Proximity
/
staffmanager
forked from miguel456/rbrecruiter
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed broken banning logic

This commit is contained in:
Miguel Nogueira 2020-08-13 22:12:17 +01:00
parent ad5c3404cc
commit 535a2c3973
4 changed files with 35 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
app/Http/Controllers/BanController.php
View File

@ -24,34 +24,38 @@ class BanController extends Controller
$duration = strtolower($request->durationOperator);
$durationOperand = $request->durationOperand;
$expiryDate = now();
if (!empty($duration))
{
$expiryDate = now();
switch($duration)
{
case 'days':
$expiryDate->addDays($duration);
$expiryDate->addDays($durationOperand);
break;
case 'weeks':
$expiryDate->addWeeks($duration);
$expiryDate->addWeeks($durationOperand);
break;
case 'months':
$expiryDate->addMonths($duration);
$expiryDate->addMonths($durationOperand);
break;
case 'years':
$expiryDate->addYears($duration);
$expiryDate->addYears($durationOperand);
break;
}
}
else
{
// Essentially permanent
$expiryDate->addYears(100);
}
$ban = Ban::create([
'userID' => $user->id,
'reason' => $request->reason,
'reason' => $reason,
'bannedUntil' => $expiryDate->toDateTimeString() ?? null,
'userAgent' => "Unknown",
'authorUserID' => Auth::user()->id

24
app/Policies/AppointmentPolicy.php
View File

@ -13,7 +13,7 @@ class AppointmentPolicy
/**
* Determine whether the user can view any models.
*
* @param \App\User $user
* @param User $user
* @return mixed
*/
public function viewAny(User $user)
@ -24,8 +24,8 @@ class AppointmentPolicy
/**
* Determine whether the user can view the model.
*
* @param \App\User $user
* @param \App\Appointment $appointment
* @param User $user
* @param Appointment $appointment
* @return mixed
*/
public function view(User $user, Appointment $appointment)
@ -36,7 +36,7 @@ class AppointmentPolicy
/**
* Determine whether the user can create models.
*
* @param \App\User $user
* @param User $user
* @return mixed
*/
public function create(User $user)
@ -47,8 +47,8 @@ class AppointmentPolicy
/**
* Determine whether the user can update the model.
*
* @param \App\User $user
* @param \App\Appointment $appointment
* @param User $user
* @param Appointment $appointment
* @return mixed
*/
public function update(User $user, Appointment $appointment)
@ -59,8 +59,8 @@ class AppointmentPolicy
/**
* Determine whether the user can delete the model.
*
* @param \App\User $user
* @param \App\Appointment $appointment
* @param User $user
* @param Appointment $appointment
* @return mixed
*/
public function delete(User $user, Appointment $appointment)
@ -71,8 +71,8 @@ class AppointmentPolicy
/**
* Determine whether the user can restore the model.
*
* @param \App\User $user
* @param \App\Appointment $appointment
* @param User $user
* @param Appointment $appointment
* @return mixed
*/
public function restore(User $user, Appointment $appointment)
@ -83,8 +83,8 @@ class AppointmentPolicy
/**
* Determine whether the user can permanently delete the model.
*
* @param \App\User $user
* @param \App\Appointment $appointment
* @param User $user
* @param Appointment $appointment
* @return mixed
*/
public function forceDelete(User $user, Appointment $appointment)

10
app/Policies/BanPolicy.php
View File

@ -5,6 +5,8 @@ namespace App\Policies;
use App\Ban;
use App\User;
use Illuminate\Auth\Access\HandlesAuthorization;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Log;
class BanPolicy
{
@ -41,7 +43,13 @@ class BanPolicy
*/
public function create(User $user)
{
return $user->hasRole('admin') && $user->isNot(Auth::user());
Log::debug("Authorization check started", [
'requiredRoles' => 'admin',
'currentRoles' => $user->roles(),
'hasRequiredRole' => $user->hasRole('admin'),
'isCurrentUser' => Auth::user()->is($user)
]);
return $user->hasRole('admin') && Auth::user()->isNot($user);
}
/**

6
resources/views/dashboard/user/profile/displayprofile.blade.php
View File

@ -44,10 +44,10 @@
@csrf
<label for="reason">Reason</label>
<input type="string" name="reason" id="reason" class="form-control" placeholder="e.g. Spamming">
<input type="text" name="reason" id="reason" class="form-control" placeholder="e.g. Spamming">
<div class="input-group">
<input type="text" class="form-control" name="durationOperand" aria-label="Punishment duration">
<input type="text" class="form-control" name="durationOperator" aria-label="Punishment duration">
<div class="input-group-append">
<button id="durationDropdown" class="btn btn-outline-secondary dropdown-toggle duration-btn" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Duration</button>
<div class="dropdown-menu">
@ -61,7 +61,7 @@
</div>
<p class="text-muted text-sm">Leave empty for a permanent ban</p>
<input id="operator" type="hidden" value="" name="durationOperator" class="duration-operator-fld">
<input id="operator" type="hidden" value="" name="durationOperand" class="duration-operator-fld">
</form>