Add user directory & isolate authorisation
This commit is contained in:
parent
71efdf93d8
commit
33c16fcf46
@ -80,6 +80,8 @@ class ApplicationController extends Controller
|
||||
|
||||
public function showAllPendingApps()
|
||||
{
|
||||
$this->authorize('viewAny', Application::class);
|
||||
|
||||
return view('dashboard.appmanagement.outstandingapps')
|
||||
->with('applications', Application::where('applicationStatus', 'STAGE_SUBMITTED')->get());
|
||||
}
|
||||
@ -90,6 +92,7 @@ class ApplicationController extends Controller
|
||||
|
||||
public function showPendingInterview()
|
||||
{
|
||||
$this->authorize('viewAny', Application::class);
|
||||
$applications = Application::with('appointment', 'user')->get();
|
||||
$count = 0;
|
||||
|
||||
@ -131,6 +134,7 @@ class ApplicationController extends Controller
|
||||
|
||||
public function showPeerReview()
|
||||
{
|
||||
$this->authorize('viewAny', Application::class);
|
||||
return view('dashboard.appmanagement.peerreview')
|
||||
->with('applications', Application::where('applicationStatus', 'STAGE_PEERAPPROVAL')->get());
|
||||
|
||||
@ -246,6 +250,7 @@ class ApplicationController extends Controller
|
||||
public function updateApplicationStatus(Request $request, $applicationID, $newStatus)
|
||||
{
|
||||
$application = Application::find($applicationID);
|
||||
$this->authorize('update', Application::class);
|
||||
|
||||
if (!is_null($application))
|
||||
{
|
||||
|
@ -28,6 +28,8 @@ class AppointmentController extends Controller
|
||||
{
|
||||
// Unrelated TODO: change if's in application page to a switch statement, & have the row encompass it
|
||||
|
||||
$this->authorize('create', Appointment::class);
|
||||
|
||||
$app = Application::find($applicationID);
|
||||
|
||||
if (!is_null($app))
|
||||
@ -49,7 +51,7 @@ class AppointmentController extends Controller
|
||||
'datetime' => $appointmentDate->toDateTimeString(),
|
||||
'scheduled' => now()
|
||||
]);
|
||||
|
||||
|
||||
$app->user->notify(new AppointmentScheduled($appointment));
|
||||
$request->session()->flash('success', 'Appointment successfully scheduled @ ' . $appointmentDate->toDateTimeString());
|
||||
|
||||
@ -64,6 +66,9 @@ class AppointmentController extends Controller
|
||||
|
||||
public function updateAppointment(Request $request, $applicationID, $status)
|
||||
{
|
||||
|
||||
$this->authorize('update', Appointment::class);
|
||||
|
||||
$application = Application::find($applicationID);
|
||||
$validStatuses = [
|
||||
'SCHEDULED',
|
||||
|
@ -76,6 +76,9 @@ class BanController extends Controller
|
||||
|
||||
public function delete(Request $request, User $user)
|
||||
{
|
||||
|
||||
$this->authorize('delete', $user->bans);
|
||||
|
||||
if (!is_null($user->bans))
|
||||
{
|
||||
$user->bans->delete();
|
||||
|
@ -21,8 +21,8 @@ class CommentController extends Controller
|
||||
|
||||
public function insert(NewCommentRequest $request, Application $application)
|
||||
{
|
||||
// Type hinting makes laravel automatically validate everything
|
||||
|
||||
$this->authorize('create', Comment::class);
|
||||
|
||||
$comment = Comment::create([
|
||||
'authorID' => Auth::user()->id,
|
||||
'applicationID' => $application->id,
|
||||
@ -53,13 +53,10 @@ class CommentController extends Controller
|
||||
|
||||
public function delete(Request $request, Comment $comment)
|
||||
{
|
||||
if (Auth::user()->is($comment->user) || Auth::user()->hasRole('admin'))
|
||||
{
|
||||
$comment->delete();
|
||||
$request->session()->flash('success', 'Comment deleted!');
|
||||
}
|
||||
$this->authorize('delete', $comment);
|
||||
|
||||
$request->session()->flash('error', 'You do not have permission to delete this comment!');
|
||||
$comment->delete();
|
||||
$request->session()->flash('success', 'Comment deleted!');
|
||||
|
||||
return redirect()->back();
|
||||
|
||||
|
@ -5,24 +5,31 @@ namespace App\Http\Controllers;
|
||||
use App\Form;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Validator;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
|
||||
class FormController extends Controller
|
||||
{
|
||||
|
||||
public function index()
|
||||
{
|
||||
$forms = Form::all();
|
||||
$this->authorize('viewAny', Form::class);
|
||||
|
||||
return view('dashboard.administration.forms')
|
||||
->with('forms', Form::all());
|
||||
->with('forms', $forms);
|
||||
}
|
||||
|
||||
public function showFormBuilder()
|
||||
{
|
||||
$this->authorize('viewFormbuilder', Form::class);
|
||||
return view('dashboard.administration.formbuilder');
|
||||
}
|
||||
|
||||
public function saveForm(Request $request)
|
||||
{
|
||||
|
||||
$this->authorize('create', Form::class);
|
||||
|
||||
$formFields = $request->all();
|
||||
|
||||
