rbrecruiter/app/Http/Controllers/FormController.php

<?php

/*
 * Copyright © 2020 Miguel Nogueira
 *
 *   This file is part of Raspberry Staff Manager.
 *
 *     Raspberry Staff Manager is free software: you can redistribute it and/or modify
 *     it under the terms of the GNU General Public License as published by
 *     the Free Software Foundation, either version 3 of the License, or
 *     (at your option) any later version.
 *
 *     Raspberry Staff Manager is distributed in the hope that it will be useful,
 *     but WITHOUT ANY WARRANTY; without even the implied warranty of
 *     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *     GNU General Public License for more details.
 *
 *     You should have received a copy of the GNU General Public License
 *     along with Raspberry Staff Manager.  If not, see <https://www.gnu.org/licenses/>.
 */

namespace App\Http\Controllers;

use App\Form;
use ContextAwareValidator;
use Illuminate\Http\Request;

class FormController extends Controller
{
    public function index()
    {
        $forms = Form::all();
        $this->authorize('viewAny', Form::class);

        return view('dashboard.administration.forms')
            ->with('forms', $forms);
    }

    public function showFormBuilder()
    {
        $this->authorize('viewFormbuilder', Form::class);

        return view('dashboard.administration.formbuilder');
    }

    public function saveForm(Request $request)
    {
        $this->authorize('create', Form::class);
        $fields = $request->all();

        if (count($fields) == 2) {
            // form is probably empty, since forms with fields will alawys have more than 2 items

            $request->session()->flash('error', __('Sorry, but you may not create empty forms.'));

            return redirect()->to(route('showForms'));
        }

        $contextValidation = ContextAwareValidator::getValidator($fields, true, true);

        if (! $contextValidation->get('validator')->fails()) {
            $storableFormStructure = $contextValidation->get('structure');

            Form::create(
                [
                    'formName' => $fields['formName'],
                    'formStructure' => $storableFormStructure,
                    'formStatus' => 'ACTIVE',
                ]
            );

            $request->session()->flash('success', __('Form created! You can now link this form to a vacancy.'));

            return redirect()->to(route('showForms'));
        }

        $request->session()->flash('errors', $contextValidation->get('validator')->errors()->getMessages());

        return redirect()->back();
    }

    public function destroy(Request $request, Form $form)
    {
        $this->authorize('delete', $form);

        $deletable = true;

        if (! is_null($form) && ! is_null($form->vacancies) && $form->vacancies->count() !== 0 || ! is_null($form->responses)) {
            $deletable = false;
        }

        if ($deletable) {
            $form->delete();

            $request->session()->flash('success', __('Form deleted successfully.'));
        } else {
            $request->session()->flash('error', __('You cannot delete this form because it\'s tied to one or more applications and ranks, or because it doesn\'t exist.'));
        }

        return redirect()->back();

    }

    public function preview(Request $request, Form $form)
    {
        $this->authorize('viewAny', Form::class);

        return view('dashboard.administration.formpreview')
          ->with('form', json_decode($form->formStructure, true))
          ->with('title', $form->formName)
          ->with('formID', $form->id);
    }

    public function edit(Request $request, Form $form)
    {
        $this->authorize('update', $form);

        return view('dashboard.administration.editform')
        ->with('formStructure', json_decode($form->formStructure, true))
        ->with('title', $form->formName)
        ->with('formID', $form->id);
    }

    public function update(Request $request, Form $form)
    {
        $this->authorize('update', $form);

        $contextValidation = ContextAwareValidator::getValidator($request->all(), true);
        $this->authorize('update', $form);

        if (! $contextValidation->get('validator')->fails()) {
            // Add the new structure into the form. New, subsquent fields will be identified by the "new" prefix
            // This prefix doesn't actually change the app's behavior when it receives applications.
            // Additionally, old applications won't of course display new and updated fields, because we can't travel into the past and get data for them
            $form->formStructure = $contextValidation->get('structure');
            $form->save();

            $request->session()->flash('success', __('Hooray! Your form was updated. New applications for it\'s vacancy will use it.'));
        } else {
            $request->session()->flash('errors', $contextValidation->get('validator')->errors()->getMessages());
        }

        return redirect()->to(route('previewForm', ['form' => $form->id]));
    }
}
Added models, migrations and controllers This commit adds the logical structure for the app. 2020-04-29 17:15:54 +00:00			`<?php`

Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`/*`
			`* Copyright © 2020 Miguel Nogueira`
			`*`
			`* This file is part of Raspberry Staff Manager.`
			`*`
			`* Raspberry Staff Manager is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU General Public License as published by`
			`* the Free Software Foundation, either version 3 of the License, or`
			`* (at your option) any later version.`
			`*`
			`* Raspberry Staff Manager is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU General Public License`
			`* along with Raspberry Staff Manager. If not, see <https://www.gnu.org/licenses/>.`
			`*/`

Added models, migrations and controllers This commit adds the logical structure for the app. 2020-04-29 17:15:54 +00:00			`namespace App\Http\Controllers;`

Store form structure in DB 2020-05-06 04:42:55 +00:00			`use App\Form;`
Add ability to edit forms and add new fields This commit adds the ability to edit and modify existing forms. On the technical side, it also adds a new reusable validation Facade which helps reduce duplicated code. 2020-07-15 05:48:49 +00:00			`use ContextAwareValidator;`
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`use Illuminate\Http\Request;`
Add ability to edit forms and add new fields This commit adds the ability to edit and modify existing forms. On the technical side, it also adds a new reusable validation Facade which helps reduce duplicated code. 2020-07-15 05:48:49 +00:00
Added models, migrations and controllers This commit adds the logical structure for the app. 2020-04-29 17:15:54 +00:00			`class FormController extends Controller`
			`{`
Add dynamic form builder This form builder still needs some improvements and names for every field. 2020-05-05 04:25:56 +00:00			`public function index()`
			`{`
Add user directory & isolate authorisation 2020-06-27 18:15:33 +00:00			`$forms = Form::all();`
			`$this->authorize('viewAny', Form::class);`

Added view forms 2020-05-06 23:36:33 +00:00			`return view('dashboard.administration.forms')`
Add user directory & isolate authorisation 2020-06-27 18:15:33 +00:00			`->with('forms', $forms);`
Error and success messages from form builder 2020-05-06 22:16:34 +00:00			`}`

			`public function showFormBuilder()`
			`{`
Add user directory & isolate authorisation 2020-06-27 18:15:33 +00:00			`$this->authorize('viewFormbuilder', Form::class);`
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00
Error and success messages from form builder 2020-05-06 22:16:34 +00:00			`return view('dashboard.administration.formbuilder');`
Add dynamic form builder This form builder still needs some improvements and names for every field. 2020-05-05 04:25:56 +00:00			`}`

Added save function to save button This commit also improves how forms are parsed by PHP by passing them as arrays, therefore making them easier to process. Note: One of the files contains a debug statement that will be removed in the next commit 2020-05-06 02:44:39 +00:00			`public function saveForm(Request $request)`
			`{`
Add user directory & isolate authorisation 2020-06-27 18:15:33 +00:00			`$this->authorize('create', Form::class);`
Add ability to edit forms and add new fields This commit adds the ability to edit and modify existing forms. On the technical side, it also adds a new reusable validation Facade which helps reduce duplicated code. 2020-07-15 05:48:49 +00:00			`$fields = $request->all();`
Add user directory & isolate authorisation 2020-06-27 18:15:33 +00:00
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`if (count($fields) == 2) {`
Prevent empty form creation 2020-10-08 23:56:11 +00:00			`// form is probably empty, since forms with fields will alawys have more than 2 items`

Separation of Concerns + old coude cleanup 2021-07-19 23:35:03 +00:00			`$request->session()->flash('error', __('Sorry, but you may not create empty forms.'));`
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00
Prevent empty form creation 2020-10-08 23:56:11 +00:00			`return redirect()->to(route('showForms'));`
			`}`

