From 4a64d49902f0048137beaf9bc46fb1bc8b96628b Mon Sep 17 00:00:00 2001
From: frederikpyt <frederikpyt@gmail.com>
Date: Wed, 2 Sep 2020 11:40:36 +0200
Subject: [PATCH] v0.11.1 - Fixed roles and permissions

---
 .../app/Http/Controllers/UserController.php   |  4 +-
 .../Http/Controllers/UserEventController.php  |  2 +
 skolehjem/database/seeds/PermissionSeeder.php |  4 +-
 skolehjem/database/seeds/RoleSeeder.php       |  3 +-
 .../views/admin/roles/create.blade.php        | 57 ++++++---------
 .../views/admin/roles/edit.blade.php          | 70 ++++++++-----------
 .../resources/views/app/news/index.blade.php  | 16 ++++-
 7 files changed, 74 insertions(+), 82 deletions(-)

diff --git a/skolehjem/app/Http/Controllers/UserController.php b/skolehjem/app/Http/Controllers/UserController.php
index 429ee40..2cba7f7 100644
--- a/skolehjem/app/Http/Controllers/UserController.php
+++ b/skolehjem/app/Http/Controllers/UserController.php
@@ -22,7 +22,7 @@ class UserController extends Controller
 {
     public function __construct()
     {
-        $this->middleware([ "auth" ])->only("logout");
+        $this->middleware([ "auth" ])->only(["accountupdate", "accountedit", "accounteditpass", "account", "logout"]);
 
         $this->middleware([ "guest" ])->only("login");
         $this->middleware([ "lang" ])->except(["login", "showLogin", "showForgot", "forgot"]);
@@ -31,8 +31,6 @@ class UserController extends Controller
         $this->middleware([ "check.auth:user.create" ])->only("create");
         $this->middleware([ "check.auth:user.edit" ])->only(["edit", "update"]);
         $this->middleware([ "check.auth:user.delete" ])->only("delete");
-
-        $this->middleware([ "check.auth:ownuser.edit" ])->only(["accountupdate", "accountedit", "accounteditpass", "account"]);
     }
 
     /**
diff --git a/skolehjem/app/Http/Controllers/UserEventController.php b/skolehjem/app/Http/Controllers/UserEventController.php
index 90fcd89..61f9b1b 100644
--- a/skolehjem/app/Http/Controllers/UserEventController.php
+++ b/skolehjem/app/Http/Controllers/UserEventController.php
@@ -12,6 +12,8 @@ class UserEventController extends Controller
     {
         $this->middleware(["auth"]);
         $this->middleware(["lang"]);
+        $this->middleware([ "check.auth:userevent.create" ])->only("create");
+        $this->middleware([ "check.auth:userevent.delete" ])->only("destroy");
     }
     /**
      * Update the specified resource in storage.
diff --git a/skolehjem/database/seeds/PermissionSeeder.php b/skolehjem/database/seeds/PermissionSeeder.php
index 28b9b46..ca9a9e3 100644
--- a/skolehjem/database/seeds/PermissionSeeder.php
+++ b/skolehjem/database/seeds/PermissionSeeder.php
@@ -21,7 +21,6 @@ class PermissionSeeder extends Seeder
             "user.show" => "Shows another user profile.",
             "user.edit" => "Allows editing of other users.",
             "user.delete" => "Allows deleting of other users.",
-            "ownuser.edit" => "Allows editing of your own user",
 
             /**
              * The EVENT specific permissions
@@ -30,6 +29,8 @@ class PermissionSeeder extends Seeder
             "event.show" => "Shows a specific event",
             "event.edit" => "Allows editing of events",
             "event.delete" => "Allows deletion of events",
+            "userevent.create" => "Allows participation in an event",
+            "userevent.delete" => "Allows removing participation in an event",
 
             /**
              * The CONTACT specific permissions
@@ -44,7 +45,6 @@ class PermissionSeeder extends Seeder
              */
             "feedback.create" => "Creates a new feedback message",
             "feedback.show" => "Shows a specific feedback message",
-            "feedback.edit" => "allows editing of feedback messages",
             "feedback.delete" => "allows deletion of feedback messages",
 
