rbrecruiter/app/Http/Controllers/VacancyController.php

<?php

/*
 * Copyright © 2020 Miguel Nogueira
 *
 *   This file is part of Raspberry Staff Manager.
 *
 *     Raspberry Staff Manager is free software: you can redistribute it and/or modify
 *     it under the terms of the GNU General Public License as published by
 *     the Free Software Foundation, either version 3 of the License, or
 *     (at your option) any later version.
 *
 *     Raspberry Staff Manager is distributed in the hope that it will be useful,
 *     but WITHOUT ANY WARRANTY; without even the implied warranty of
 *     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *     GNU General Public License for more details.
 *
 *     You should have received a copy of the GNU General Public License
 *     along with Raspberry Staff Manager.  If not, see <https://www.gnu.org/licenses/>.
 */

namespace App\Http\Controllers;

use App\Facades\JSON;
use App\Form;
use App\Http\Requests\VacancyEditRequest;
use App\Http\Requests\VacancyRequest;
use App\Notifications\VacancyClosed;
use App\User;
use App\Vacancy;
use Illuminate\Http\Request;
use Illuminate\Support\Str;

class VacancyController extends Controller
{
    public function index()
    {
        $this->authorize('viewAny', Vacancy::class);

        return view('dashboard.administration.positions')
            ->with([
                'forms' => Form::all(),
                'vacancies' => Vacancy::all(),
            ]);
    }

    public function store(VacancyRequest $request)
    {
        $messageIsError = false;
        $this->authorize('create', Vacancy::class);


        $form = Form::find($request->vacancyFormID);

        if (! is_null($form)) {
            /* note: since we can't convert HTML back to Markdown, we'll have to do the converting when the user requests a page,
            * and leave the database with Markdown only so it can be used and edited everywhere.
            * for several vacancies, this would require looping through all of them and replacing MD with HTML, which is obviously not the most clean solution;
            * however, the Model can be configured to return MD instead of HTML on that specific field saving us from looping.
            */
            Vacancy::create([

                'vacancyName' => $request->vacancyName,
                'vacancyDescription' => $request->vacancyDescription,
                'vacancyFullDescription' => $request->vacancyFullDescription,
                'vacancySlug' => Str::slug($request->vacancyName),
                'permissionGroupName' => $request->permissionGroup,
                'discordRoleID' => $request->discordRole,
                'vacancyFormID' => $request->vacancyFormID,
                'vacancyCount' => $request->vacancyCount,

            ]);

            $message = __('Vacancy successfully opened. It will now show in the home page.');

        } else {
            $message = __('You cannot create a vacancy without a valid form.');
            $messageIsError = true;
        }

        return redirect()
            ->back()
            ->with(($messageIsError) ? 'error' : 'success', $message);
    }

    public function updatePositionAvailability(Request $request, $status, Vacancy $vacancy)
    {
        $this->authorize('update', $vacancy);

        if (! is_null($vacancy)) {
            $type = 'success';

            switch ($status) {
                case 'open':
                    $vacancy->open();
                    $message = __('Position successfully opened!');

                    break;

                case 'close':
                    $vacancy->close();
                    $message = __('Position successfully closed!');

                    foreach (User::all() as $user) {
                        if ($user->isStaffMember()) {
                            $user->notify(new VacancyClosed($vacancy));
                        }
                    }
                    break;

                default:
                    $message = __("Please do not tamper with the URLs. To report a bug, please contact an administrator.");
                    $type = 'error';

            }
        } else {
            $message = __("The position you're trying to update doesn't exist!");
            $type = 'error';
        }

        return redirect()
            ->back()
            ->with($type, $message);

    }

    public function edit(Request $request, Vacancy $vacancy)
    {
        $this->authorize('update', $vacancy);

        return view('dashboard.administration.editposition')
               ->with('vacancy', $vacancy);
    }

    public function update(VacancyEditRequest $request, Vacancy $vacancy)
    {
        $this->authorize('update', $vacancy);

        $vacancy->vacancyFullDescription =  $request->vacancyFullDescription;
        $vacancy->vacancyDescription = $request->vacancyDescription;
        $vacancy->vacancyCount = $request->vacancyCount;

        $vacancy->save();

        return redirect()
            ->back()
            ->with('success', __('Vacancy successfully updated.'));
    }
}
Added models, migrations and controllers This commit adds the logical structure for the app. 2020-04-29 17:15:54 +00:00			`<?php`

Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`/*`
			`* Copyright © 2020 Miguel Nogueira`
			`*`
			`* This file is part of Raspberry Staff Manager.`
			`*`
			`* Raspberry Staff Manager is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU General Public License as published by`
			`* the Free Software Foundation, either version 3 of the License, or`
			`* (at your option) any later version.`
			`*`
			`* Raspberry Staff Manager is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU General Public License`
			`* along with Raspberry Staff Manager. If not, see <https://www.gnu.org/licenses/>.`
			`*/`
Added models, migrations and controllers This commit adds the logical structure for the app. 2020-04-29 17:15:54 +00:00
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`namespace App\Http\Controllers;`
Add ability to edit Vacancies 2020-07-11 19:34:26 +00:00
Separation of Concerns + old coude cleanup 2021-07-19 23:35:03 +00:00			`use App\Facades\JSON;`
Beta version This commit is too large to list all changes. 2020-06-26 23:32:33 +00:00			`use App\Form;`
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`use App\Http\Requests\VacancyEditRequest;`
			`use App\Http\Requests\VacancyRequest;`
Beta version This commit is too large to list all changes. 2020-06-26 23:32:33 +00:00			`use App\Notifications\VacancyClosed;`
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`use App\User;`
			`use App\Vacancy;`
Added models, migrations and controllers This commit adds the logical structure for the app. 2020-04-29 17:15:54 +00:00			`use Illuminate\Http\Request;`
Entrypoint: Add Application Page This commit finally adds the dynamically rendered form that changes according to how the user builds their form. It also fragments the header and footer for the main page into their own separate files for ease of access later. Vacancy status has also been added to the Vacancies in DB. All staff application endpoints have also been moved to under the user application endpoints group, for ease of use (duplicated route group). 2020-05-08 05:06:24 +00:00			`use Illuminate\Support\Str;`
Added full Vacancy description Also added support for Markdown 2020-07-11 04:34:12 +00:00
Added models, migrations and controllers This commit adds the logical structure for the app. 2020-04-29 17:15:54 +00:00			`class VacancyController extends Controller`
			`{`
Added vacancies list 2020-05-03 04:04:26 +00:00			`public function index()`
			`{`
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`$this->authorize('viewAny', Vacancy::class);`

Add save & update functionality to positions Tooltips also added, as well as a general configuration file for Mojang Status URL. Relationships were also added between forms and Vacancies. Status verification for the dashboard was moved to a Service Provider, where it adds log entries when cache expires. Authentication controllers were also updated to reflect the new dashboard URL. 2020-05-07 23:24:56 +00:00			`return view('dashboard.administration.positions')`
			`->with([`
			`'forms' => Form::all(),`
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`'vacancies' => Vacancy::all(),`
Add save & update functionality to positions Tooltips also added, as well as a general configuration file for Mojang Status URL. Relationships were also added between forms and Vacancies. Status verification for the dashboard was moved to a Service Provider, where it adds log entries when cache expires. Authentication controllers were also updated to reflect the new dashboard URL. 2020-05-07 23:24:56 +00:00			`]);`
			`}`

			`public function store(VacancyRequest $request)`
			`{`
Separation of Concerns + old coude cleanup 2021-07-19 23:35:03 +00:00			`$messageIsError = false;`
Add user directory & isolate authorisation 2020-06-27 18:15:33 +00:00			`$this->authorize('create', Vacancy::class);`
Separation of Concerns + old coude cleanup 2021-07-19 23:35:03 +00:00


Add save & update functionality to positions Tooltips also added, as well as a general configuration file for Mojang Status URL. Relationships were also added between forms and Vacancies. Status verification for the dashboard was moved to a Service Provider, where it adds log entries when cache expires. Authentication controllers were also updated to reflect the new dashboard URL. 2020-05-07 23:24:56 +00:00			`$form = Form::find($request->vacancyFormID);`

Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`if (! is_null($form)) {`
			`/* note: since we can't convert HTML back to Markdown, we'll have to do the converting when the user requests a page,`
			`* and leave the database with Markdown only so it can be used and edited everywhere.`
			`* for several vacancies, this would require looping through all of them and replacing MD with HTML, which is obviously not the most clean solution;`
			`* however, the Model can be configured to return MD instead of HTML on that specific field saving us from looping.`
			`*/`
Add save & update functionality to positions Tooltips also added, as well as a general configuration file for Mojang Status URL. Relationships were also added between forms and Vacancies. Status verification for the dashboard was moved to a Service Provider, where it adds log entries when cache expires. Authentication controllers were also updated to reflect the new dashboard URL. 2020-05-07 23:24:56 +00:00			`Vacancy::create([`