Add ability to edit forms and add new fields This commit adds the ability to edit and modify existing forms. On the technical side, it also adds a new reusable validation Facade which helps reduce duplicated code. 2020-07-15 05:48:49 +00:00			`$contextValidation = ContextAwareValidator::getValidator($fields, true, true);`
Store form structure in DB 2020-05-06 04:42:55 +00:00
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`if (! $contextValidation->get('validator')->fails()) {`
Add ability to edit forms and add new fields This commit adds the ability to edit and modify existing forms. On the technical side, it also adds a new reusable validation Facade which helps reduce duplicated code. 2020-07-15 05:48:49 +00:00			`$storableFormStructure = $contextValidation->get('structure');`
Store form structure in DB 2020-05-06 04:42:55 +00:00
			`Form::create(`
			`[`
Add ability to edit forms and add new fields This commit adds the ability to edit and modify existing forms. On the technical side, it also adds a new reusable validation Facade which helps reduce duplicated code. 2020-07-15 05:48:49 +00:00			`'formName' => $fields['formName'],`
Store form structure in DB 2020-05-06 04:42:55 +00:00			`'formStructure' => $storableFormStructure,`
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`'formStatus' => 'ACTIVE',`
Store form structure in DB 2020-05-06 04:42:55 +00:00			`]`
			`);`

Separation of Concerns + old coude cleanup 2021-07-19 23:35:03 +00:00			`$request->session()->flash('success', __('Form created! You can now link this form to a vacancy.'));`
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00
Added view forms 2020-05-06 23:36:33 +00:00			`return redirect()->to(route('showForms'));`
Store form structure in DB 2020-05-06 04:42:55 +00:00			`}`

Add ability to edit forms and add new fields This commit adds the ability to edit and modify existing forms. On the technical side, it also adds a new reusable validation Facade which helps reduce duplicated code. 2020-07-15 05:48:49 +00:00			`$request->session()->flash('errors', $contextValidation->get('validator')->errors()->getMessages());`
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00
Store form structure in DB 2020-05-06 04:42:55 +00:00			`return redirect()->back();`
Added save function to save button This commit also improves how forms are parsed by PHP by passing them as arrays, therefore making them easier to process. Note: One of the files contains a debug statement that will be removed in the next commit 2020-05-06 02:44:39 +00:00			`}`

Code review This commit fixes some superficial instances of Broken Access Control (https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control). There may be some more instances of this, as authorization was only done after most of the controllers were done (big mistake). Some refactoring was also performed, where Route Model Binding with DI (dependency injection) was used whenever possible, to increase testability of the codebase. Some reused code was also moved to Helper classes as to enforce DRY; There may be some lines of code that are still copy-pasted from other parts of the codebase for reuse. Non-breaking refactoring changes were made, but the app as a whole still needs full manual testing, and customised responses to HTTP 500 responses. Some errors are also not handled gracefully and this wasn't checked in this commit. 2020-07-16 20:21:28 +00:00			`public function destroy(Request $request, Form $form)`
Added view forms 2020-05-06 23:36:33 +00:00			`{`
Add user directory & isolate authorisation 2020-06-27 18:15:33 +00:00			`$this->authorize('delete', $form);`
Logic changes for confirmation dialog This commit changes the deletion mechanism for forms. Currently, it sets the wanted deletion ID to the session, and redirects the user to the previous page, to open a confirmation dialog for deletion. 2021-01-27 02:23:30 +00:00
Added check for constrained models when deleting 2020-07-12 05:39:39 +00:00			`$deletable = true;`
Added view forms 2020-05-06 23:36:33 +00:00
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`if (! is_null($form) && ! is_null($form->vacancies) && $form->vacancies->count() !== 0 \|\| ! is_null($form->responses)) {`
			`$deletable = false;`
Added check for constrained models when deleting 2020-07-12 05:39:39 +00:00			`}`
Add ability to preview application 2020-07-12 18:36:12 +00:00
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`if ($deletable) {`
			`$form->delete();`
Added view forms 2020-05-06 23:36:33 +00:00
Separation of Concerns + old coude cleanup 2021-07-19 23:35:03 +00:00			`$request->session()->flash('success', __('Form deleted successfully.'));`
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`} else {`
Separation of Concerns + old coude cleanup 2021-07-19 23:35:03 +00:00			`$request->session()->flash('error', __('You cannot delete this form because it\'s tied to one or more applications and ranks, or because it doesn\'t exist.'));`
Added view forms 2020-05-06 23:36:33 +00:00			`}`

			`return redirect()->back();`
Separation of Concerns + old coude cleanup 2021-07-19 23:35:03 +00:00
Added view forms 2020-05-06 23:36:33 +00:00			`}`