             /**
diff --git a/skolehjem/database/seeds/RoleSeeder.php b/skolehjem/database/seeds/RoleSeeder.php
index eb9d937..d933701 100644
--- a/skolehjem/database/seeds/RoleSeeder.php
+++ b/skolehjem/database/seeds/RoleSeeder.php
@@ -46,8 +46,9 @@ class RoleSeeder extends Seeder
         $brugerPermissions->add(\Spatie\Permission\Models\Permission::query()->where("name", "=", "washing.machine.reservation.create")->first());
         $brugerPermissions->add(\Spatie\Permission\Models\Permission::query()->where("name", "=", "washing.machine.reservation.delete")->first());
         $brugerPermissions->add(\Spatie\Permission\Models\Permission::query()->where("name", "=", "washing.machine.reservation.show")->first());
-        $brugerPermissions->add(\Spatie\Permission\Models\Permission::query()->where("name", "=", "ownuser.edit")->first());
         $brugerPermissions->add(\Spatie\Permission\Models\Permission::query()->where("name", "=", "event.show")->first());
+        $brugerPermissions->add(\Spatie\Permission\Models\Permission::query()->where("name", "=", "userevent.create")->first());
+        $brugerPermissions->add(\Spatie\Permission\Models\Permission::query()->where("name", "=", "userevent.delete")->first());
         $brugerPermissions->add(\Spatie\Permission\Models\Permission::query()->where("name", "=", "guides.show")->first());
         $brugerPermissions->add(\Spatie\Permission\Models\Permission::query()->where("name", "=", "news.show")->first());
 
diff --git a/skolehjem/resources/views/admin/roles/create.blade.php b/skolehjem/resources/views/admin/roles/create.blade.php
index c1b004d..f86f240 100644
--- a/skolehjem/resources/views/admin/roles/create.blade.php
+++ b/skolehjem/resources/views/admin/roles/create.blade.php
@@ -38,7 +38,7 @@
 
 
         <div class="mb-2" style="width: 100%;">
-            <button id="kontoButton" type="button" class="btn btn-sde-blue mb-1 mr-1" value="konto">Konto rettigheder</button>
+            <button id="kontoButton" type="button" class="btn btn-sde-blue mb-1 mr-1" value="konto">App rettigheder</button>
             <button id="adminButton" type="button" class="btn btn-sde-blue mb-1">Admin rettigheder</button>
         </div>
 
