Proximity/staffmanager
1
0
Fork 0
forked from miguel456/rbrecruiter
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed broken banning logic

Browse Source
This commit is contained in:
Miguel Nogueira
2020-08-13 22:12:17 +01:00
parent ad5c3404cc
commit 535a2c3973
4 changed files with 35 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
app/Http/Controllers/BanController.php
View File

@@ -24,34 +24,38 @@ class BanController extends Controller
$duration = strtolower($request->durationOperator);
$durationOperand = $request->durationOperand;
$expiryDate = now();
if (!empty($duration))
{
$expiryDate = now();
switch($duration)
{
case 'days':
$expiryDate->addDays($duration);
$expiryDate->addDays($durationOperand);
break;
case 'weeks':
$expiryDate->addWeeks($duration);
$expiryDate->addWeeks($durationOperand);
break;
case 'months':
$expiryDate->addMonths($duration);
$expiryDate->addMonths($durationOperand);
break;
case 'years':
$expiryDate->addYears($duration);
$expiryDate->addYears($durationOperand);
break;
}
}
else
{
// Essentially permanent
$expiryDate->addYears(100);
}
$ban = Ban::create([
'userID' => $user->id,
'reason' => $request->reason,
'reason' => $reason,
'bannedUntil' => $expiryDate->toDateTimeString() ?? null,
'userAgent' => "Unknown",
'authorUserID' => Auth::user()->id

24
app/Policies/AppointmentPolicy.php
View File

@@ -13,7 +13,7 @@ class AppointmentPolicy
/**
* Determine whether the user can view any models.
*
* @param \App\User $user
* @param User $user
* @return mixed
*/
public function viewAny(User $user)
@@ -24,8 +24,8 @@ class AppointmentPolicy
/**
* Determine whether the user can view the model.
*
* @param \App\User $user
* @param \App\Appointment $appointment
* @param User $user
* @param Appointment $appointment
* @return mixed
*/
public function view(User $user, Appointment $appointment)
@@ -36,7 +36,7 @@ class AppointmentPolicy
/**
* Determine whether the user can create models.
*
* @param \App\User $user
* @param User $user
* @return mixed
*/
public function create(User $user)
@@ -47,8 +47,8 @@ class AppointmentPolicy
/**
* Determine whether the user can update the model.
*
* @param \App\User $user
* @param \App\Appointment $appointment
* @param User $user
* @param Appointment $appointment
* @return mixed
*/
public function update(User $user, Appointment $appointment)
@@ -59,8 +59,8 @@ class AppointmentPolicy
/**
* Determine whether the user can delete the model.
*
* @param \App\User $user
* @param \App\Appointment $appointment
* @param User $user
* @param Appointment $appointment
* @return mixed
*/
public function delete(User $user, Appointment $appointment)
@@ -71,8 +71,8 @@ class AppointmentPolicy
/**
* Determine whether the user can restore the model.
*
* @param \App\User $user
* @param \App\Appointment $appointment
* @param User $user
* @param Appointment $appointment
* @return mixed
*/
public function restore(User $user, Appointment $appointment)
@@ -83,8 +83,8 @@ class AppointmentPolicy
/**
* Determine whether the user can permanently delete the model.
*
* @param \App\User $user
* @param \App\Appointment $appointment
* @param User $user
* @param Appointment $appointment
* @return mixed
*/
public function forceDelete(User $user, Appointment $appointment)

10
app/Policies/BanPolicy.php
View File

@@ -5,6 +5,8 @@ namespace App\Policies;
use App\Ban;
use App\User;
use Illuminate\Auth\Access\HandlesAuthorization;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Log;
class BanPolicy
{
@@ -41,7 +43,13 @@ class BanPolicy
*/
public function create(User $user)
{
return $user->hasRole('admin') && $user->isNot(Auth::user());
Log::debug("Authorization check started", [
'requiredRoles' => 'admin',
'currentRoles' => $user->roles(),
'hasRequiredRole' => $user->hasRole('admin'),
'isCurrentUser' => Auth::user()->is($user)
]);
return $user->hasRole('admin') && Auth::user()->isNot($user);
}
/**