From 38f8bfa0c9da7c47ca4acc3dfe273445a7163fa4 Mon Sep 17 00:00:00 2001
From: frederikpyt <frederikpyt@gmail.com>
Date: Thu, 30 Jul 2020 15:25:37 +0200
Subject: [PATCH] Fixed bugs

---
 .../app/Http/Controllers/UserController.php   | 44 ++++---------------
 .../views/admin/users/editpass.blade.php      |  0
 2 files changed, 9 insertions(+), 35 deletions(-)
 create mode 100644 skolehjem/resources/views/admin/users/editpass.blade.php

diff --git a/skolehjem/app/Http/Controllers/UserController.php b/skolehjem/app/Http/Controllers/UserController.php
index bd549b4..3c4b911 100644
--- a/skolehjem/app/Http/Controllers/UserController.php
+++ b/skolehjem/app/Http/Controllers/UserController.php
@@ -18,7 +18,7 @@ class UserController extends Controller
 {
     public function __construct()
     {
-        $this->middleware([ "auth" ])->only("logout");
+        $this->middleware([ "auth" ])->only(["logout", "accountedit", "accounteditpass"]);
         $this->middleware([ "guest" ])->only("login");
 
         $this->middleware([ "check.auth:user.list" ])->only("index");
@@ -123,37 +123,16 @@ class UserController extends Controller
     {
         $data = $request->all();
 
-//        $data = $request->validate([
-//            "name_first" => "max:255",
-//            "name_last" => "max:255",
-//            "email" => "email|unique:users",
-//            "password" => "max:60",
-//            "phone" => "unique:users",
-//        ]);
-
-        // Validates if the user is updating itself or another user.
-//        if($id === Auth::id()) {
-//            $user = Auth::user();
-//
-//            $user->update($data);
-//
-//            $user->save();
-//            return Response::detect("users.edit", [
-//                "user" => $user
-//            ]);
-//        }
-
-        //TODO: Implement when security's ready!!!
-//        else if(Auth::user()->hasPermissionTo("user.edit")) {
-            $user = User::find($id);
+        $user = User::find($id);
 
+        if($id === Auth::id() || auth()->user()->hasPermissionTo("user.edit")) {
             if ($request->roles != null) { //You can only edit roles on the admin site, so if there is an input roles, then update user info and edit roles
                 /** @var User $user */
                 $user->update($data);
                 $user->roles()->detach();
                 $user->forgetCachedPermissions();
 
-                foreach ($request->roles as $role){
+                foreach ($request->roles as $role) {
                     $user->assignRole($role);
                 }
 
@@ -176,9 +155,7 @@ class UserController extends Controller
                 }
 
             }
-
-//        }
-
+        }
         $users = User::query()->paginate(20);
 
         return Response::detect("users.index", [
@@ -190,19 +167,16 @@ class UserController extends Controller
      * Remove the specified resource from storage.
      *
      * @param  int  $id
-     * @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\View\Factory|\Illuminate\View\View
+     * @return \Illuminate\Http\RedirectResponse
      */
     public function destroy($id)
     {
-//        if($id === Auth::id()) {
-//            $user = Auth::user();
-//            $user->delete();
-//        }
-//        else if(Auth::user()->hasPermissionTo("user.delete")) {
+
+        if(Auth::user()->hasPermissionTo("user.delete")) {
             $user = User::find($id);
 
             $user->delete();
-//        }
+        }
 
         return redirect()->route("users.index");
     }
diff --git a/skolehjem/resources/views/admin/users/editpass.blade.php b/skolehjem/resources/views/admin/users/editpass.blade.php
new file mode 100644
index 0000000..e69de29