Add user directory & isolate authorisation

This commit is contained in:
Miguel Nogueira 2020-06-27 19:15:33 +01:00
parent 71efdf93d8
commit 33c16fcf46
25 changed files with 812 additions and 59 deletions

View File

@ -80,6 +80,8 @@ class ApplicationController extends Controller
public function showAllPendingApps() public function showAllPendingApps()
{ {
$this->authorize('viewAny', Application::class);
return view('dashboard.appmanagement.outstandingapps') return view('dashboard.appmanagement.outstandingapps')
->with('applications', Application::where('applicationStatus', 'STAGE_SUBMITTED')->get()); ->with('applications', Application::where('applicationStatus', 'STAGE_SUBMITTED')->get());
} }
@ -90,6 +92,7 @@ class ApplicationController extends Controller
public function showPendingInterview() public function showPendingInterview()
{ {
$this->authorize('viewAny', Application::class);
$applications = Application::with('appointment', 'user')->get(); $applications = Application::with('appointment', 'user')->get();
$count = 0; $count = 0;
@ -131,6 +134,7 @@ class ApplicationController extends Controller
public function showPeerReview() public function showPeerReview()
{ {
$this->authorize('viewAny', Application::class);
return view('dashboard.appmanagement.peerreview') return view('dashboard.appmanagement.peerreview')
->with('applications', Application::where('applicationStatus', 'STAGE_PEERAPPROVAL')->get()); ->with('applications', Application::where('applicationStatus', 'STAGE_PEERAPPROVAL')->get());
@ -246,6 +250,7 @@ class ApplicationController extends Controller
public function updateApplicationStatus(Request $request, $applicationID, $newStatus) public function updateApplicationStatus(Request $request, $applicationID, $newStatus)
{ {
$application = Application::find($applicationID); $application = Application::find($applicationID);
$this->authorize('update', Application::class);
if (!is_null($application)) if (!is_null($application))
{ {

View File

@ -28,6 +28,8 @@ class AppointmentController extends Controller
{ {
// Unrelated TODO: change if's in application page to a switch statement, & have the row encompass it // Unrelated TODO: change if's in application page to a switch statement, & have the row encompass it
$this->authorize('create', Appointment::class);
$app = Application::find($applicationID); $app = Application::find($applicationID);
if (!is_null($app)) if (!is_null($app))
@ -64,6 +66,9 @@ class AppointmentController extends Controller
public function updateAppointment(Request $request, $applicationID, $status) public function updateAppointment(Request $request, $applicationID, $status)
{ {
$this->authorize('update', Appointment::class);
$application = Application::find($applicationID); $application = Application::find($applicationID);
$validStatuses = [ $validStatuses = [
'SCHEDULED', 'SCHEDULED',

View File

@ -76,6 +76,9 @@ class BanController extends Controller
public function delete(Request $request, User $user) public function delete(Request $request, User $user)
{ {
$this->authorize('delete', $user->bans);
if (!is_null($user->bans)) if (!is_null($user->bans))
{ {
$user->bans->delete(); $user->bans->delete();

View File

@ -21,7 +21,7 @@ class CommentController extends Controller
public function insert(NewCommentRequest $request, Application $application) public function insert(NewCommentRequest $request, Application $application)
{ {
// Type hinting makes laravel automatically validate everything $this->authorize('create', Comment::class);
$comment = Comment::create([ $comment = Comment::create([
'authorID' => Auth::user()->id, 'authorID' => Auth::user()->id,
@ -53,13 +53,10 @@ class CommentController extends Controller
public function delete(Request $request, Comment $comment) public function delete(Request $request, Comment $comment)
{ {
if (Auth::user()->is($comment->user) || Auth::user()->hasRole('admin')) $this->authorize('delete', $comment);
{
$comment->delete();
$request->session()->flash('success', 'Comment deleted!');
}
$request->session()->flash('error', 'You do not have permission to delete this comment!'); $comment->delete();
$request->session()->flash('success', 'Comment deleted!');
return redirect()->back(); return redirect()->back();

View File

@ -5,24 +5,31 @@ namespace App\Http\Controllers;
use App\Form; use App\Form;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Support\Facades\Validator; use Illuminate\Support\Facades\Validator;
use Illuminate\Support\Facades\Auth;
class FormController extends Controller class FormController extends Controller
{ {
public function index() public function index()
{ {
$forms = Form::all();
$this->authorize('viewAny', Form::class);
return view('dashboard.administration.forms') return view('dashboard.administration.forms')
->with('forms', Form::all()); ->with('forms', $forms);
} }
public function showFormBuilder() public function showFormBuilder()
{ {
$this->authorize('viewFormbuilder', Form::class);
return view('dashboard.administration.formbuilder'); return view('dashboard.administration.formbuilder');
} }
public function saveForm(Request $request) public function saveForm(Request $request)
{ {
$this->authorize('create', Form::class);
$formFields = $request->all(); $formFields = $request->all();
$formStructure = []; $formStructure = [];
@ -72,6 +79,7 @@ class FormController extends Controller
{ {
$form = Form::find($id); $form = Form::find($id);
$this->authorize('delete', $form);
// TODO: Check if form is linked to vacancies before allowing deletion // TODO: Check if form is linked to vacancies before allowing deletion
if (!is_null($form)) if (!is_null($form))

View File

@ -14,6 +14,14 @@ use Spatie\Permission\Models\Role;
class ProfileController extends Controller class ProfileController extends Controller
{ {
public function index()
{
return view('dashboard.user.directory')
->with('users', User::with('profile', 'bans')->paginate(9));
}
public function showProfile() public function showProfile()
{ {

View File

@ -24,50 +24,48 @@ use Spatie\Permission\Models\Role;
class UserController extends Controller class UserController extends Controller
{ {
public function showStaffMembers() public function showStaffMembers()
{ {
$this->authorize('viewStaff', User::class);
$staffRoles = [ $staffRoles = [
'reviewer', 'reviewer',
'hiringManager', 'hiringManager',
'admin' 'admin'
]; // TODO: Un-hardcode this, move to config/roles.php ]; // TODO: Un-hardcode this, move to config/roles.php
$users = User::with('roles')->get();
$staffMembers = collect([]);
if (Auth::user()->can('admin.stafflist')) foreach($users as $user)
{ {
$users = User::with('roles')->get(); if (empty($user->roles))
$staffMembers = collect([]);
foreach($users as $user)
{ {
if (empty($user->roles)) Log::debug($user->role->name);
{ Log::debug('Staff list: User without role detected; Ignoring');
Log::debug($user->role->name); continue;
Log::debug('Staff list: User without role detected; Ignoring');
continue;
}
foreach($user->roles as $role)
{
if (in_array($role->name, $staffRoles))
{
$staffMembers->push($user);
continue 2; // Skip directly to the next user instead of comparing more roles for the current user
}
}
} }
return view('dashboard.administration.staff-members') foreach($user->roles as $role)
->with([ {
'users' => $staffMembers if (in_array($role->name, $staffRoles))
]); {
$staffMembers->push($user);
continue 2; // Skip directly to the next user instead of comparing more roles for the current user
}
}
} }
abort(403, 'Forbidden'); return view('dashboard.administration.staff-members')
->with([
'users' => $staffMembers
]);
} }
public function showPlayers() public function showPlayers()
{ {
$this->authorize('viewPlayers', User::class);
$users = User::with('roles')->get(); $users = User::with('roles')->get();
$players = collect([]); $players = collect([]);
@ -80,23 +78,19 @@ class UserController extends Controller
} }
} }
if (Auth::user()->can('admin.userlist')) return view('dashboard.administration.players')
{ ->with([
return view('dashboard.administration.players') 'users' => $players,
->with([ 'bannedUserCount' => Ban::all()->count()
'users' => $players, ]);
'bannedUserCount' => Ban::all()->count()
]);
}
abort(403, 'Forbidden');
} }
public function showPlayersLike(SearchPlayerRequest $request) public function showPlayersLike(SearchPlayerRequest $request)
{ {
$searchTerm = $request->searchTerm; $this->authorize('viewPlayers', User::class);
$searchTerm = $request->searchTerm;
$matchingUsers = User::query() $matchingUsers = User::query()
->where('name', 'LIKE', "%{$searchTerm}%") ->where('name', 'LIKE', "%{$searchTerm}%")
->orWhere('email', 'LIKE', "%{$searchTerm}%") ->orWhere('email', 'LIKE', "%{$searchTerm}%")
@ -250,7 +244,7 @@ class UserController extends Controller
public function terminate(Request $request, User $user) public function terminate(Request $request, User $user)
{ {
$this->authorize('terminate', Auth::user()); $this->authorize('terminate', User::class);
if (!$user->isStaffMember() || $user->is(Auth::user())) if (!$user->isStaffMember() || $user->is(Auth::user()))
{ {

