ "check.auth:user.edit" ])->only("edit", "update");
|
||||
$this->middleware([ "check.auth:user.edit" ])->only(["edit", "update"]);
|
||||
$this->middleware([ "check.auth:user.delete" ])->only("delete");
|
||||
|
||||
$this->middleware([ "check.auth:ownuser.edit" ])->only("update", "accountedit", "accounteditpass", "account");
|
||||
$this->middleware([ "check.auth:ownuser.edit" ])->only(["accountupdate", "accountedit", "accounteditpass", "account"]);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -123,6 +123,7 @@ class UserController extends Controller
|
||||
*/
|
||||
public function update(Request $request, $id)
|
||||
{
|
||||
return redirect()->route("users.account");
|
||||
$user = User::find($id);
|
||||
|
||||
if($id === Auth::id() || auth()->user()->hasPermissionTo("user.edit")) {
|
||||
@@ -147,8 +148,6 @@ class UserController extends Controller
|
||||
foreach ($request->roles as $role) {
|
||||
$user->assignRole($role);
|
||||
}
|
||||
|
||||
//$user->save();
|
||||
} else { // Else if you're not on the admin site (user site)
|
||||
if ($request->input('password') != null) { // If you're editing the password
|
||||
$data = $request->only(['name_first', 'name_last', 'email', 'phone', 'password']);
|
||||
@@ -164,7 +163,7 @@ class UserController extends Controller
|
||||
return redirect()->route("users.login")->with('success#passwordchange', '<p class="text-center text-white">Dit password er hermed ændret!</p>');
|
||||
}
|
||||
} else { // Else if you're not editing the password but anything else (Email, Phone Number). Then update user.
|
||||
$data = $request->only(['name_first', 'name_last', 'email', 'phone']);
|
||||
$data = $request->only(['email', 'phone']);
|
||||
$user->update($data);
|
||||
|
||||
return redirect()->route("users.account")->with('success#credentialschanged', '<p class="text-center">Dine oplysninger er hermed ændret!</p>');
|
||||
@@ -262,6 +261,41 @@ class UserController extends Controller
|
||||
return Response::detect("users.editpass");
|
||||
}
|
||||
|
||||
/**
|
||||
* Update the specified resource in storage.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\View\Factory|\Illuminate\View\View
|
||||
*/
|
||||
public function accountupdate(Request $request)
|
||||
{
|
||||
$user = User::find(Auth::id());
|
||||
|
||||
if ($request->input('password') != null) { // If you're editing the password
|
||||
$data = $request->only(['name_first', 'name_last', 'email', 'phone', 'password']);
|
||||
if ($request->input('password') != $request->input('confirmpassword')) { // If new password and new password confirm is not the same, go back with fail message.
|
||||
return redirect()->route("users.accounteditpass")->with('error#notsamepass', '<p class="text-center">Der stod ikke det samme i `Nyt Password` & `Bekræft Nyt Password`!</p>');
|
||||
} elseif (!Hash::check($request->input('oldpassword'), $user->password)) { // If the written current password and current password in DB is not the same, go back with fail message.
|
||||
return redirect()->route("users.accounteditpass")->with('error#oldpass', '<p class="text-center">Det indtastede password i `Nuværende Password` er ikke dit nuværende password!</p>');
|
||||
} else { // If new password and current password is the same AND current written and current DB password is the same. Then update and logout.
|
||||
/** @var User $user */
|
||||
$user->update($data);
|
||||
Auth::logout();
|
||||
|
||||
return redirect()->route("users.login")->with('success#passwordchange', '<p class="text-center text-white">Dit password er hermed ændret!</p>');
|
||||
}
|
||||
} else { // Else if you're not editing the password but anything else (Email, Phone Number). Then update user.
|
||||
$data = $request->only(['email', 'phone']);
|
||||
$user->update($data);
|
||||
|
||||
return redirect()->route("users.account")->with('success#credentialschanged', '<p class="text-center">Dine oplysninger er hermed ændret!</p>');
|
||||
}
|
||||
$users = User::query()->paginate(20);
|
||||
|
||||
return Response::detect("users.index", [
|
||||
"users" => $users
|
||||
]);
|
||||
}
|
||||
|
||||
public function search(Request $request){
|
||||
if($request->ajax()){
|
||||
|
||||
Reference in New Issue
Block a user