			`'vacancyName' => $request->vacancyName,`
			`'vacancyDescription' => $request->vacancyDescription,`
Add ability to edit Vacancies 2020-07-11 19:34:26 +00:00			`'vacancyFullDescription' => $request->vacancyFullDescription,`
Entrypoint: Add Application Page This commit finally adds the dynamically rendered form that changes according to how the user builds their form. It also fragments the header and footer for the main page into their own separate files for ease of access later. Vacancy status has also been added to the Vacancies in DB. All staff application endpoints have also been moved to under the user application endpoints group, for ease of use (duplicated route group). 2020-05-08 05:06:24 +00:00			`'vacancySlug' => Str::slug($request->vacancyName),`
Add save & update functionality to positions Tooltips also added, as well as a general configuration file for Mojang Status URL. Relationships were also added between forms and Vacancies. Status verification for the dashboard was moved to a Service Provider, where it adds log entries when cache expires. Authentication controllers were also updated to reflect the new dashboard URL. 2020-05-07 23:24:56 +00:00			`'permissionGroupName' => $request->permissionGroup,`
			`'discordRoleID' => $request->discordRole,`
			`'vacancyFormID' => $request->vacancyFormID,`
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`'vacancyCount' => $request->vacancyCount,`
Add save & update functionality to positions Tooltips also added, as well as a general configuration file for Mojang Status URL. Relationships were also added between forms and Vacancies. Status verification for the dashboard was moved to a Service Provider, where it adds log entries when cache expires. Authentication controllers were also updated to reflect the new dashboard URL. 2020-05-07 23:24:56 +00:00
			`]);`

Separation of Concerns + old coude cleanup 2021-07-19 23:35:03 +00:00			`$message = __('Vacancy successfully opened. It will now show in the home page.');`

Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`} else {`
Separation of Concerns + old coude cleanup 2021-07-19 23:35:03 +00:00			`$message = __('You cannot create a vacancy without a valid form.');`
			`$messageIsError = true;`
Add save & update functionality to positions Tooltips also added, as well as a general configuration file for Mojang Status URL. Relationships were also added between forms and Vacancies. Status verification for the dashboard was moved to a Service Provider, where it adds log entries when cache expires. Authentication controllers were also updated to reflect the new dashboard URL. 2020-05-07 23:24:56 +00:00			`}`

Separation of Concerns + old coude cleanup 2021-07-19 23:35:03 +00:00			`return redirect()`
			`->back()`
			`->with(($messageIsError) ? 'error' : 'success', $message);`
Add save & update functionality to positions Tooltips also added, as well as a general configuration file for Mojang Status URL. Relationships were also added between forms and Vacancies. Status verification for the dashboard was moved to a Service Provider, where it adds log entries when cache expires. Authentication controllers were also updated to reflect the new dashboard URL. 2020-05-07 23:24:56 +00:00			`}`

Code review This commit fixes some superficial instances of Broken Access Control (https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control). There may be some more instances of this, as authorization was only done after most of the controllers were done (big mistake). Some refactoring was also performed, where Route Model Binding with DI (dependency injection) was used whenever possible, to increase testability of the codebase. Some reused code was also moved to Helper classes as to enforce DRY; There may be some lines of code that are still copy-pasted from other parts of the codebase for reuse. Non-breaking refactoring changes were made, but the app as a whole still needs full manual testing, and customised responses to HTTP 500 responses. Some errors are also not handled gracefully and this wasn't checked in this commit. 2020-07-16 20:21:28 +00:00			`public function updatePositionAvailability(Request $request, $status, Vacancy $vacancy)`
Add save & update functionality to positions Tooltips also added, as well as a general configuration file for Mojang Status URL. Relationships were also added between forms and Vacancies. Status verification for the dashboard was moved to a Service Provider, where it adds log entries when cache expires. Authentication controllers were also updated to reflect the new dashboard URL. 2020-05-07 23:24:56 +00:00			`{`
Add user directory & isolate authorisation 2020-06-27 18:15:33 +00:00			`$this->authorize('update', $vacancy);`
Add save & update functionality to positions Tooltips also added, as well as a general configuration file for Mojang Status URL. Relationships were also added between forms and Vacancies. Status verification for the dashboard was moved to a Service Provider, where it adds log entries when cache expires. Authentication controllers were also updated to reflect the new dashboard URL. 2020-05-07 23:24:56 +00:00
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`if (! is_null($vacancy)) {`
Add save & update functionality to positions Tooltips also added, as well as a general configuration file for Mojang Status URL. Relationships were also added between forms and Vacancies. Status verification for the dashboard was moved to a Service Provider, where it adds log entries when cache expires. Authentication controllers were also updated to reflect the new dashboard URL. 2020-05-07 23:24:56 +00:00			`$type = 'success';`

Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`switch ($status) {`
Add save & update functionality to positions Tooltips also added, as well as a general configuration file for Mojang Status URL. Relationships were also added between forms and Vacancies. Status verification for the dashboard was moved to a Service Provider, where it adds log entries when cache expires. Authentication controllers were also updated to reflect the new dashboard URL. 2020-05-07 23:24:56 +00:00			`case 'open':`
			`$vacancy->open();`
Separation of Concerns + old coude cleanup 2021-07-19 23:35:03 +00:00			`$message = __('Position successfully opened!');`
Add save & update functionality to positions Tooltips also added, as well as a general configuration file for Mojang Status URL. Relationships were also added between forms and Vacancies. Status verification for the dashboard was moved to a Service Provider, where it adds log entries when cache expires. Authentication controllers were also updated to reflect the new dashboard URL. 2020-05-07 23:24:56 +00:00
			`break;`

			`case 'close':`
			`$vacancy->close();`
Separation of Concerns + old coude cleanup 2021-07-19 23:35:03 +00:00			`$message = __('Position successfully closed!');`
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00
			`foreach (User::all() as $user) {`
			`if ($user->isStaffMember()) {`
			`$user->notify(new VacancyClosed($vacancy));`
			`}`
Beta version This commit is too large to list all changes. 2020-06-26 23:32:33 +00:00			`}`
Add save & update functionality to positions Tooltips also added, as well as a general configuration file for Mojang Status URL. Relationships were also added between forms and Vacancies. Status verification for the dashboard was moved to a Service Provider, where it adds log entries when cache expires. Authentication controllers were also updated to reflect the new dashboard URL. 2020-05-07 23:24:56 +00:00			`break;`

			`default:`
Separation of Concerns + old coude cleanup 2021-07-19 23:35:03 +00:00			`$message = __("Please do not tamper with the URLs. To report a bug, please contact an administrator.");`
Add save & update functionality to positions Tooltips also added, as well as a general configuration file for Mojang Status URL. Relationships were also added between forms and Vacancies. Status verification for the dashboard was moved to a Service Provider, where it adds log entries when cache expires. Authentication controllers were also updated to reflect the new dashboard URL. 2020-05-07 23:24:56 +00:00			`$type = 'error';`

			`}`
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`} else {`
Separation of Concerns + old coude cleanup 2021-07-19 23:35:03 +00:00			`$message = __("The position you're trying to update doesn't exist!");`
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`$type = 'error';`
Add save & update functionality to positions Tooltips also added, as well as a general configuration file for Mojang Status URL. Relationships were also added between forms and Vacancies. Status verification for the dashboard was moved to a Service Provider, where it adds log entries when cache expires. Authentication controllers were also updated to reflect the new dashboard URL. 2020-05-07 23:24:56 +00:00			`}`

Separation of Concerns + old coude cleanup 2021-07-19 23:35:03 +00:00			`return redirect()`
			`->back()`
			`->with($type, $message);`
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00
Added vacancies list 2020-05-03 04:04:26 +00:00			`}`

Vacancy tweaks 2020-09-03 01:50:19 +00:00			`public function edit(Request $request, Vacancy $vacancy)`
Add ability to edit Vacancies 2020-07-11 19:34:26 +00:00			`{`
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`$this->authorize('update', $vacancy);`

Add ability to edit Vacancies 2020-07-11 19:34:26 +00:00			`return view('dashboard.administration.editposition')`
Vacancy tweaks 2020-09-03 01:52:21 +00:00			`->with('vacancy', $vacancy);`
Add ability to edit Vacancies 2020-07-11 19:34:26 +00:00			`}`

Update variable 2020-07-25 00:20:43 +00:00			`public function update(VacancyEditRequest $request, Vacancy $vacancy)`
Add ability to edit Vacancies 2020-07-11 19:34:26 +00:00			`{`
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`$this->authorize('update', $vacancy);`
Add ability to edit Vacancies 2020-07-11 19:34:26 +00:00
Separation of Concerns + old coude cleanup 2021-07-19 23:35:03 +00:00			`$vacancy->vacancyFullDescription = $request->vacancyFullDescription;`
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`$vacancy->vacancyDescription = $request->vacancyDescription;`
			`$vacancy->vacancyCount = $request->vacancyCount;`
Add ability to edit Vacancies 2020-07-11 19:34:26 +00:00
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`$vacancy->save();`
Add ability to edit Vacancies 2020-07-11 19:34:26 +00:00
Separation of Concerns + old coude cleanup 2021-07-19 23:35:03 +00:00			`return redirect()`
			`->back()`
			`->with('success', __('Vacancy successfully updated.'));`
Add ability to edit Vacancies 2020-07-11 19:34:26 +00:00			`}`
Added models, migrations and controllers This commit adds the logical structure for the app. 2020-04-29 17:15:54 +00:00			`}`