Add ability to preview application 2020-07-12 18:36:12 +00:00			`public function preview(Request $request, Form $form)`
			`{`
Code review This commit fixes some superficial instances of Broken Access Control (https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control). There may be some more instances of this, as authorization was only done after most of the controllers were done (big mistake). Some refactoring was also performed, where Route Model Binding with DI (dependency injection) was used whenever possible, to increase testability of the codebase. Some reused code was also moved to Helper classes as to enforce DRY; There may be some lines of code that are still copy-pasted from other parts of the codebase for reuse. Non-breaking refactoring changes were made, but the app as a whole still needs full manual testing, and customised responses to HTTP 500 responses. Some errors are also not handled gracefully and this wasn't checked in this commit. 2020-07-16 20:21:28 +00:00			`$this->authorize('viewAny', Form::class);`

Add ability to preview application 2020-07-12 18:36:12 +00:00			`return view('dashboard.administration.formpreview')`
			`->with('form', json_decode($form->formStructure, true))`
Add ability to edit forms and add new fields This commit adds the ability to edit and modify existing forms. On the technical side, it also adds a new reusable validation Facade which helps reduce duplicated code. 2020-07-15 05:48:49 +00:00			`->with('title', $form->formName)`
			`->with('formID', $form->id);`
			`}`

			`public function edit(Request $request, Form $form)`
			`{`
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`$this->authorize('update', $form);`
Code review This commit fixes some superficial instances of Broken Access Control (https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control). There may be some more instances of this, as authorization was only done after most of the controllers were done (big mistake). Some refactoring was also performed, where Route Model Binding with DI (dependency injection) was used whenever possible, to increase testability of the codebase. Some reused code was also moved to Helper classes as to enforce DRY; There may be some lines of code that are still copy-pasted from other parts of the codebase for reuse. Non-breaking refactoring changes were made, but the app as a whole still needs full manual testing, and customised responses to HTTP 500 responses. Some errors are also not handled gracefully and this wasn't checked in this commit. 2020-07-16 20:21:28 +00:00
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`return view('dashboard.administration.editform')`
Add ability to edit forms and add new fields This commit adds the ability to edit and modify existing forms. On the technical side, it also adds a new reusable validation Facade which helps reduce duplicated code. 2020-07-15 05:48:49 +00:00			`->with('formStructure', json_decode($form->formStructure, true))`
			`->with('title', $form->formName)`
			`->with('formID', $form->id);`
			`}`

			`public function update(Request $request, Form $form)`
			`{`
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`$this->authorize('update', $form);`
Add ability to edit forms and add new fields This commit adds the ability to edit and modify existing forms. On the technical side, it also adds a new reusable validation Facade which helps reduce duplicated code. 2020-07-15 05:48:49 +00:00
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`$contextValidation = ContextAwareValidator::getValidator($request->all(), true);`
			`$this->authorize('update', $form);`
Add ability to edit forms and add new fields This commit adds the ability to edit and modify existing forms. On the technical side, it also adds a new reusable validation Facade which helps reduce duplicated code. 2020-07-15 05:48:49 +00:00
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`if (! $contextValidation->get('validator')->fails()) {`
			`// Add the new structure into the form. New, subsquent fields will be identified by the "new" prefix`
			`// This prefix doesn't actually change the app's behavior when it receives applications.`
			`// Additionally, old applications won't of course display new and updated fields, because we can't travel into the past and get data for them`
			`$form->formStructure = $contextValidation->get('structure');`
			`$form->save();`
Add ability to edit forms and add new fields This commit adds the ability to edit and modify existing forms. On the technical side, it also adds a new reusable validation Facade which helps reduce duplicated code. 2020-07-15 05:48:49 +00:00
Separation of Concerns + old coude cleanup 2021-07-19 23:35:03 +00:00			`$request->session()->flash('success', __('Hooray! Your form was updated. New applications for it\'s vacancy will use it.'));`
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`} else {`
			`$request->session()->flash('errors', $contextValidation->get('validator')->errors()->getMessages());`
			`}`
Add ability to edit forms and add new fields This commit adds the ability to edit and modify existing forms. On the technical side, it also adds a new reusable validation Facade which helps reduce duplicated code. 2020-07-15 05:48:49 +00:00
Apply fixes from StyleCI 2020-10-10 16:30:26 +00:00			`return redirect()->to(route('previewForm', ['form' => $form->id]));`
Add ability to preview application 2020-07-12 18:36:12 +00:00			`}`
Added models, migrations and controllers This commit adds the logical structure for the app. 2020-04-29 17:15:54 +00:00			`}`