Began working on security.
This commit is contained in:
parent
03c609175d
commit
b5ede965fe
|
|
@ -9,6 +9,15 @@ use Illuminate\Http\Response;
|
||||||
|
|
||||||
class ExternalLinkController extends Controller
|
class ExternalLinkController extends Controller
|
||||||
{
|
{
|
||||||
|
function __construct()
|
||||||
|
{
|
||||||
|
$this->middleware("permission:link.external.list")->only("index");
|
||||||
|
$this->middleware("permission:link.external.create")->only(["create", "store"]);
|
||||||
|
$this->middleware("permission:link.external.show")->only("show");
|
||||||
|
$this->middleware("permission:link.external.edit")->only(["edit", "update"]);
|
||||||
|
$this->middleware("permission:link.external.delete")->only("destroy");
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Display a listing of the resource.
|
* Display a listing of the resource.
|
||||||
*
|
*
|
||||||
|
|
|
||||||
|
|
@ -14,13 +14,14 @@ class UserController extends Controller
|
||||||
{
|
{
|
||||||
public function __construct()
|
public function __construct()
|
||||||
{
|
{
|
||||||
// $this->middleware([ "auth" ])->only("logout");
|
$this->middleware([ "auth" ])->only("logout");
|
||||||
// $this->middleware([ "guest" ])->only("login");
|
$this->middleware([ "guest" ])->only("login");
|
||||||
//
|
|
||||||
// $this->middleware([ "permission:user.list", "role:admin" ])->only("index");
|
$this->middleware([ "check.auth:user.list" ])->only("index");
|
||||||
// $this->middleware([ "permission:user.show", "role:admin" ])->only("show");
|
$this->middleware([ "check.auth:user.show" ])->only("show");
|
||||||
// $this->middleware([ "permission:user.edit", "role:admin" ])->only([ "edit", "update" ]);
|
$this->middleware([ "check.auth:user.create" ])->only("create");
|
||||||
// $this->middleware([ "permission:user.delete", "role:admin" ])->only("delete");
|
$this->middleware([ "check.auth:user.edit" ])->only("edit", "update");
|
||||||
|
$this->middleware([ "check.auth:user.delete" ])->only("delete");
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -54,7 +55,7 @@ class UserController extends Controller
|
||||||
*/
|
*/
|
||||||
public function store(Request $request)
|
public function store(Request $request)
|
||||||
{
|
{
|
||||||
Log::debug("STORE FUNCTION");
|
// Log::debug("STORE FUNCTION");
|
||||||
|
|
||||||
$data = $request->validate([
|
$data = $request->validate([
|
||||||
"name_first" => "required|max:255",
|
"name_first" => "required|max:255",
|
||||||
|
|
@ -65,17 +66,17 @@ class UserController extends Controller
|
||||||
|
|
||||||
]);
|
]);
|
||||||
|
|
||||||
Log::debug("FINISHED VALIDATION?");
|
// Log::debug("FINISHED VALIDATION?");
|
||||||
|
|
||||||
$user = new User($data);
|
$user = new User($data);
|
||||||
|
|
||||||
Log::debug("CREATED USER [NOT PERSISTED YET]");
|
// Log::debug("CREATED USER [NOT PERSISTED YET]");
|
||||||
|
|
||||||
$user->save();
|
$user->save();
|
||||||
|
|
||||||
Log::debug("SAVED USER");
|
// Log::debug("SAVED USER");
|
||||||
|
|
||||||
return view("users.store");
|
return Response::detect("users.store");
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -182,7 +183,7 @@ class UserController extends Controller
|
||||||
/*******************************************/
|
/*******************************************/
|
||||||
|
|
||||||
public function showLogin() {
|
public function showLogin() {
|
||||||
return view("admin.users.login");
|
return Response::detect("users.login");
|
||||||
}
|
}
|
||||||
|
|
||||||
public function login(Request $request) {
|
public function login(Request $request) {
|
||||||
|
|
@ -190,7 +191,7 @@ class UserController extends Controller
|
||||||
|
|
||||||
if(Auth::attempt($data)) {
|
if(Auth::attempt($data)) {
|
||||||
//TODO: Implement home?
