rbrecruiter/app/Http/Controllers/DevToolsController.php

<?php

/*
 * Copyright © 2020 Miguel Nogueira
 *
 *   This file is part of Raspberry Staff Manager.
 *
 *     Raspberry Staff Manager is free software: you can redistribute it and/or modify
 *     it under the terms of the GNU General Public License as published by
 *     the Free Software Foundation, either version 3 of the License, or
 *     (at your option) any later version.
 *
 *     Raspberry Staff Manager is distributed in the hope that it will be useful,
 *     but WITHOUT ANY WARRANTY; without even the implied warranty of
 *     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *     GNU General Public License for more details.
 *
 *     You should have received a copy of the GNU General Public License
 *     along with Raspberry Staff Manager.  If not, see <https://www.gnu.org/licenses/>.
 */

namespace App\Http\Controllers;

use App\Application;
use App\Events\ApplicationApprovedEvent;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;

class DevToolsController extends Controller
{
    // The use case for Laravel's gate and/or validation Requests is so tiny here that a full-blown policy would be overkill.
    protected function isolatedAuthorise()
    {
        if (! Auth::user()->can('admin.developertools.use')) {
            abort(403, __('You\'re not authorized to access this page.'));
        }
    }

    public function index()
    {
        $this->isolatedAuthorise();

        return view('dashboard.administration.devtools')
            ->with('applications', Application::where('applicationStatus', 'STAGE_PEERAPPROVAL')->get());
    }

    public function forceVoteCount(Request $request)
    {
        $this->isolatedAuthorise();
        $application = Application::find($request->application);

        if (! is_null($application)) {
            event(new ApplicationApprovedEvent($application));

            $request->session()->flash('success', __('Event dispatched! Please check the debug logs for more info'));
        } else {
            $request->session()->flash('error', __('Application doesn\'t exist!'));
        }

        return redirect()->back();
    }
}
Major changes - Vote system now finished 2020-05-29 23:20:39 +00:00			`<?php`

Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`/*`
			`* Copyright © 2020 Miguel Nogueira`
			`*`
			`* This file is part of Raspberry Staff Manager.`
			`*`
			`* Raspberry Staff Manager is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU General Public License as published by`
			`* the Free Software Foundation, either version 3 of the License, or`
			`* (at your option) any later version.`
			`*`
			`* Raspberry Staff Manager is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU General Public License`
			`* along with Raspberry Staff Manager. If not, see <https://www.gnu.org/licenses/>.`
			`*/`

Major changes - Vote system now finished 2020-05-29 23:20:39 +00:00			`namespace App\Http\Controllers;`

			`use App\Application;`
			`use App\Events\ApplicationApprovedEvent;`
			`use Illuminate\Http\Request;`
Code review This commit fixes some superficial instances of Broken Access Control (https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control). There may be some more instances of this, as authorization was only done after most of the controllers were done (big mistake). Some refactoring was also performed, where Route Model Binding with DI (dependency injection) was used whenever possible, to increase testability of the codebase. Some reused code was also moved to Helper classes as to enforce DRY; There may be some lines of code that are still copy-pasted from other parts of the codebase for reuse. Non-breaking refactoring changes were made, but the app as a whole still needs full manual testing, and customised responses to HTTP 500 responses. Some errors are also not handled gracefully and this wasn't checked in this commit. 2020-07-16 20:21:28 +00:00			`use Illuminate\Support\Facades\Auth;`

