diff --git a/skolehjem/app/Http/Controllers/RolesController.php b/skolehjem/app/Http/Controllers/RolesController.php
index baf642b..29aca2c 100644
--- a/skolehjem/app/Http/Controllers/RolesController.php
+++ b/skolehjem/app/Http/Controllers/RolesController.php
@@ -5,6 +5,7 @@ namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Http\Response;
use Illuminate\Support\Facades\DB;
+use Spatie\Permission\Models\Permission;
use Spatie\Permission\Models\Role;
use Illuminate\Database\Eloquent\Collection;
@@ -117,9 +118,31 @@ class RolesController extends Controller
*/
public function update(Request $request, $id)
{
- $data = $request->all();
+ $data = $request->validate([
+ "name" => "required|max:255",
+ "description" => "required|max:255"
+ ]);
$role = Role::find($id);
+ $brugerPermissions = new Collection();
+ if ($request->value !== null) {
+ foreach ($request->value as $valuee) {
+ $brugerPermissions->add(Permission::query()->where("name", "=", $valuee)->first());
+ }
+ }
+
+ // Delete all permission to the role you're editing, so you can give new ones
+ foreach (Permission::query()->get() as $permission) {
+ Role::query()->find($id)->revokePermissionTo($permission);
+ }
+
+ // Give new permissions to the tole you're editing
+ if (!$brugerPermissions->isEmpty()) {
+ foreach ($brugerPermissions as $permission) {
+ Role::query()->find($id)->givePermissionTo($permission);
+ }
+ }
+
$allRoles = Role::query()->where('name', '=', $request->name)->where('id', '!=', $id)->get();
if(count($allRoles) > 0){
@@ -127,6 +150,7 @@ class RolesController extends Controller
}else{
$role->update($data);
$role->save();
+
$roles = Role::query()->paginate($request->input("limit", 20));
return redirect()->route("roles.index", ['roles' => $roles]);
}
diff --git a/skolehjem/app/Http/Controllers/UserController.php b/skolehjem/app/Http/Controllers/UserController.php
index db261d4..a291610 100644
--- a/skolehjem/app/Http/Controllers/UserController.php
+++ b/skolehjem/app/Http/Controllers/UserController.php
@@ -22,7 +22,7 @@ class UserController extends Controller
{
public function __construct()
{
- $this->middleware([ "auth" ])->only("logout");
+ $this->middleware([ "auth" ])->only(["accountupdate", "accountedit", "accounteditpass", "account", "logout"]);
$this->middleware([ "guest" ])->only(["login", "signup"]);
$this->middleware([ "lang" ])->except(["login", "showLogin", "showForgot", "forgot","signup"]);
@@ -31,8 +31,6 @@ class UserController extends Controller
$this->middleware([ "check.auth:user.create" ])->only("create");
$this->middleware([ "check.auth:user.edit" ])->only(["edit", "update"]);
$this->middleware([ "check.auth:user.delete" ])->only("delete");
-
- $this->middleware([ "check.auth:ownuser.edit" ])->only(["accountupdate", "accountedit", "accounteditpass", "account"]);
}
/**
diff --git a/skolehjem/app/Http/Controllers/UserEventController.php b/skolehjem/app/Http/Controllers/UserEventController.php
index 90fcd89..61f9b1b 100644
--- a/skolehjem/app/Http/Controllers/UserEventController.php
+++ b/skolehjem/app/Http/Controllers/UserEventController.php
@@ -12,6 +12,8 @@ class UserEventController extends Controller
{
$this->middleware(["auth"]);
$this->middleware(["lang"]);
+ $this->middleware([ "check.auth:userevent.create" ])->only("create");
+ $this->middleware([ "check.auth:userevent.delete" ])->only("destroy");
}
/**
* Update the specified resource in storage.