@@ -47,18 +47,11 @@
             <small class="form-text text-muted">Her kan alle basale rettigheder for appens forbrugere slås til eller fra.</small>
             <table class="tbl mb-2">
                 <tr>
-                    <th>Konto</th>
-                    <th>Beskrivelse</th>
-                    <th>Create</th>
-                    <th>Read</th>
-                    <th>Delete</th>
-                </tr>
-                <tr>
-                    <td>Konto</td>
-                    <td><p>Egen bruger</p></td>
-                    <td></td>
-                    <td><input type="checkbox" name="value[]" value="ownuser.edit"></td>
-                    <td></td>
+                    <th>App-side</th>
+                    <th>Beskrivelse kan fjernes?</th>
+                    <th>Opret/Tilmeld</th>
+                    <th>Se</th>
+                    <th>Slet/Afmeld</th>
                 </tr>
                 <tr>
                     <td>Nyheder</td>
@@ -77,9 +70,9 @@
                 <tr>
                     <td>Aktiviteter</td>
                     <td><p>Empty</p></td>
-                    <td></td>
+                    <td>//TEST<input id="EventCAccount" type="checkbox" name="value[]" value="userevent.create"></td>
                     <td><input id="EventRAccount" onclick="if ($('#EventR').prop('checked') == false) $('#EventR').prop('checked', true); else $('#EventR').prop('checked', false);" type="checkbox" name="value[]" value="event.show"></td>
-                    <td></td>
+                    <td>//TEST<input id="EventDAccount" type="checkbox" name="value[]" value="userevent.delete"></td>
                 </tr>
                 <tr>
                     <td>Reservationer</td>
@@ -106,7 +99,7 @@
                     <td>Feedback</td>
                     <td>Empty</td>
                     <td><input id="FeedbackCAccount" onclick="if ($('#FeedbackC').prop('checked') == false) $('#FeedbackC').prop('checked', true); else $('#FeedbackC').prop('checked', false);" type="checkbox" name="value[]" value="feedback.create"></td>
-                    <td><input id="FeedbackRAccount" onclick="if ($('#FeedbackR').prop('checked') == false) $('#FeedbackR').prop('checked', true); else $('#FeedbackR').prop('checked', false);" type="checkbox" name="value[]" value="feedback.show"></td>
+                    <td></td>
                     <td></td>
                 </tr>
             </table>
@@ -118,22 +111,18 @@
             <small class="form-text text-muted">Her kan alle rettigheder for administrationssiden slås til eller fra.</small>
             <table class="tbl mb-2" >
                 <tr><!--Header Start-->
-                    <th>Side</th>
-                    <th>Beskrivelse</th>
-                    <th>Create</th>
-                    <th>Read</th>
-                    <th>Update</th>
-                    <th>Delete</th>
+                    <th>Admin-side</th>
+                    <th>Beskrivelse kan fjernes?</th>
+                    <th>Opret</th>
+                    <th>Se</th>
+                    <th>Rediger</th>
+                    <th>Slet</th>
                     <th>Fuld Kontrol</th>
                 </tr><!--Header Slut-->
                 <tr>
                     <td>Admin Panel</td>
                     <td><p>Adgang til admin panelet</p></td>
-                    <td></td>
-                    <td><input type="checkbox" name="value[]" value="admin.panel.show"></td>
-                    <td></td>
-                    <td></td>
-                    <td></td>
+                    <td colspan="5"><input type="checkbox" name="value[]" value="admin.panel.show"></td>
                 </tr>
                 <tr><!--Bruger Start-->
                     <td>Brugere</td>
@@ -201,9 +190,9 @@
                 <tr>
                     <td>Reservationer</td>
                     <td>Empty</td>
-                    <td><input id="ReservationC" onclick="if ($('#ReservationCAccount').prop('checked') == false) $('#ReservationCAccount').prop('checked', true); else $('#ReservationCAccount').prop('checked', false);" type="checkbox" name="value[]" value="washing.machine.reservation.create"></td>
+                    <td></td>
                     <td><input id="ReservationR" onclick="if ($('#ReservationRAccount').prop('checked') == false) $('#ReservationRAccount').prop('checked', true); else $('#ReservationRAccount').prop('checked', false);" type="checkbox" name="value[]" value="washing.machine.reservation.show"></td>
-                    <td><input id="ReservationU" type="checkbox" name="value[]" value="washing.machine.reservation.edit"></td>
+                    <td></td>
                     <td><input id="ReservationD" onclick="if ($('#ReservationCAccount').prop('checked') == false) $('#ReservationDAccount').prop('checked', true); else $('#ReservationDAccount').prop('checked', false);" type="checkbox" name="value[]" value="washing.machine.reservation.delete"></td>
                     <td><input id="Reservation" type="checkbox" onclick="FullControl(this)"></td>
                 </tr>
@@ -228,9 +217,9 @@
                 <tr>
                     <td>Feedback</td>
                     <td><p>Empty</p></td>
-                    <td><input id="FeedbackC" onclick="if ($('#FeedbackCAccount').prop('checked') == false) $('#FeedbackCAccount').prop('checked', true); else $('#FeedbackCAccount').prop('checked', false);" type="checkbox" name="value[]" value="feedback.create"></td>
+                    <td></td>
                     <td><input id="FeedbackR" onclick="if ($('#FeedbackRAccount').prop('checked') == false) $('#FeedbackRAccount').prop('checked', true); else $('#FeedbackRAccount').prop('checked', false);" type="checkbox" name="value[]" value="feedback.show"></td>
-                    <td><input id="FeedbackU" type="checkbox" name="value[]" value="feedback.edit"></td>
+                    <td></td>
                     <td><input id="FeedbackD" type="checkbox" name="value[]" value="feedback.delete"></td>
                     <td><input id="Feedback" type="checkbox" onclick="FullControl(this)"></td>
                 </tr>
@@ -309,12 +298,12 @@
             //Show konto settings
             $("#kontoButton").click(function(){
                 var value = $('#kontoButton').text();
-                if(value === 'Konto rettigheder'){
+                if(value === 'App rettigheder'){
                     $('#konto').slideDown('slow');
-                    $('#kontoButton').html('Luk konto rettigheder')
+                    $('#kontoButton').html('Luk app rettigheder')
                 }else{
                     $('#konto').slideUp('slow');
-                    $('#kontoButton').html('Konto rettigheder')
+                    $('#kontoButton').html('App rettigheder')
                 }
             });
 
