From 667425e4e307a106f166d8bf7c1c25eb4e86ba18 Mon Sep 17 00:00:00 2001
From: miguel456 <me@nogueira.codes>
Date: Fri, 2 Sep 2022 00:00:28 +0100
Subject: [PATCH] feat: added eligibility check to application save method

This commit addresses an issue where users could submit as many applications as they wanted by simply navigating to the previous page and resubmitting the form, therefore bypassing validation that was only existent in the  front end.
Fixes #20.
---
 app/Http/Controllers/ApplicationController.php | 17 +++++++++++------
 app/User.php                                   | 10 ++++------
 2 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/app/Http/Controllers/ApplicationController.php b/app/Http/Controllers/ApplicationController.php
index 822020b..2e3553b 100755
--- a/app/Http/Controllers/ApplicationController.php
+++ b/app/Http/Controllers/ApplicationController.php
@@ -96,20 +96,25 @@ class ApplicationController extends Controller
 
     public function saveApplicationAnswers(Request $request, $vacancySlug)
     {
-        try {
+        if (Auth::user()->isEligible()) {
+            try {
+                $this->applicationService->fillForm(Auth::user(), $request->all(), $vacancySlug);
 
-            $this->applicationService->fillForm(Auth::user(), $request->all(), $vacancySlug);
+            } catch (VacancyNotFoundException | IncompleteApplicationException | UnavailableApplicationException $e) {
 
-        } catch (VacancyNotFoundException | IncompleteApplicationException | UnavailableApplicationException $e) {
+                return redirect()
+                    ->back()
+                    ->with('error', $e->getMessage());
+            }
 
             return redirect()
-                ->back()
-                ->with('error', $e->getMessage());
+                ->to(route('showUserApps'))
+                ->with('success', __('Thank you! Your application has been processed and our team will get to it shortly.'));
         }
 
         return redirect()
             ->to(route('showUserApps'))
-            ->with('success', __('Thank you! Your application has been processed and our team will get to it shortly.'));
+            ->with('error', __('Your account is not eligible to submit a new application.'));
     }
 
     public function updateApplicationStatus(Request $request, Application $application, $newStatus)
diff --git a/app/User.php b/app/User.php
index ea96904..aa03134 100755
--- a/app/User.php
+++ b/app/User.php
@@ -121,19 +121,17 @@ class User extends Authenticatable implements MustVerifyEmail
 
 
     public function isEligible(): bool {
-        $eligible = false;
-        $lastApplication = Application::where('applicantUserID', $this->id)->latest()->first();
+        $lastApplication = Application::where('applicantUserID', $this->getAttribute('id'))->latest()->first();
 
         if (is_null($lastApplication)) {
-           $eligible = true;
+            return true;
         }
 
         if ($lastApplication->created_at->diffInMonths(now()) > 1 && in_array($lastApplication->applicationStatus, ['DENIED', 'APPROVED'])) {
-
-            $eligible = true;
+            return true;
         }
 
-        return $eligible;
+        return false;
     }