vict3459
/
Ekapp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Began working on security.

This commit is contained in:
Sebastian Davaris 2020-06-29 14:28:09 +02:00
parent 03c609175d
commit b5ede965fe
7 changed files with 89 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
skolehjem/app/Http/Controllers/ExternalLinkController.php
View File

@ -9,6 +9,15 @@ use Illuminate\Http\Response;
class ExternalLinkController extends Controller
{
function __construct()
{
$this->middleware("permission:link.external.list")->only("index");
$this->middleware("permission:link.external.create")->only(["create", "store"]);
$this->middleware("permission:link.external.show")->only("show");
$this->middleware("permission:link.external.edit")->only(["edit", "update"]);
$this->middleware("permission:link.external.delete")->only("destroy");
}
/**
* Display a listing of the resource.
*

31
skolehjem/app/Http/Controllers/UserController.php
View File

@ -14,13 +14,14 @@ class UserController extends Controller
{
public function __construct()
{
// $this->middleware([ "auth" ])->only("logout");
// $this->middleware([ "guest" ])->only("login");
//
// $this->middleware([ "permission:user.list", "role:admin" ])->only("index");
// $this->middleware([ "permission:user.show", "role:admin" ])->only("show");
// $this->middleware([ "permission:user.edit", "role:admin" ])->only([ "edit", "update" ]);
// $this->middleware([ "permission:user.delete", "role:admin" ])->only("delete");
$this->middleware([ "auth" ])->only("logout");
$this->middleware([ "guest" ])->only("login");
$this->middleware([ "check.auth:user.list" ])->only("index");
$this->middleware([ "check.auth:user.show" ])->only("show");
$this->middleware([ "check.auth:user.create" ])->only("create");
$this->middleware([ "check.auth:user.edit" ])->only("edit", "update");
$this->middleware([ "check.auth:user.delete" ])->only("delete");
}
/**
@ -54,7 +55,7 @@ class UserController extends Controller
*/
public function store(Request $request)
{
Log::debug("STORE FUNCTION");
// Log::debug("STORE FUNCTION");
$data = $request->validate([
"name_first" => "required|max:255",
@ -65,17 +66,17 @@ class UserController extends Controller
]);
Log::debug("FINISHED VALIDATION?");
// Log::debug("FINISHED VALIDATION?");
$user = new User($data);
Log::debug("CREATED USER [NOT PERSISTED YET]");
// Log::debug("CREATED USER [NOT PERSISTED YET]");
$user->save();
Log::debug("SAVED USER");
// Log::debug("SAVED USER");
return view("users.store");
return Response::detect("users.store");
}
/**
@ -182,7 +183,7 @@ class UserController extends Controller
/*******************************************/
public function showLogin() {
return view("admin.users.login");
return Response::detect("users.login");
}
public function login(Request $request) {
@ -190,7 +191,7 @@ class UserController extends Controller
if(Auth::attempt($data)) {
//TODO: Implement home?
return redirect()->route("users.index");
return redirect()->route("root.index");
}
return redirect()->back(303);
@ -199,6 +200,6 @@ class UserController extends Controller
public function logout(Request $request) {
Auth::logout();
return redirect()->to("/");
return redirect()->route("root.index");
}
}

2
skolehjem/app/Http/Kernel.php
View File

@ -67,5 +67,7 @@ class Kernel extends HttpKernel
'role' => \Spatie\Permission\Middlewares\RoleMiddleware::class,
'permission' => \Spatie\Permission\Middlewares\PermissionMiddleware::class,
'role_or_permission' => \Spatie\Permission\Middlewares\RoleOrPermissionMiddleware::class,
"check.auth" => \App\Http\Middleware\CheckAuth::class
];
}

31
skolehjem/app/Http/Middleware/CheckAuth.php Normal file
View File

@ -0,0 +1,31 @@
<?php
namespace App\Http\Middleware;
use App\User;
use Closure;
class CheckAuth
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next, $permissions)
{
/** @var User $user */
$user = $request->user();
if(!isset($user))
return redirect()->route("users.login");
if($user->hasAnyPermission($permissions)) {
return $next($request);
}
return redirect()->route("users.login");
}
}

1
skolehjem/database/seeds/DatabaseSeeder.php
View File

@ -12,5 +12,6 @@ class DatabaseSeeder extends Seeder
public function run()
{
$this->call(PermissionSeeder::class);
$this->call(UserSeeder::class);
}
}

4
skolehjem/database/seeds/PermissionSeeder.php
View File

@ -44,8 +44,8 @@ class PermissionSeeder extends Seeder
];
foreach ($permissions as $key => $value) {
if(Permission::findByName($key))
continue;
// if(Permission::findByName($key))
// continue;
$permission = new Permission();

28
skolehjem/database/seeds/UserSeeder.php Normal file
View File

@ -0,0 +1,28 @@
<?php
use Illuminate\Database\Seeder;
class UserSeeder extends Seeder
{
/**
* Run the database seeds.
*
* @return void
*/
public function run()
{
$user = new \App\User();
$user->name_first = "admin";
$user->name_last = "admin";
$user->email = "admin@admin.local";
$user->setPasswordAttribute("1234");
$user->phone = 12345678;
foreach (\Spatie\Permission\Models\Permission::all() as $permission) {
$user->givePermissionTo($permission);
}
$user->save();
}
}