Merge remote-tracking branch 'origin/master'

# Conflicts: # skolehjem/resources/views/app/users/editpass.blade.php
2020-08-03 09:43:51 +02:00 · 2020-08-03 09:43:51 +02:00 · c2a90c69f9
parent f2895a00e3 09fa8ce007
commit c2a90c69f9
4 changed files with 46 additions and 14 deletions
--- a/skolehjem/app/Http/Controllers/UserController.php
+++ b/skolehjem/app/Http/Controllers/UserController.php
@ -18,16 +18,16 @@ class UserController extends Controller
 {
    public function __construct()
    {
-        $this->middleware([ "auth" ])->only(["logout"]);
+        $this->middleware([ "auth" ])->only("logout");
        $this->middleware([ "guest" ])->only("login");

        $this->middleware([ "check.auth:user.list" ])->only("index");
        $this->middleware([ "check.auth:user.show" ])->only("show");
        $this->middleware([ "check.auth:user.create" ])->only("create");
-        $this->middleware([ "check.auth:user.edit" ])->only("edit", "update");
+        $this->middleware([ "check.auth:user.edit" ])->only(["edit", "update"]);
        $this->middleware([ "check.auth:user.delete" ])->only("delete");

-        $this->middleware([ "check.auth:ownuser.edit" ])->only("update", "accountedit", "accounteditpass", "account");
+        $this->middleware([ "check.auth:ownuser.edit" ])->only(["accountupdate", "accountedit", "accounteditpass", "account"]);
    }

    /**
@ -123,6 +123,7 @@ class UserController extends Controller
     */
    public function update(Request $request, $id)
    {
+        return redirect()->route("users.account");
        $user = User::find($id);

        if($id === Auth::id() || auth()->user()->hasPermissionTo("user.edit")) {
@ -147,8 +148,6 @@ class UserController extends Controller
                foreach ($request->roles as $role) {
                    $user->assignRole($role);
                }
-
-                //$user->save();
            } else { // Else if you're not on the admin site (user site)
                if ($request->input('password') != null) { // If you're editing the password
                    $data = $request->only(['name_first', 'name_last', 'email', 'phone', 'password']);
@ -164,7 +163,7 @@ class UserController extends Controller
                        return redirect()->route("users.login")->with('success#passwordchange', '<p class="text-center text-white">Dit password er hermed ændret!</p>');
                    }
                } else { // Else if you're not editing the password but anything else (Email, Phone Number). Then update user.
-                    $data = $request->only(['name_first', 'name_last', 'email', 'phone']);
+                    $data = $request->only(['email', 'phone']);
                    $user->update($data);

                    return redirect()->route("users.account")->with('success#credentialschanged', '<p class="text-center">Dine oplysninger er hermed ændret!</p>');
@ -262,6 +261,41 @@ class UserController extends Controller
        return Response::detect("users.editpass");
    }

+    /**
+     * Update the specified resource in storage.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\View\Factory|\Illuminate\View\View
+     */
+    public function accountupdate(Request $request)
+    {
+        $user = User::find(Auth::id());
+
+        if ($request->input('password') != null) { // If you're editing the password
+            $data = $request->only(['name_first', 'name_last', 'email', 'phone', 'password']);
+            if ($request->input('password') != $request->input('confirmpassword')) { // If new password and new password confirm is not the same, go back with fail message.
+                return redirect()->route("users.accounteditpass")->with('error#notsamepass', '<p class="text-center">Der stod ikke det samme i `Nyt Password` & `Bekræft Nyt Password`!</p>');
+            } elseif (!Hash::check($request->input('oldpassword'), $user->password)) { // If the written current password and current password in DB is not the same, go back with fail message.
+                return redirect()->route("users.accounteditpass")->with('error#oldpass', '<p class="text-center">Det indtastede password i `Nuværende Password` er ikke dit nuværende password!</p>');
+            } else { // If new password and current password is the same AND current written and current DB password is the same. Then update and logout.
+                /** @var User $user */
+                $user->update($data);
+                Auth::logout();
+
+                return redirect()->route("users.login")->with('success#passwordchange', '<p class="text-center text-white">Dit password er hermed ændret!</p>');
+            }
+        } else { // Else if you're not editing the password but anything else (Email, Phone Number). Then update user.
+            $data = $request->only(['email', 'phone']);
+            $user->update($data);
+
+            return redirect()->route("users.account")->with('success#credentialschanged', '<p class="text-center">Dine oplysninger er hermed ændret!</p>');
+        }
+        $users = User::query()->paginate(20);
+
+        return Response::detect("users.index", [
+            "users" => $users
+        ]);
+    }

    public function search(Request $request){
        if($request->ajax()){
--- a/skolehjem/resources/views/app/users/edit.blade.php
+++ b/skolehjem/resources/views/app/users/edit.blade.php
@ -7,7 +7,7 @@
@section("content")
    <main>
        <h1 class="text-center sde-blue mt-0">Konto</h1>
-    <form method="post" action="{{ route("users.update", ['user' => Auth::user()]) }}">
+    <form method="post" action="{{ route("users.accountupdate", ['user' => Auth::user()]) }}">
            @csrf
            @method("put")
            <span>Navn:</span>
--- a/skolehjem/resources/views/app/users/editpass.blade.php
+++ b/skolehjem/resources/views/app/users/editpass.blade.php
@ -7,7 +7,7 @@
@section("content")
    <main>
        <h1 class="text-center sde-blue mt-0">Konto</h1>
-        <form method="post" action="{{ route("users.update", ['user' => Auth::user()]) }}">
+        <form method="post" action="{{ route("users.accountupdate", ['user' => Auth::user()]) }}" style="display: inline-table;">
            @csrf
            @method("put")
            <span>Nuværende Password:</span>
--- a/skolehjem/routes/web.php
+++ b/skolehjem/routes/web.php
@ -13,10 +13,6 @@ use Illuminate\Support\Facades\Route;
 |
 */

-//Route::get('/', function () {
-//    return view('welcome');
-//});
-
 Route::get("/", "RootController@index")->name("root.index");
 Route::get("/home", "RootController@index")->name("root.index");

@ -28,16 +24,18 @@ Route::post("/forgot", "UserController@forgot")->name("users.forgot");
 Route::get("/account", "UserController@account")->name("users.account");
 Route::get("/account/edit", "UserController@accountedit")->name("users.accountedit");
 Route::get("/account/editpass", "UserController@accounteditpass")->name("users.accounteditpass");
-Route::post("/account/update", "UserController@update")->name("users.accountupdate");
+Route::put("/account/update", "UserController@accountupdate")->name("users.accountupdate");
 Route::get("/events/signups", "EventController@signups")->name("events.signups");
 Route::get("phones", "PhoneController@index")->name("phones.index");
+Route::get("/washing-reservationsapi", "WashingReservationController@api")->name("washing-reservations.api");
+
 Route::get("/contactsapi", "ContactController@search")->name("contacts.search");
 Route::get("/eventsapi", "EventController@search")->name("events.search");
 Route::get("/menuplansapi", "MenuPlanController@search")->name("menu-plans.search");
 Route::get("/rolesapi", "RolesController@search")->name("roles.search");
 Route::get("/userapi", "UserController@search")->name("users.search");
 Route::get("/vaskeapi", "WashingReservationController@search")->name("washing-reservations.search");
-Route::get("/washing-reservationsapi", "WashingReservationController@api")->name("washing-reservations.api");
+