diff --git a/skolehjem/resources/views/admin/roles/edit.blade.php b/skolehjem/resources/views/admin/roles/edit.blade.php
index 72cae1a..216babc 100644
--- a/skolehjem/resources/views/admin/roles/edit.blade.php
+++ b/skolehjem/resources/views/admin/roles/edit.blade.php
@@ -39,7 +39,7 @@
 
 
         <div class="mb-2" style="width: 100%;">
-            <button id="kontoButton" type="button" class="btn btn-sde-blue mb-1 mr-1" value="konto">Rediger konto rettigheder</button>
+            <button id="kontoButton" type="button" class="btn btn-sde-blue mb-1 mr-1" value="konto">Rediger app rettigheder</button>
             <button id="adminButton" type="button" class="btn btn-sde-blue mb-1">Rediger admin rettigheder</button>
         </div>
 
@@ -47,18 +47,11 @@
             <small class="form-text text-muted">Her kan alle basale rettigheder for appens forbrugere slås til eller fra.</small>
             <table class="tbl mb-2">
                 <tr>
-                    <th>Konto</th>
-                    <th>Beskrivelse</th>
-                    <th>Create</th>
-                    <th>Read</th>
-                    <th>Delete</th>
-                </tr>
-                <tr>
-                    <td>Konto</td>
-                    <td><p>Egen bruger</p></td>
-                    <td></td>
-                    <td><input type="checkbox" name="value[]" value="ownuser.edit" @if ($role->hasPermissionTo("ownuser.edit")) checked @endif></td>
-                    <td></td>
+                    <th>App-side</th>
+                    <th>Beskrivelse kan fjernes?</th>
+                    <th>Opret/Tilmeld</th>
+                    <th>Se</th>
+                    <th>Slet/Afmeld</th>
                 </tr>
                 <tr>
                     <td>Nyheder</td>
@@ -77,9 +70,9 @@
                 <tr>
                     <td>Aktiviteter</td>
                     <td><p>Empty</p></td>
-                    <td></td>
+                    <td>//TEST<input id="EventRAccount" type="checkbox" name="value[]" value="userevent.create" @if ($role->hasPermissionTo("userevent.create")) checked @endif></td>
                     <td><input id="EventRAccount" onclick="if ($('#EventR').prop('checked') == false) $('#EventR').prop('checked', true); else $('#EventR').prop('checked', false);" type="checkbox" name="value[]" value="event.show" @if ($role->hasPermissionTo("event.show")) checked @endif></td>
-                    <td></td>
+                    <td>//TEST<input id="EventRAccount" type="checkbox" name="value[]" value="userevent.delete" @if ($role->hasPermissionTo("userevent.delete")) checked @endif></td>
                 </tr>
                 <tr>
                     <td>Reservationer</td>
@@ -106,7 +99,7 @@
                     <td>Feedback</td>
                     <td>Empty</td>
                     <td><input id="FeedbackCAccount" onclick="if ($('#FeedbackC').prop('checked') == false) $('#FeedbackC').prop('checked', true); else $('#FeedbackC').prop('checked', false);" type="checkbox" name="value[]" value="feedback.create" @if ($role->hasPermissionTo("feedback.create")) checked @endif></td>
-                    <td><input id="FeedbackRAccount" onclick="if ($('#FeedbackR').prop('checked') == false) $('#FeedbackR').prop('checked', true); else $('#FeedbackR').prop('checked', false);" type="checkbox" name="value[]" value="feedback.show" @if ($role->hasPermissionTo("feedback.show")) checked @endif></td>
+                    <td></td>
                     <td></td>
                 </tr>
             </table>
@@ -117,25 +110,21 @@
         <div id="admin">
             <small class="form-text text-muted">Her kan alle rettigheder for administrationssiden slås til eller fra.</small>
             <table class="tbl mb-2" >
-                <tr><!--Header Start-->
-                    <th>Admin</th>
-                    <th>Beskrivelse</th>
-                    <th>Create</th>
-                    <th>Read</th>
-                    <th>Update</th>
-                    <th>Delete</th>
+                <tr>
+                    <th>Admin-side</th>
+                    <th>Beskrivelse kan fjernes?</th>
+                    <th>Opret</th>
+                    <th>Se</th>
+                    <th>Rediger</th>
+                    <th>Slet</th>
                     <th>Fuld Kontrol</th>
-                </tr><!--Header Slut-->
+                </tr>
                 <tr>
                     <td>Admin Panel</td>
                     <td><p>Adgang til admin panelet</p></td>
-                    <td></td>
-                    <td><input type="checkbox" name="value[]" value="admin.panel.show" @if ($role->hasPermissionTo("admin.panel.show")) checked @endif></td>
-                    <td></td>
-                    <td></td>
-                    <td></td>