View File

@ -10,11 +10,13 @@ use App\Form;
use App\Notifications\VacancyClosed; use App\Notifications\VacancyClosed;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Support\Str; use Illuminate\Support\Str;
use Illuminate\Support\Facades\Auth;
class VacancyController extends Controller class VacancyController extends Controller
{ {
public function index() public function index()
{ {
$this->authorize('viewAny', Vacancy::class);
return view('dashboard.administration.positions') return view('dashboard.administration.positions')
->with([ ->with([
'forms' => Form::all(), 'forms' => Form::all(),
@ -24,6 +26,7 @@ class VacancyController extends Controller
public function store(VacancyRequest $request) public function store(VacancyRequest $request)
{ {
$this->authorize('create', Vacancy::class);
$form = Form::find($request->vacancyFormID); $form = Form::find($request->vacancyFormID);
if (!is_null($form)) if (!is_null($form))
@ -53,7 +56,9 @@ class VacancyController extends Controller
public function updatePositionAvailability(Request $request, $status, $id) public function updatePositionAvailability(Request $request, $status, $id)
{ {
$vacancy = Vacancy::find($id); $vacancy = Vacancy::find($id);
$this->authorize('update', $vacancy);
if (!is_null($vacancy)) if (!is_null($vacancy))
{ {

View File

@ -16,6 +16,7 @@ class VoteController extends Controller
public function vote(VoteRequest $voteRequest, $applicationID) public function vote(VoteRequest $voteRequest, $applicationID)
{ {
$application = Application::find($applicationID); $application = Application::find($applicationID);
$this->authorize('create', Vote::class);
if (!is_null($application)) if (!is_null($application))
{ {

View File

@ -21,6 +21,16 @@ class ApplicationPolicy
// //
} }
public function viewAny(User $user)
{
if ($user->can('applications.view.all'))
{
return Response::allow();
}
return Response::deny('Forbidden');
}
public function view(User $user, Application $application) public function view(User $user, Application $application)
{ {
if ($user->is($application->user) && $user->can('applications.view.own') || $user->can('applications.view.all')) if ($user->is($application->user) && $user->can('applications.view.own') || $user->can('applications.view.all'))
@ -30,4 +40,9 @@ class ApplicationPolicy
return Response::deny('You are not authorised to view this application'); return Response::deny('You are not authorised to view this application');
} }
public function update(User $user)
{
return $user->hasAnyRole('admin', 'hiringManager');
}
} }

View File

@ -0,0 +1,94 @@
<?php
namespace App\Policies;
use App\Appointment;
use App\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class AppointmentPolicy
{
use HandlesAuthorization;
/**
* Determine whether the user can view any models.
*
* @param \App\User $user
* @return mixed
*/
public function viewAny(User $user)
{
//
}
/**
* Determine whether the user can view the model.
*
* @param \App\User $user
* @param \App\Appointment $appointment
* @return mixed
*/
public function view(User $user, Appointment $appointment)
{
//
}
/**
* Determine whether the user can create models.
*
* @param \App\User $user
* @return mixed
*/
public function create(User $user)
{
return $user->can('appointments.schedule');
}
/**
* Determine whether the user can update the model.
*
* @param \App\User $user
* @param \App\Appointment $appointment
* @return mixed
*/
public function update(User $user, Appointment $appointment)
{
return $user->can('appointments.schedule.edit');
}
/**
* Determine whether the user can delete the model.
*
* @param \App\User $user
* @param \App\Appointment $appointment
* @return mixed
*/
public function delete(User $user, Appointment $appointment)
{
//
}
/**
* Determine whether the user can restore the model.
*
* @param \App\User $user
* @param \App\Appointment $appointment
* @return mixed
*/
public function restore(User $user, Appointment $appointment)
{
//
}
/**
* Determine whether the user can permanently delete the model.
*
* @param \App\User $user
* @param \App\Appointment $appointment
* @return mixed
*/
public function forceDelete(User $user, Appointment $appointment)
{
//
}
}

