From 358b218d230e1f5d0d1b88d88e8f3dccaf0f5157 Mon Sep 17 00:00:00 2001 From: Sebastian Date: Tue, 30 Jun 2020 10:04:06 +0200 Subject: [PATCH] Finished security middlewarez --- .../app/Http/Controllers/ImageController.php | 85 -------- .../Http/Controllers/MenuPlanController.php | 2 +- .../app/Http/Controllers/StaffController.php | 185 ------------------ .../app/Http/Controllers/VideoController.php | 85 -------- .../Controllers/WashingMachineController.php | 11 ++ .../WashingReservationController.php | 11 ++ .../app/Http/Middleware/Authenticate.php | 2 +- .../views/admin/users/login.blade.php | 2 +- 8 files changed, 25 insertions(+), 358 deletions(-) delete mode 100644 skolehjem/app/Http/Controllers/ImageController.php delete mode 100644 skolehjem/app/Http/Controllers/StaffController.php delete mode 100644 skolehjem/app/Http/Controllers/VideoController.php diff --git a/skolehjem/app/Http/Controllers/ImageController.php b/skolehjem/app/Http/Controllers/ImageController.php deleted file mode 100644 index 4aeb7c8..0000000 --- a/skolehjem/app/Http/Controllers/ImageController.php +++ /dev/null @@ -1,85 +0,0 @@ -middleware([ "auth" ])->only("logout"); -// $this->middleware([ "guest" ])->only("login"); -// -// $this->middleware([ "permission:staff.list", "role:admin" ])->only("index"); -// $this->middleware([ "permission:staff.show", "role:admin" ])->only("show"); -// $this->middleware([ "permission:staff.edit", "role:admin" ])->only([ "edit", "update" ]); -// $this->middleware([ "permission:staff.delete", "role:admin" ])->only("delete"); - } - - /** - * Display a listing of the resource. - * - * @param Request $request - * @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\View\Factory|\Illuminate\View\View - */ - public function index(Request $request) - { - $staffs = Staff::query()->paginate($request->query("page", 20)); - - return Response::detect("staff.index", [ "staffs" => $staffs ]); - } - - /** - * Show the form for creating a new resource. - * - * @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\View\Factory|\Illuminate\View\View - */ - public function create() - { - return Response::detect("staff.create"); - } - - /** - * Store a newly created resource in storage. - * - * @param \Illuminate\Http\Request $request - * @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\View\Factory|\Illuminate\View\View - */ - public function store(Request $request) - { - $data = $request->validate([ - "name_first" => "required|max:255", - "name_last" => "required|max:255", - "email" => "required|email|unique:staff", - "password" => "required|max:60", - "phone" => "required|unique:staff" - - ]); - - $staff = new Staff($data); - $staff->save(); - - return Response::detect("staff.store"); - } - - /** - * Display the specified resource. - * - * @param int $id - * @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\View\Factory|\Illuminate\View\View - */ - public function show($id) - { - $staff = Staff::find($id); - - return Response::detect("staff.show", [ - "staff" => $staff - ]); - } - - /** - * Show the form for editing the specified resource. - * - * @param int $id - * @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\View\Factory|\Illuminate\View\View - */ - public function edit($id) - { - $staff = Staff::find($id); - - return Response::detect("staff.edit", [ - "staff" => $staff - ]); - } - - /** - * Update the specified resource in storage. - * - * @param \Illuminate\Http\Request $request - * @param int $id - * @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\View\Factory|\Illuminate\View\View - */ - public function update(Request $request, $id) - { - $data = $request->all(); - -// $data = $request->validate([ -// "name_first" => "max:255", -// "name_last" => "max:255", -// "email" => "email|unique:staff", -// "password" => "max:60", -// "phone" => "unique:staff", -// ]); - - // Validates