+                    <td colspan="5"><input type="checkbox" name="value[]" value="admin.panel.show" @if ($role->hasPermissionTo("admin.panel.show")) checked @endif></td>
                 </tr>
-                <tr><!--Bruger Start-->
+                <tr>
                     <td>Brugere</td>
                     <td><p>Empty</p></td>
                     <td><input id="UserC" type="checkbox" name="value[]" value="user.create" @if ($role->hasPermissionTo("user.create")) checked @endif></td>
@@ -143,7 +132,7 @@
                     <td><input id="UserU" type="checkbox" name="value[]" value="user.edit" @if ($role->hasPermissionTo("user.edit")) checked @endif></td>
                     <td><input id="UserD" type="checkbox" name="value[]" value="user.delete" @if ($role->hasPermissionTo("user.delete")) checked @endif></td>
                     <td><input id="User" type="checkbox" onclick="FullControl(this)"></td><!--Lave en rolle som give fuld adgang ligesom ownuser.edit-->
-                </tr><!--Bruger Start-->
+                </tr>
                 <tr>
                     <td>Roller</td>
                     <td><p>Empty</p></td>
@@ -201,9 +190,9 @@
                 <tr>
                     <td>Reservationer</td>
                     <td>Empty</td>
-                    <td><input id="ReservationC" onclick="if ($('#ReservationCAccount').prop('checked') == false) $('#ReservationCAccount').prop('checked', true); else $('#ReservationCAccount').prop('checked', false);" type="checkbox" name="value[]" value="washing.machine.reservation.create" @if ($role->hasPermissionTo("washing.machine.reservation.create")) checked @endif></td>
+                    <td></td>
                     <td><input id="ReservationR" onclick="if ($('#ReservationRAccount').prop('checked') == false) $('#ReservationRAccount').prop('checked', true); else $('#ReservationRAccount').prop('checked', false);" type="checkbox" name="value[]" value="washing.machine.reservation.show" @if ($role->hasPermissionTo("washing.machine.reservation.show")) checked @endif></td>
-                    <td><input id="ReservationU" type="checkbox" name="value[]" value="washing.machine.reservation.edit" @if ($role->hasPermissionTo("washing.machine.reservation.edit")) checked @endif></td>
+                    <td></td>
                     <td><input id="ReservationD" onclick="if ($('#ReservationDAccount').prop('checked') == false) $('#ReservationDAccount').prop('checked', true); else $('#ReservationDAccount').prop('checked', false);" type="checkbox" name="value[]" value="washing.machine.reservation.delete" @if ($role->hasPermissionTo("washing.machine.reservation.delete")) checked @endif></td>
                     <td><input id="Reservation" type="checkbox" onclick="FullControl(this)"></td><!--Lave en rolle som give fuld adgang ligesom ownuser.edit-->
                 </tr>
@@ -228,9 +217,9 @@
                 <tr>
                     <td>Feedback</td>
                     <td><p>Empty</p></td>
-                    <td><input id="FeedbackC" onclick="if ($('#FeedbackCAccount').prop('checked') == false) $('#FeedbackCAccount').prop('checked', true); else $('#FeedbackCAccount').prop('checked', false);" type="checkbox" name="value[]" value="feedback.create" @if ($role->hasPermissionTo("feedback.create")) checked @endif></td>
+                    <td></td>
                     <td><input id="FeedbackR" onclick="if ($('#FeedbackRAccount').prop('checked') == false) $('#FeedbackRAccount').prop('checked', true); else $('#FeedbackRAccount').prop('checked', false);" type="checkbox" name="value[]" value="feedback.show" @if ($role->hasPermissionTo("feedback.show")) checked @endif></td>
-                    <td><input id="FeedbackU" type="checkbox" name="value[]" value="feedback.edit" @if ($role->hasPermissionTo("feedback.edit")) checked @endif></td>
+                    <td></td>
                     <td><input id="FeedbackD" type="checkbox" name="value[]" value="feedback.delete" @if ($role->hasPermissionTo("feedback.delete")) checked @endif></td>
                     <td><input id="Feedback" type="checkbox" onclick="FullControl(this)"></td><!--Lave en rolle som give fuld adgang ligesom ownuser.edit-->
                 </tr>
@@ -311,12 +300,12 @@
         //Show konto settings
         $("#kontoButton").click(function(){
             var value = $('#kontoButton').text();
-            if(value === 'Rediger konto rettigheder'){
+            if(value === 'Rediger app rettigheder'){
                 $('#konto').slideDown('slow');
-                $('#kontoButton').html('Luk konto rettigheder')
+                $('#kontoButton').html('Luk app rettigheder')
             }else{
                 $('#konto').slideUp('slow');
-                $('#kontoButton').html('Rediger konto rettigheder')
+                $('#kontoButton').html('Rediger app rettigheder')
             }
         });
 