Major changes - Vote system now finished 2020-05-29 23:20:39 +00:00			`class DevToolsController extends Controller`
			`{`
Code review This commit fixes some superficial instances of Broken Access Control (https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control). There may be some more instances of this, as authorization was only done after most of the controllers were done (big mistake). Some refactoring was also performed, where Route Model Binding with DI (dependency injection) was used whenever possible, to increase testability of the codebase. Some reused code was also moved to Helper classes as to enforce DRY; There may be some lines of code that are still copy-pasted from other parts of the codebase for reuse. Non-breaking refactoring changes were made, but the app as a whole still needs full manual testing, and customised responses to HTTP 500 responses. Some errors are also not handled gracefully and this wasn't checked in this commit. 2020-07-16 20:21:28 +00:00			`// The use case for Laravel's gate and/or validation Requests is so tiny here that a full-blown policy would be overkill.`
			`protected function isolatedAuthorise()`
			`{`
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`if (! Auth::user()->can('admin.developertools.use')) {`
Separation of Concerns + old coude cleanup 2021-07-19 23:35:03 +00:00			`abort(403, __('You\'re not authorized to access this page.'));`
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`}`
Code review This commit fixes some superficial instances of Broken Access Control (https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control). There may be some more instances of this, as authorization was only done after most of the controllers were done (big mistake). Some refactoring was also performed, where Route Model Binding with DI (dependency injection) was used whenever possible, to increase testability of the codebase. Some reused code was also moved to Helper classes as to enforce DRY; There may be some lines of code that are still copy-pasted from other parts of the codebase for reuse. Non-breaking refactoring changes were made, but the app as a whole still needs full manual testing, and customised responses to HTTP 500 responses. Some errors are also not handled gracefully and this wasn't checked in this commit. 2020-07-16 20:21:28 +00:00			`}`

Major changes - Vote system now finished 2020-05-29 23:20:39 +00:00			`public function index()`
			`{`
Code review This commit fixes some superficial instances of Broken Access Control (https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control). There may be some more instances of this, as authorization was only done after most of the controllers were done (big mistake). Some refactoring was also performed, where Route Model Binding with DI (dependency injection) was used whenever possible, to increase testability of the codebase. Some reused code was also moved to Helper classes as to enforce DRY; There may be some lines of code that are still copy-pasted from other parts of the codebase for reuse. Non-breaking refactoring changes were made, but the app as a whole still needs full manual testing, and customised responses to HTTP 500 responses. Some errors are also not handled gracefully and this wasn't checked in this commit. 2020-07-16 20:21:28 +00:00			`$this->isolatedAuthorise();`
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00
Major changes - Vote system now finished 2020-05-29 23:20:39 +00:00			`return view('dashboard.administration.devtools')`
			`->with('applications', Application::where('applicationStatus', 'STAGE_PEERAPPROVAL')->get());`
			`}`

			`public function forceVoteCount(Request $request)`
			`{`
Code review This commit fixes some superficial instances of Broken Access Control (https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control). There may be some more instances of this, as authorization was only done after most of the controllers were done (big mistake). Some refactoring was also performed, where Route Model Binding with DI (dependency injection) was used whenever possible, to increase testability of the codebase. Some reused code was also moved to Helper classes as to enforce DRY; There may be some lines of code that are still copy-pasted from other parts of the codebase for reuse. Non-breaking refactoring changes were made, but the app as a whole still needs full manual testing, and customised responses to HTTP 500 responses. Some errors are also not handled gracefully and this wasn't checked in this commit. 2020-07-16 20:21:28 +00:00			`$this->isolatedAuthorise();`
Major changes - Vote system now finished 2020-05-29 23:20:39 +00:00			`$application = Application::find($request->application);`

Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`if (! is_null($application)) {`
Major changes - Vote system now finished 2020-05-29 23:20:39 +00:00			`event(new ApplicationApprovedEvent($application));`

Separation of Concerns + old coude cleanup 2021-07-19 23:35:03 +00:00			`$request->session()->flash('success', __('Event dispatched! Please check the debug logs for more info'));`
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`} else {`
Separation of Concerns + old coude cleanup 2021-07-19 23:35:03 +00:00			`$request->session()->flash('error', __('Application doesn\'t exist!'));`
Major changes - Vote system now finished 2020-05-29 23:20:39 +00:00			`}`

			`return redirect()->back();`
			`}`
			`}`