View File

@ -0,0 +1,94 @@
<?php
namespace App\Policies;
use App\Ban;
use App\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class BanPolicy
{
use HandlesAuthorization;
/**
* Determine whether the user can view any models.
*
* @param \App\User $user
* @return mixed
*/
public function viewAny(User $user)
{
//
}
/**
* Determine whether the user can view the model.
*
* @param \App\User $user
* @param \App\Ban $ban
* @return mixed
*/
public function view(User $user, Ban $ban)
{
//
}
/**
* Determine whether the user can create models.
*
* @param \App\User $user
* @return mixed
*/
public function create(User $user)
{
//
}
/**
* Determine whether the user can update the model.
*
* @param \App\User $user
* @param \App\Ban $ban
* @return mixed
*/
public function update(User $user, Ban $ban)
{
//
}
/**
* Determine whether the user can delete the model.
*
* @param \App\User $user
* @param \App\Ban $ban
* @return mixed
*/
public function delete(User $user, Ban $ban)
{
return $user->hasRole('admin');
}
/**
* Determine whether the user can restore the model.
*
* @param \App\User $user
* @param \App\Ban $ban
* @return mixed
*/
public function restore(User $user, Ban $ban)
{
//
}
/**
* Determine whether the user can permanently delete the model.
*
* @param \App\User $user
* @param \App\Ban $ban
* @return mixed
*/
public function forceDelete(User $user, Ban $ban)
{
//
}
}

View File

@ -0,0 +1,99 @@
<?php
namespace App\Policies;
use App\Comment;
use App\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class CommentPolicy
{
use HandlesAuthorization;
/**
* Determine whether the user can view any models.
*
* @param \App\User $user
* @return mixed
*/
public function viewAny(User $user)
{
//
}
/**
* Determine whether the user can view the model.
*
* @param \App\User $user
* @param \App\Comment $comment
* @return mixed
*/
public function view(User $user, Comment $comment)
{
//
}
/**
* Determine whether the user can create models.
*
* @param \App\User $user
* @return mixed
*/
public function create(User $user)
{
return $user->isStaffMember();
}
/**
* Determine whether the user can update the model.
*
* @param \App\User $user
* @param \App\Comment $comment
* @return mixed
*/
public function update(User $user, Comment $comment)
{
//
}
/**
* Determine whether the user can delete the model.
*
* @param \App\User $user
* @param \App\Comment $comment
* @return mixed
*/
public function delete(User $user, Comment $comment)
{
if ($user->is($comment->user) || $user->hasRole('admin'))
{
return true;
}
return false;
}
/**
* Determine whether the user can restore the model.
*
* @param \App\User $user
* @param \App\Comment $comment
* @return mixed
*/
public function restore(User $user, Comment $comment)
{
//
}
/**
* Determine whether the user can permanently delete the model.
*
* @param \App\User $user
* @param \App\Comment $comment
* @return mixed
*/
public function forceDelete(User $user, Comment $comment)
{
//
}
}

View File

@ -0,0 +1,98 @@
<?php
namespace App\Policies;
use App\Form;
use App\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class FormPolicy
{
use HandlesAuthorization;
/**
* Determine whether the user can view any models.
*
* @param \App\User $user
* @return mixed
*/
public function viewAny(User $user)
{
return $user->can('admin.hiring.forms');
}
/**
* Determine whether the user can view the model.
*
* @param \App\User $user
* @param \App\Form $form
* @return mixed
*/
public function view(User $user, Form $form)
{
return $user->can('admin.hiring.forms');
}
public function viewFormbuilder(User $user)
{
return $user->can('admin.hiring.formbuilder');
}
/**
* Determine whether the user can create models.
*
* @param \App\User $user
* @return mixed
*/
public function create(User $user)
{
return $this->user->can('admin.hiring.forms');
}
/**
* Determine whether the user can update the model.
*
* @param \App\User $user
* @param \App\Form $form
* @return mixed
*/
public function update(User $user, Form $form)
{
// unused
}
/**
* Determine whether the user can delete the model.
*
* @param \App\User $user
* @param \App\Form $form
* @return mixed
*/
public function delete(User $user, Form $form)
{
return $this->user->can('admin.hiring.forms');
}
/**
* Determine whether the user can restore the model.
*
* @param \App\User $user
* @param \App\Form $form
* @return mixed
*/
public function restore(User $user, Form $form)
{
//
}
/**
* Determine whether the user can permanently delete the model.
*
* @param \App\User $user
* @param \App\Form $form
* @return mixed
*/
public function forceDelete(User $user, Form $form)
{
//
}
}