|
//TODO: Implement home?
|
||||||
return redirect()->route("users.index");
|
return redirect()->route("root.index");
|
||||||
}
|
}
|
||||||
|
|
||||||
return redirect()->back(303);
|
return redirect()->back(303);
|
||||||
|
|
@ -199,6 +200,6 @@ class UserController extends Controller
|
||||||
public function logout(Request $request) {
|
public function logout(Request $request) {
|
||||||
Auth::logout();
|
Auth::logout();
|
||||||
|
|
||||||
return redirect()->to("/");
|
return redirect()->route("root.index");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -67,5 +67,7 @@ class Kernel extends HttpKernel
|
||||||
'role' => \Spatie\Permission\Middlewares\RoleMiddleware::class,
|
'role' => \Spatie\Permission\Middlewares\RoleMiddleware::class,
|
||||||
'permission' => \Spatie\Permission\Middlewares\PermissionMiddleware::class,
|
'permission' => \Spatie\Permission\Middlewares\PermissionMiddleware::class,
|
||||||
'role_or_permission' => \Spatie\Permission\Middlewares\RoleOrPermissionMiddleware::class,
|
'role_or_permission' => \Spatie\Permission\Middlewares\RoleOrPermissionMiddleware::class,
|
||||||
|
|
||||||
|
"check.auth" => \App\Http\Middleware\CheckAuth::class
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,31 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace App\Http\Middleware;
|
||||||
|
|
||||||
|
use App\User;
|
||||||
|
use Closure;
|
||||||
|
|
||||||
|
class CheckAuth
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Handle an incoming request.
|
||||||
|
*
|
||||||
|
* @param \Illuminate\Http\Request $request
|
||||||
|
* @param \Closure $next
|
||||||
|
* @return mixed
|
||||||
|
*/
|
||||||
|
public function handle($request, Closure $next, $permissions)
|
||||||
|
{
|
||||||
|
/** @var User $user */
|
||||||
|
$user = $request->user();
|
||||||
|
|
||||||
|
if(!isset($user))
|
||||||
|
return redirect()->route("users.login");
|
||||||
|
|
||||||
|
if($user->hasAnyPermission($permissions)) {
|
||||||
|
return $next($request);
|
||||||
|
}
|
||||||
|
|
||||||
|
return redirect()->route("users.login");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -12,5 +12,6 @@ class DatabaseSeeder extends Seeder
|
||||||
public function run()
|
public function run()
|
||||||
{
|
{
|
||||||
$this->call(PermissionSeeder::class);
|
$this->call(PermissionSeeder::class);
|
||||||
|
$this->call(UserSeeder::class);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -44,8 +44,8 @@ class PermissionSeeder extends Seeder
|
||||||
];
|
];
|
||||||
|
|
||||||
foreach ($permissions as $key => $value) {
|
foreach ($permissions as $key => $value) {
|
||||||
if(Permission::findByName($key))
|
// if(Permission::findByName($key))
|
||||||
continue;
|
// continue;
|
||||||
|
|
||||||
$permission = new Permission();
|
$permission = new Permission();
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,28 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
use Illuminate\Database\Seeder;
|
||||||
|
|
||||||
|
class UserSeeder extends Seeder
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Run the database seeds.
|
||||||
|
*
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function run()
|
||||||
|
{
|
||||||
|
$user = new \App\User();
|
||||||
|
|
||||||
|
$user->name_first = "admin";
|
||||||
|
$user->name_last = "admin";
|
||||||
|
$user->email = "admin@admin.local";
|
||||||
|
$user->setPasswordAttribute("1234");
|
||||||
|
$user->phone = 12345678;
|
||||||
|
|
||||||
|
foreach (\Spatie\Permission\Models\Permission::all() as $permission) {
|
||||||
|
$user->givePermissionTo($permission);
|
||||||
|
}
|
||||||
|
|
||||||
|
$user->save();
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue