Proximity
/
staffmanager
forked from miguel456/rbrecruiter
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed broken banning logic

This commit is contained in:
Miguel Nogueira 2020-08-13 22:12:17 +01:00
parent ad5c3404cc
commit 535a2c3973
4 changed files with 35 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
app/Http/Controllers/BanController.php
View File

@ -24,34 +24,38 @@ class BanController extends Controller
$duration = strtolower($request->durationOperator); $duration = strtolower($request->durationOperator);
$durationOperand = $request->durationOperand; $durationOperand = $request->durationOperand;
$expiryDate = now();
if (!empty($duration)) if (!empty($duration))
{ {
$expiryDate = now();
switch($duration) switch($duration)
{ {
case 'days': case 'days':
$expiryDate->addDays($duration); $expiryDate->addDays($durationOperand);
break; break;
case 'weeks': case 'weeks':
$expiryDate->addWeeks($duration); $expiryDate->addWeeks($durationOperand);
break; break;
case 'months': case 'months':
$expiryDate->addMonths($duration); $expiryDate->addMonths($durationOperand);
break; break;
case 'years': case 'years':
$expiryDate->addYears($duration); $expiryDate->addYears($durationOperand);
break; break;
} }
} }
else
{
// Essentially permanent
$expiryDate->addYears(100);
}
$ban = Ban::create([ $ban = Ban::create([
'userID' => $user->id, 'userID' => $user->id,
'reason' => $request->reason, 'reason' => $reason,
'bannedUntil' => $expiryDate->toDateTimeString() ?? null, 'bannedUntil' => $expiryDate->toDateTimeString() ?? null,
'userAgent' => "Unknown", 'userAgent' => "Unknown",
'authorUserID' => Auth::user()->id 'authorUserID' => Auth::user()->id

24
app/Policies/AppointmentPolicy.php
View File

@ -13,7 +13,7 @@ class AppointmentPolicy
/** /**
* Determine whether the user can view any models. * Determine whether the user can view any models.
* *
* @param \App\User $user * @param User $user
* @return mixed * @return mixed
*/ */
public function viewAny(User $user) public function viewAny(User $user)
@ -24,8 +24,8 @@ class AppointmentPolicy
/** /**
* Determine whether the user can view the model. * Determine whether the user can view the model.
* *
* @param \App\User $user * @param User $user
* @param \App\Appointment $appointment * @param Appointment $appointment
* @return mixed * @return mixed
*/ */
public function view(User $user, Appointment $appointment) public function view(User $user, Appointment $appointment)
@ -36,7 +36,7 @@ class AppointmentPolicy
/** /**
* Determine whether the user can create models. * Determine whether the user can create models.
* *
* @param \App\User $user * @param User $user
* @return mixed * @return mixed
*/ */
public function create(User $user) public function create(User $user)
@ -47,8 +47,8 @@ class AppointmentPolicy
/** /**
* Determine whether the user can update the model. * Determine whether the user can update the model.
* *
* @param \App\User $user * @param User $user
* @param \App\Appointment $appointment * @param Appointment $appointment
* @return mixed * @return mixed
*/ */
public function update(User $user, Appointment $appointment) public function update(User $user, Appointment $appointment)
@ -59,8 +59,8 @@ class AppointmentPolicy
/** /**
* Determine whether the user can delete the model. * Determine whether the user can delete the model.
* *
* @param \App\User $user * @param User $user
* @param \App\Appointment $appointment * @param Appointment $appointment
* @return mixed * @return mixed
*/ */
public function delete(User $user, Appointment $appointment) public function delete(User $user, Appointment $appointment)
@ -71,8 +71,8 @@ class AppointmentPolicy
/** /**
* Determine whether the user can restore the model. * Determine whether the user can restore the model.
* *
* @param \App\User $user * @param User $user
* @param \App\Appointment $appointment * @param Appointment $appointment
* @return mixed * @return mixed
*/ */
public function restore(User $user, Appointment $appointment) public function restore(User $user, Appointment $appointment)
@ -83,8 +83,8 @@ class AppointmentPolicy
/** /**
* Determine whether the user can permanently delete the model. * Determine whether the user can permanently delete the model.
* *
* @param \App\User $user * @param User $user
* @param \App\Appointment $appointment * @param Appointment $appointment
* @return mixed * @return mixed
*/ */
public function forceDelete(User $user, Appointment $appointment) public function forceDelete(User $user, Appointment $appointment)

10
app/Policies/BanPolicy.php
View File

@ -5,6 +5,8 @@ namespace App\Policies;
use App\Ban; use App\Ban;
use App\User; use App\User;
use Illuminate\Auth\Access\HandlesAuthorization; use Illuminate\Auth\Access\HandlesAuthorization;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Log;
class BanPolicy class BanPolicy
{ {
@ -41,7 +43,13 @@ class BanPolicy
*/ */
public function create(User $user) public function create(User $user)
{ {
return $user->hasRole('admin') && $user->isNot(Auth::user()); Log::debug("Authorization check started", [
'requiredRoles' => 'admin',
'currentRoles' => $user->roles(),
'hasRequiredRole' => $user->hasRole('admin'),
'isCurrentUser' => Auth::user()->is($user)
]);
return $user->hasRole('admin') && Auth::user()->isNot($user);
} }
/** /**

6
resources/views/dashboard/user/profile/displayprofile.blade.php
View File

@ -44,10 +44,10 @@
@csrf @csrf
<label for="reason">Reason</label> <label for="reason">Reason</label>
<input type="string" name="reason" id="reason" class="form-control" placeholder="e.g. Spamming"> <input type="text" name="reason" id="reason" class="form-control" placeholder="e.g. Spamming">
<div class="input-group"> <div class="input-group">
<input type="text" class="form-control" name="durationOperand" aria-label="Punishment duration"> <input type="text" class="form-control" name="durationOperator" aria-label="Punishment duration">
<div class="input-group-append"> <div class="input-group-append">
<button id="durationDropdown" class="btn btn-outline-secondary dropdown-toggle duration-btn" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Duration</button> <button id="durationDropdown" class="btn btn-outline-secondary dropdown-toggle duration-btn" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Duration</button>
<div class="dropdown-menu"> <div class="dropdown-menu">
@ -61,7 +61,7 @@
</div> </div>
<p class="text-muted text-sm">Leave empty for a permanent ban</p> <p class="text-muted text-sm">Leave empty for a permanent ban</p>
<input id="operator" type="hidden" value="" name="durationOperator" class="duration-operator-fld"> <input id="operator" type="hidden" value="" name="durationOperand" class="duration-operator-fld">
</form> </form>