View File

@ -0,0 +1,94 @@
<?php
namespace App\Policies;
use App\User;
use App\Vacancy;
use Illuminate\Auth\Access\HandlesAuthorization;
class VacancyPolicy
{
use HandlesAuthorization;
// TODO: Switch to permissions (there are no specific permissions yet)
/**
* Determine whether the user can view any models.
*
* @param \App\User $user
* @return mixed
*/
public function viewAny(User $user)
{
return $user->hasAnyRole('admin', 'hiringManager');
}
/**
* Determine whether the user can view the model.
*
* @param \App\User $user
* @param \App\Vacancy $vacancy
* @return mixed
*/
public function view(User $user, Vacancy $vacancy)
{
// unused
}
/**
* Determine whether the user can create models.
*
* @param \App\User $user
* @return mixed
*/
public function create(User $user)
{
return $user->hasAnyRole('admin', 'hiringManager');
}
/**
* Determine whether the user can update the model.
*
* @param \App\User $user
* @param \App\Vacancy $vacancy
* @return mixed
*/
public function update(User $user, Vacancy $vacancy)
{
return $user->hasRole('admin', 'hiringManager');
}
/**
* Determine whether the user can delete the model.
*
* @param \App\User $user
* @param \App\Vacancy $vacancy
* @return mixed
*/
public function delete(User $user, Vacancy $vacancy)
{
//
}
/**
* Determine whether the user can restore the model.
*
* @param \App\User $user
* @param \App\Vacancy $vacancy
* @return mixed
*/
public function restore(User $user, Vacancy $vacancy)
{
//
}
/**
* Determine whether the user can permanently delete the model.
*
* @param \App\User $user
* @param \App\Vacancy $vacancy
* @return mixed
*/
public function forceDelete(User $user, Vacancy $vacancy)
{
//
}
}

View File

@ -0,0 +1,94 @@
<?php
namespace App\Policies;
use App\User;
use App\Vote;
use Illuminate\Auth\Access\HandlesAuthorization;
class VotePolicy
{
use HandlesAuthorization;
/**
* Determine whether the user can view any models.
*
* @param \App\User $user
* @return mixed
*/
public function viewAny(User $user)
{
//
}
/**
* Determine whether the user can view the model.
*
* @param \App\User $user
* @param \App\Vote $vote
* @return mixed
*/
public function view(User $user, Vote $vote)
{
//
}
/**
* Determine whether the user can create models.
*
* @param \App\User $user
* @return mixed
*/
public function create(User $user)
{
return $user->can('applications.vote');
}
/**
* Determine whether the user can update the model.
*
* @param \App\User $user
* @param \App\Vote $vote
* @return mixed
*/
public function update(User $user, Vote $vote)
{
//
}
/**
* Determine whether the user can delete the model.
*
* @param \App\User $user
* @param \App\Vote $vote
* @return mixed
*/
public function delete(User $user, Vote $vote)
{
//
}
/**
* Determine whether the user can restore the model.
*
* @param \App\User $user
* @param \App\Vote $vote
* @return mixed
*/
public function restore(User $user, Vote $vote)
{
//
}
/**
* Determine whether the user can permanently delete the model.
*
* @param \App\User $user
* @param \App\Vote $vote
* @return mixed
*/
public function forceDelete(User $user, Vote $vote)
{
//
}
}