@@ -333,7 +322,7 @@
             }
         });
 
-        function FullControl(FC) { //FC == Full Controll
+        function FullControl(FC) { //FC == Full Control checkbox element
             var Create = $(FC).attr('id') + 'C'; // Takes FC's ID Name and puts C at the back of it
             var Read = $(FC).attr('id') + 'R'; // Takes FC's ID Name and puts R at the back of it
             var Update = $(FC).attr('id') + 'U'; // Takes FC's ID Name and puts U at the back of it
@@ -358,6 +347,9 @@
             for (i = 0; i < arr.length; i++) {
                 if ($('#'+arr[i]+'C').prop('checked') == true && $('#'+arr[i]+'R').prop('checked') == true && $('#'+arr[i]+'U').prop('checked') == true && $('#'+arr[i]+'D').prop('checked') == true)
                     $('#'+arr[i]).prop('checked', true);
+                else if(arr[i] == 'Feedback' || arr[i] == 'Reservation')
+                    if($('#'+arr[i]+'R').prop('checked') == true && $('#'+arr[i]+'D').prop('checked') == true)
+                        $('#'+arr[i]).prop('checked', true);
             }
         });
     </script>
diff --git a/skolehjem/resources/views/app/news/index.blade.php b/skolehjem/resources/views/app/news/index.blade.php
index 6a511ce..0567411 100644
--- a/skolehjem/resources/views/app/news/index.blade.php
+++ b/skolehjem/resources/views/app/news/index.blade.php
@@ -45,16 +45,26 @@
 
         .img{
             width: 1em;
+            height: calc(1em + 20px);
             margin-top: 5px;
             margin-bottom: 5px;
             margin-left: 5px;
             font-size: 20px;
-            padding: 3px 10px;
-            border-color: cadetblue;
+            padding: 0 10px;
+            border-color: #00788a;
             border-radius: 100%;
-            background-color: cadetblue;
+            background-color: #00788a;
             line-height: 30px;
             float: left;
+            display: flex;
+            justify-content: center;
+        }
+
+        .img > a {
+            width: 100%;
+            height: 100%;
+            display: flex;
+            justify-content: center;
         }
 
         .information{