if the staff is updating itself or another staff. -// if($id === Auth::id()) { -// $staff = Auth::staff(); -// -// $staff->update($data); -// -// $staff->save(); -// return Response::detect("staff.edit", [ -// "staff" => $staff -// ]); -// } - - //TODO: Implement when security's ready!!! -// else if(Auth::staff()->hasPermissionTo("staff.edit")) { - $staff = Staff::find($id); - - /** @var Staff $staff */ - $staff->update($data); - - $staff->save(); -// } - - $staffs = Staff::query()->paginate(20); - - return Response::detect("staff.index", [ - "staffs" => $staffs - ]); - } - - /** - * Remove the specified resource from storage. - * - * @param int $id - * @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\View\Factory|\Illuminate\View\View - */ - public function destroy(Staff $id) - { - $id->delete(); - return redirect()->route("staff.index"); - } - - /*******************************************/ - /* Authentication */ - /*******************************************/ - - public function showLogin() { - return view("admin.staff.login"); - } - - public function login(Request $request) { - $data = $request->only("email", "password"); - - if(Auth::attempt($data)) { - //TODO: Implement home? - return redirect()->route("staff.index"); - } - - return redirect()->back(303); - } - - public function logout(Request $request) { - Auth::logout(); - - return redirect()->to("/"); - } -} diff --git a/skolehjem/app/Http/Controllers/VideoController.php b/skolehjem/app/Http/Controllers/VideoController.php deleted file mode 100644 index 486395e..0000000 --- a/skolehjem/app/Http/Controllers/VideoController.php +++ /dev/null @@ -1,85 +0,0 @@ -middleware([ "auth" ]); + + $this->middleware([ "check.auth:washing.machine.list" ])->only("index"); + $this->middleware([ "check.auth:washing.machine.show" ])->only("show"); + $this->middleware([ "check.auth:washing.machine.create" ])->only("create", "store"); + $this->middleware([ "check.auth:washing.machine.edit" ])->only("edit", "update"); + $this->middleware([ "check.auth:washing.machine.delete" ])->only("delete"); + } + /** * Display a listing of the resource. * diff --git a/skolehjem/app/Http/Controllers/WashingReservationController.php b/skolehjem/app/Http/Controllers/WashingReservationController.php index 34acf20..1063930 100644 --- a/skolehjem/app/Http/Controllers/WashingReservationController.php +++ b/skolehjem/app/Http/Controllers/WashingReservationController.php @@ -9,6 +9,17 @@ use App\WashingReservation; class WashingReservationController extends Controller { + public function __construct() + { + $this->middleware([ "auth" ]); + + $this->middleware([ "check.auth:washing.machine.reservation.list" ])->only("index"); + $this->middleware([ "check.auth:washing.machine.reservation.show" ])->only("show"); + $this->middleware([ "check.auth:washing.machine.reservation.create" ])->only("create", "store"); + $this->middleware([ "check.auth:washing.machine.reservation.edit" ])->only("edit", "update"); + $this->middleware([ "check.auth:washing.machine.reservation.delete" ])->only("delete"); + } + /** * Display a listing of the resource. * diff --git a/skolehjem/app/Http/Middleware/Authenticate.php b/skolehjem/app/Http/Middleware/Authenticate.php index 704089a..65537f2 100644 --- a/skolehjem/app/Http/Middleware/Authenticate.php +++ b/skolehjem/app/Http/Middleware/Authenticate.php @@ -15,7 +15,7 @@ class Authenticate extends Middleware protected function redirectTo($request) { if (! $request->expectsJson()) { - return route('login'); + return route('users.login'); } } } diff --git a/skolehjem/resources/views/admin/users/login.blade.php b/skolehjem/resources/views/admin/users/login.blade.php index 5accdac..9cd44f7 100644 --- a/skolehjem/resources/views/admin/users/login.blade.php +++ b/skolehjem/resources/views/admin/users/login.blade.php @@ -9,7 +9,7 @@
Syddansk Erhvervsskole
-
+ @csrf