View File

@ -2,10 +2,22 @@
namespace App\Providers; namespace App\Providers;
use App\Http\Controllers\BanController;
use App\Http\Controllers\VoteController;
use App\Http\Controllers\ProfileController; use App\Http\Controllers\ProfileController;
use App\Http\Controllers\AppointmentController;
use App\Policies\ProfilePolicy; use App\Policies\ProfilePolicy;
use App\Policies\VacancyPolicy;
use App\Policies\UserPolicy; use App\Policies\UserPolicy;
use App\Policies\FormPolicy;
use App\Policies\ApplicationPolicy;
use App\User; use App\User;
use App\Form;
use App\Vote;
use App\Vacancy;
use App\Application;
use App\Appointment;
use App\Ban;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider; use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Illuminate\Support\Facades\Gate; use Illuminate\Support\Facades\Gate;
@ -18,9 +30,15 @@ class AuthServiceProvider extends ServiceProvider
*/ */
protected $policies = [ protected $policies = [
// 'App\Model' => 'App\Policies\ModelPolicy', // 'App\Model' => 'App\Policies\ModelPolicy',
'App\Application' => 'App\Policies\ApplicationPolicy', Application::class => ApplicationPolicy::class,
ProfileController::class => ProfilePolicy::class, Profile::class => ProfilePolicy::class,
User::class => UserPolicy::class User::class => UserPolicy::class,
Vacancy::class => VacancyPolicy::class,
//Form::class => FormPolicy::class
'App\Form' => 'App\Policies\FormPolicy',
Vote::class => VoteController::class,
Ban::class => BanController::class,
Appointment::class => AppointmentController::class
]; ];
/** /**
@ -31,7 +49,6 @@ class AuthServiceProvider extends ServiceProvider
public function boot() public function boot()
{ {
$this->registerPolicies(); $this->registerPolicies();
// //
} }
} }

View File

@ -213,6 +213,12 @@ return [
'icon' => 'fas fa-home', 'icon' => 'fas fa-home',
'url' => 'dashboard' 'url' => 'dashboard'
], ],
[
'text' => 'Directory',
'icon' => 'fas fa-users',
'url' => 'users/directory',
'can' => 'profiles.view.others'
],
[ [
'header' => 'Applications', 'header' => 'Applications',
'can' => 'applications.view.own' 'can' => 'applications.view.own'

3
public/css/directory.css vendored Normal file
View File

@ -0,0 +1,3 @@
.links nav {
display: inline-block;
}

View File

@ -63,7 +63,7 @@ I
<form name="search" method="POST" action="{{route('searchRegisteredPLayerList')}}"> <form name="search" method="POST" action="{{route('searchRegisteredPLayerList')}}">
@csrf @csrf
<div class="input-group"> <div class="input-group">
<input type="text" name="searchTerm" class="form-control" placeholder="Username/email search"> <input type="text" name="searchTerm" class="form-control" placeholder="Full/partial email search">
<span class="input-group-btn"> <span class="input-group-btn">
<button class="btn btn-default" type="submit"> <button class="btn btn-default" type="submit">
<i class="fa fa-search"></i> <i class="fa fa-search"></i>
@ -116,6 +116,7 @@ I
<th>#</th> <th>#</th>
<th>IGN</th> <th>IGN</th>
<th>UUID</th> <th>UUID</th>
<th>Email</th>
<th>Status</th> <th>Status</th>
<th>Registration Date</th> <th>Registration Date</th>
<th>Actions</th> <th>Actions</th>
@ -130,6 +131,7 @@ I
<td>{{$user->id}}</td> <td>{{$user->id}}</td>
<td>{{UUID::toUsername($user->uuid)}}</td> <td>{{UUID::toUsername($user->uuid)}}</td>
<td>{{$user->uuid}}</td> <td>{{$user->uuid}}</td>
<td>{{ $user->email }}</td>
<td> <td>
@if ($user->isBanned()) @if ($user->isBanned())
<span class="badge badge-danger"><i class="fa fa-ban"></i> Banned</span> <span class="badge badge-danger"><i class="fa fa-ban"></i> Banned</span>

