miguel456
/
rbrecruiter
1
0
Fork 1
Code Issues Pull Requests 1 Projects Releases 2 Wiki Activity
rbrecruiter/app/Http/Controllers/DevToolsController.php

49 lines
1.3 KiB
PHP
Raw Normal View History

Major changes - Vote system now finished
2020-05-29 23:20:39 +00:00
<?php
namespace App\Http\Controllers;
use App\Application;
use App\Events\ApplicationApprovedEvent;
use Illuminate\Http\Request;
Code review This commit fixes some superficial instances of Broken Access Control (https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control). There may be some more instances of this, as authorization was only done after most of the controllers were done (big mistake). Some refactoring was also performed, where Route Model Binding with DI (dependency injection) was used whenever possible, to increase testability of the codebase. Some reused code was also moved to Helper classes as to enforce DRY; There may be some lines of code that are still copy-pasted from other parts of the codebase for reuse. Non-breaking refactoring changes were made, but the app as a whole still needs full manual testing, and customised responses to HTTP 500 responses. Some errors are also not handled gracefully and this wasn't checked in this commit.
2020-07-16 20:21:28 +00:00
use Illuminate\Support\Facades\Auth;
Major changes - Vote system now finished
2020-05-29 23:20:39 +00:00
class DevToolsController extends Controller
{
Code review This commit fixes some superficial instances of Broken Access Control (https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control). There may be some more instances of this, as authorization was only done after most of the controllers were done (big mistake). Some refactoring was also performed, where Route Model Binding with DI (dependency injection) was used whenever possible, to increase testability of the codebase. Some reused code was also moved to Helper classes as to enforce DRY; There may be some lines of code that are still copy-pasted from other parts of the codebase for reuse. Non-breaking refactoring changes were made, but the app as a whole still needs full manual testing, and customised responses to HTTP 500 responses. Some errors are also not handled gracefully and this wasn't checked in this commit.
2020-07-16 20:21:28 +00:00
// The use case for Laravel's gate and/or validation Requests is so tiny here that a full-blown policy would be overkill.
protected function isolatedAuthorise()
{
if (!Auth::user()->can('admin.developertools.use'))
{
abort(403, 'You\'re not authorized to access this page.');
}
}
Major changes - Vote system now finished
2020-05-29 23:20:39 +00:00
public function index()
{
Code review This commit fixes some superficial instances of Broken Access Control (https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control). There may be some more instances of this, as authorization was only done after most of the controllers were done (big mistake). Some refactoring was also performed, where Route Model Binding with DI (dependency injection) was used whenever possible, to increase testability of the codebase. Some reused code was also moved to Helper classes as to enforce DRY; There may be some lines of code that are still copy-pasted from other parts of the codebase for reuse. Non-breaking refactoring changes were made, but the app as a whole still needs full manual testing, and customised responses to HTTP 500 responses. Some errors are also not handled gracefully and this wasn't checked in this commit.
2020-07-16 20:21:28 +00:00
$this->isolatedAuthorise();
Major changes - Vote system now finished
2020-05-29 23:20:39 +00:00
return view('dashboard.administration.devtools')
->with('applications', Application::where('applicationStatus', 'STAGE_PEERAPPROVAL')->get());
}
public function forceVoteCount(Request $request)
{
Code review This commit fixes some superficial instances of Broken Access Control (https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control). There may be some more instances of this, as authorization was only done after most of the controllers were done (big mistake). Some refactoring was also performed, where Route Model Binding with DI (dependency injection) was used whenever possible, to increase testability of the codebase. Some reused code was also moved to Helper classes as to enforce DRY; There may be some lines of code that are still copy-pasted from other parts of the codebase for reuse. Non-breaking refactoring changes were made, but the app as a whole still needs full manual testing, and customised responses to HTTP 500 responses. Some errors are also not handled gracefully and this wasn't checked in this commit.
2020-07-16 20:21:28 +00:00
$this->isolatedAuthorise();
Major changes - Vote system now finished
2020-05-29 23:20:39 +00:00
$application = Application::find($request->application);
if (!is_null($application))
{
event(new ApplicationApprovedEvent($application));
$request->session()->flash('success', 'Event dispatched! Please check the debug logs for more info');
}
else
{
$request->session()->flash('error', 'Application doesn\'t exist!');
}
return redirect()->back();
}
}