diff --git a/skolehjem/app/Http/Controllers/WashingReservationController.php b/skolehjem/app/Http/Controllers/WashingReservationController.php
index d34471e..46a8166 100644
--- a/skolehjem/app/Http/Controllers/WashingReservationController.php
+++ b/skolehjem/app/Http/Controllers/WashingReservationController.php
@@ -133,6 +133,7 @@ class WashingReservationController extends Controller
public function destroy($id)
{
$machineReservation = WashingReservation::find($id);
+ dd($id);
$machineReservation->delete();
$reservations = WashingReservation::query()->paginate( 20);
@@ -266,7 +267,7 @@ class WashingReservationController extends Controller
{
WashingReservation::query()->where('time', '<', date('Y-m-d H:i:s', strtotime('-1 hour')))->delete();
- $reservations = WashingReservation::query()->join('washing_machines', 'washing_machines.id', '=', 'washing_reservations.machine_id')->join('locations', 'locations.id', '=', 'washing_machines.location_id')->where("user_id", "=", auth()->user()->id)->orderBY('time' , 'asc')->paginate($request->query("limit", 20));
+ $reservations = WashingReservation::query()->where("user_id", "=", auth()->user()->id)->orderBY('time' , 'asc')->paginate($request->query("limit", 20));
return Response::detect("washing-reservations.index", [ "reservations" => $reservations]);
}
diff --git a/skolehjem/database/seeds/PermissionSeeder.php b/skolehjem/database/seeds/PermissionSeeder.php
index 28b9b46..ca9a9e3 100644
--- a/skolehjem/database/seeds/PermissionSeeder.php
+++ b/skolehjem/database/seeds/PermissionSeeder.php
@@ -21,7 +21,6 @@ class PermissionSeeder extends Seeder
"user.show" => "Shows another user profile.",
"user.edit" => "Allows editing of other users.",
"user.delete" => "Allows deleting of other users.",
- "ownuser.edit" => "Allows editing of your own user",
/**
* The EVENT specific permissions
@@ -30,6 +29,8 @@ class PermissionSeeder extends Seeder
"event.show" => "Shows a specific event",
"event.edit" => "Allows editing of events",
"event.delete" => "Allows deletion of events",
+ "userevent.create" => "Allows participation in an event",
+ "userevent.delete" => "Allows removing participation in an event",
/**
* The CONTACT specific permissions
@@ -44,7 +45,6 @@ class PermissionSeeder extends Seeder
*/
"feedback.create" => "Creates a new feedback message",
"feedback.show" => "Shows a specific feedback message",
- "feedback.edit" => "allows editing of feedback messages",
"feedback.delete" => "allows deletion of feedback messages",
/**
diff --git a/skolehjem/database/seeds/RoleSeeder.php b/skolehjem/database/seeds/RoleSeeder.php
index eb9d937..d933701 100644
--- a/skolehjem/database/seeds/RoleSeeder.php
+++ b/skolehjem/database/seeds/RoleSeeder.php
@@ -46,8 +46,9 @@ class RoleSeeder extends Seeder
$brugerPermissions->add(\Spatie\Permission\Models\Permission::query()->where("name", "=", "washing.machine.reservation.create")->first());
$brugerPermissions->add(\Spatie\Permission\Models\Permission::query()->where("name", "=", "washing.machine.reservation.delete")->first());
$brugerPermissions->add(\Spatie\Permission\Models\Permission::query()->where("name", "=", "washing.machine.reservation.show")->first());
- $brugerPermissions->add(\Spatie\Permission\Models\Permission::query()->where("name", "=", "ownuser.edit")->first());
$brugerPermissions->add(\Spatie\Permission\Models\Permission::query()->where("name", "=", "event.show")->first());
+ $brugerPermissions->add(\Spatie\Permission\Models\Permission::query()->where("name", "=", "userevent.create")->first());
+ $brugerPermissions->add(\Spatie\Permission\Models\Permission::query()->where("name", "=", "userevent.delete")->first());
$brugerPermissions->add(\Spatie\Permission\Models\Permission::query()->where("name", "=", "guides.show")->first());
$brugerPermissions->add(\Spatie\Permission\Models\Permission::query()->where("name", "=", "news.show")->first());
diff --git a/skolehjem/resources/views/admin/contacts/create.blade.php b/skolehjem/resources/views/admin/contacts/create.blade.php
index 2244a48..e46e6ba 100644
--- a/skolehjem/resources/views/admin/contacts/create.blade.php
+++ b/skolehjem/resources/views/admin/contacts/create.blade.php
@@ -36,7 +36,7 @@
@yield("scripts")