View File

@ -49,6 +49,7 @@
<th>Full Name</th> <th>Full Name</th>
<th>UUID</th> <th>UUID</th>
<th>Rank</th> <th>Rank</th>
<th>Email</th>
<th>Status</th> <th>Status</th>
<th>Join Date</th> <th>Join Date</th>
<th>Actions</th> <th>Actions</th>
@ -60,7 +61,7 @@
@foreach($users as $user) @foreach($users as $user)
<tr> <tr>
<td>1</td> <td>{{ $user->id }}</td>
<td>{{$user->name}}</td> <td>{{$user->name}}</td>
<td>{{UUID::toUsername($user->uuid)}}</td> <td>{{UUID::toUsername($user->uuid)}}</td>
<td> <td>
@ -68,11 +69,11 @@
<span class="badge badge-info badge-sm">{{$role->name}}</span> <span class="badge badge-info badge-sm">{{$role->name}}</span>
@endforeach @endforeach
</td> </td>
<td>{{ $user->email }}</td>
<td><span class="badge badge-success">Active</span></td> <td><span class="badge badge-success">Active</span></td>
<td>{{$user->created_at}}</td> <td>{{$user->created_at}}</td>
<td> <td>
<button type="button" class="btn btn-sm btn-success mr-2" onclick="window.location.href='{{route('showSingleProfile', ['user' => $user->id])}}'"><i class="fa fa-eye"></i></button> <button type="button" class="btn btn-sm btn-success mr-2" onclick="window.location.href='{{route('showSingleProfile', ['user' => $user->id])}}'"><i class="fa fa-eye"></i></button>
<button type="button" class="btn btn-sm btn-warning mr-2"><i class="fas fa-pencil-alt"></i></button>
</td> </td>
</tr> </tr>

View File

@ -0,0 +1,107 @@
@extends('adminlte::page')
@section('title', 'Raspberry Network | User Directory')
@section('content_header')
<h4>Users / Directory</h4>
@stop
@section('js')
<script src="/js/app.js"></script>
<x-global-errors></x-global-errors>
@stop
@section('css')
<link rel="stylesheet" href="/css/directory.css" />
@stop
@section('content')
@if (Auth::user()->can('profiles.view.others'))
<div class="row">
@foreach ($users as $user)
<div class="col-md-4">
<!-- Widget: user widget style 1 -->
<div class="card card-widget widget-user">
<div class="widget-user-header bg-secondary">
<h3 class="widget-user-username">{{ $user->name }}</h3>
<h5 class="widget-user-desc">{{ $user->profile->profileShortBio }}</h5>
</div>
<div class="widget-user-image">
@if($user->profile->avatarPreference == 'gravatar')
<img class="profile-user-img elevation-2 img-fluid img-circle" src="https://gravatar.com/avatar/{{md5($user->email)}}" alt="User profile picture">
@else
<img class="profile-user-img elevation-2 img-fluid img-circle" src="https://crafatar.com/avatars/{{$user->uuid}}" alt="User profile picture">
@endif
</div>
<div class="card-footer text-center">
@if (Auth::user()->is($user))
<div class="user-indicator mb-2">
<span class="badge badge-success">It's you!</span>
</div>
@endif
<div class="roles mb-2">
@foreach ($user->roles as $role)
<span class="badge badge-secondary mr-2">{{ucfirst($role->name)}}</span>
@endforeach
</div>
<button type="button" class="btn btn-sm btn-primary" onclick="window.location.href='{{ route('showSingleProfile', ['user' => $user->id]) }}'"><i class="fa fa-eye"></i> Profile</button>
</div>
</div>
<!-- /.widget-user -->
</div>
@endforeach
</div>
<div clsas="row mt-4">
<div class="col">
<div class="card">
<div class="card-body text-center">
<div class="links">
{{ $users->links() }}
</div>
</div>
</div>
</div>
</div>
@else
<div class="alert alert-danger">
<p>
You do not have permission to view this page.
</p>
</div>
@endif
@stop

View File

@ -4,7 +4,7 @@
@section('content_header') @section('content_header')
<h4>Profile</h4> <h4>Users / Profile / {{ $profile->user->name }}</h4>
@stop @stop

View File

@ -31,6 +31,9 @@ Route::group(['middleware' => ['auth', 'forcelogout']], function(){
->name('dashboard') ->name('dashboard')
->middleware('eligibility'); ->middleware('eligibility');
Route::get('users/directory', 'ProfileController@index')
->name('directory');
Route::group(['prefix' => '/applications'], function (){ Route::group(['prefix' => '/applications'], function (){
Route::get('/my-applications', 'ApplicationController@showUserApps') Route::get('/my-applications', 'ApplicationController@showUserApps')