miguel456
/
rbrecruiter
1
0
Fork 1
Code Issues Pull Requests 1 Projects Releases 2 Wiki Activity

Added Gate authorization arguments 

Gate Auth arguments were missing for TeamFile and Team controllers.
This means that Gate has no idea where to look for policies, meaning that
the ability passed is perceived literally, causing an Unauthorized error.

Adding the Model with which to authorize the request solved the error since
Gate now knows which policy to look in for permission logic.
This commit is contained in:
Miguel Nogueira 2020-12-21 01:02:05 +00:00
parent 2f0fc14825
commit 1c0eeb4bb0
Signed by: miguel456
GPG Key ID: 2CF61B825316C6A0
2 changed files with 27 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
app/Http/Controllers/TeamController.php
View File

@ -40,11 +40,11 @@ class TeamController extends Controller
/**
* Display a listing of the resource.
*
* @return \Illuminate\Http\Response
* @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\View\Factory|\Illuminate\Contracts\View\View|\Illuminate\Http\Response
*/
public function index()
{
$this->authorize('index');
$this->authorize('index', Team::class);
$teams = Team::with('users.roles')->get();
@ -55,12 +55,13 @@ class TeamController extends Controller
/**
* Store a newly created resource in storage.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
* @param NewTeamRequest $request
* @return \Illuminate\Http\RedirectResponse
* @throws \Illuminate\Auth\Access\AuthorizationException
*/
public function store(NewTeamRequest $request)
{
$this->authorize('create');
$this->authorize('create', Team::class);
$team = Team::create([
'name' => $request->teamName,
@ -77,27 +78,30 @@ class TeamController extends Controller
/**
* Show the form for editing the specified resource.
*
* @param int $id
* @return \Illuminate\Http\Response
* @param Team $team
* @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\View\Factory|\Illuminate\Contracts\View\View|\Illuminate\Http\Response
* @throws \Illuminate\Auth\Access\AuthorizationException
*/
public function edit(Team $team)
{
$this->authorize('update', $team);
return view('dashboard.teams.edit-team')
->with('team', $team)
->with('users', User::all())
->with('vacancies', Vacancy::with('teams')->get()->all());
->with([
'team' => $team,
'users' => User::all(),
'vacancies' => Vacancy::with('teams')->get()->all()
]);
}
/**
* Update the specified resource in storage.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @param EditTeamRequest $request
* @param Team $team
* @return \Illuminate\Http\Response
* @throws \Illuminate\Auth\Access\AuthorizationException
*/
public function update(EditTeamRequest $request, Team $team)
public function update(EditTeamRequest $request, Team $team): \Illuminate\Http\Response
{
$this->authorize('update', $team);
@ -120,10 +124,10 @@ class TeamController extends Controller
*/
public function destroy($id)
{
//
// wip
}
public function invite(SendInviteRequest $request, Team $team)
public function invite(SendInviteRequest $request, Team $team): \Illuminate\Http\RedirectResponse
{
$this->authorize('invite', $team);
@ -146,7 +150,7 @@ class TeamController extends Controller
return redirect()->back();
}
public function processInviteAction(Request $request, $action, $token)
public function processInviteAction(Request $request, $action, $token): \Illuminate\Http\RedirectResponse
{
switch ($action) {
case 'accept':
@ -184,7 +188,7 @@ class TeamController extends Controller
return redirect()->to(route('teams.index'));
}
public function switchTeam(Request $request, Team $team)
public function switchTeam(Request $request, Team $team): \Illuminate\Http\RedirectResponse
{
$this->authorize('switchTeam', $team);
@ -200,7 +204,7 @@ class TeamController extends Controller
}
// Since it's a separate form, we shouldn't use the same update method
public function assignVacancies(Request $request, Team $team)
public function assignVacancies(Request $request, Team $team): \Illuminate\Http\RedirectResponse
{
$this->authorize('update', $team);

8
app/Http/Controllers/TeamFileController.php
View File

@ -32,7 +32,7 @@ class TeamFileController extends Controller
*/
public function index(Request $request)
{
$this->authorize('index');
$this->authorize('index', TeamFile::class);
if (is_null(Auth::user()->currentTeam))
{
@ -53,7 +53,7 @@ class TeamFileController extends Controller
*/
public function store(UploadFileRequest $request)
{
$this->authorize('store');
$this->authorize('store', TeamFile::class);
$upload = $request->file('file');
@ -87,7 +87,7 @@ class TeamFileController extends Controller
public function download(Request $request, TeamFile $teamFile)
{
$this->authorize('download');
$this->authorize('download', TeamFile::class);
try
{
@ -133,7 +133,7 @@ class TeamFileController extends Controller
*/
public function destroy(Request $request, TeamFile $teamFile)
{
$this->authorize('delete');
$this->authorize('delete', $teamFile);
try
{