$formStructure = [];
|
||||
@ -72,6 +79,7 @@ class FormController extends Controller
|
||||
{
|
||||
|
||||
$form = Form::find($id);
|
||||
$this->authorize('delete', $form);
|
||||
|
||||
// TODO: Check if form is linked to vacancies before allowing deletion
|
||||
if (!is_null($form))
|
||||
|
@ -18,7 +18,7 @@ class HomeController extends Controller
|
||||
// TODO: Relationships for Applications, Users and Responses
|
||||
// Also prevent apps if user already has one in the space of 30d
|
||||
// Display apps in the relevant menus
|
||||
|
||||
|
||||
$positions = DB::table('vacancies')
|
||||
->where('vacancyStatus', 'OPEN')
|
||||
->where('vacancyCount', '!=', 0)
|
||||
|
@ -14,6 +14,14 @@ use Spatie\Permission\Models\Role;
|
||||
|
||||
class ProfileController extends Controller
|
||||
{
|
||||
|
||||
public function index()
|
||||
{
|
||||
|
||||
return view('dashboard.user.directory')
|
||||
->with('users', User::with('profile', 'bans')->paginate(9));
|
||||
}
|
||||
|
||||
public function showProfile()
|
||||
{
|
||||
|
||||
|
@ -24,50 +24,48 @@ use Spatie\Permission\Models\Role;
|
||||
class UserController extends Controller
|
||||
{
|
||||
|
||||
|
||||
public function showStaffMembers()
|
||||
{
|
||||
$this->authorize('viewStaff', User::class);
|
||||
|
||||
$staffRoles = [
|
||||
'reviewer',
|
||||
'hiringManager',
|
||||
'admin'
|
||||
]; // TODO: Un-hardcode this, move to config/roles.php
|
||||
$users = User::with('roles')->get();
|
||||
$staffMembers = collect([]);
|
||||
|
||||
if (Auth::user()->can('admin.stafflist'))
|
||||
foreach($users as $user)
|
||||
{
|
||||
$users = User::with('roles')->get();
|
||||
$staffMembers = collect([]);
|
||||
|
||||
foreach($users as $user)
|
||||
if (empty($user->roles))
|
||||
{
|
||||
if (empty($user->roles))
|
||||
{
|
||||
Log::debug($user->role->name);
|
||||
Log::debug('Staff list: User without role detected; Ignoring');
|
||||
continue;
|
||||
}
|
||||
|
||||
foreach($user->roles as $role)
|
||||
{
|
||||
if (in_array($role->name, $staffRoles))
|
||||
{
|
||||
$staffMembers->push($user);
|
||||
continue 2; // Skip directly to the next user instead of comparing more roles for the current user
|
||||
}
|
||||
}
|
||||
Log::debug($user->role->name);
|
||||
Log::debug('Staff list: User without role detected; Ignoring');
|
||||
continue;
|
||||
}
|
||||
|
||||
return view('dashboard.administration.staff-members')
|
||||
->with([
|
||||
'users' => $staffMembers
|
||||
]);
|
||||
foreach($user->roles as $role)
|
||||
{
|
||||
if (in_array($role->name, $staffRoles))
|
||||
{
|
||||
$staffMembers->push($user);
|
||||
continue 2; // Skip directly to the next user instead of comparing more roles for the current user
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
abort(403, 'Forbidden');
|
||||
return view('dashboard.administration.staff-members')
|
||||
->with([
|
||||
'users' => $staffMembers
|
||||
]);
|
||||
}
|
||||
|
||||
public function showPlayers()
|
||||
{
|
||||
$this->authorize('viewPlayers', User::class);
|
||||
|
||||
$users = User::with('roles')->get();
|
||||
$players = collect([]);
|
||||
|
||||
@ -80,23 +78,19 @@ class UserController extends Controller
|
||||
}
|
||||
}
|
||||
|
||||
if (Auth::user()->can('admin.userlist'))
|
||||
{
|
||||
return view('dashboard.administration.players')
|
||||
->with([
|
||||
'users' => $players,
|
||||
'bannedUserCount' => Ban::all()->count()
|
||||
]);
|
||||
}
|
||||
|
||||
abort(403, 'Forbidden');
|
||||
return view('dashboard.administration.players')
|
||||
->with([
|
||||
'users' => $players,
|
||||
'bannedUserCount' => Ban::all()->count()
|
||||
]);
|
||||
}
|
||||
|
||||
|
||||
public function showPlayersLike(SearchPlayerRequest $request)
|
||||
{
|
||||
$searchTerm = $request->searchTerm;
|
||||
$this->authorize('viewPlayers', User::class);
|
||||
|
||||
$searchTerm = $request->searchTerm;
|
||||
$matchingUsers = User::query()
|
||||
->where('name', 'LIKE', "%{$searchTerm}%")
|
||||
->orWhere('email', 'LIKE', "%{$searchTerm}%")
|
||||
@ -250,7 +244,7 @@ class UserController extends Controller
|
||||
|
||||
public function terminate(Request $request, User $user)
|
||||
{
|
||||
$this->authorize('terminate', Auth::user());
|
||||
$this->authorize('terminate', User::class);
|
||||
|
||||
if (!$user->isStaffMember() || $user->is(Auth::user()))
|
||||
{
|
||||
|
@ -10,11 +10,13 @@ use App\Form;
|
||||
use App\Notifications\VacancyClosed;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Str;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
|
||||
class VacancyController extends Controller
|
||||
{
|
||||
public function index()
|
||||
{
|
||||
$this->authorize('viewAny', Vacancy::class);
|
||||
return view('dashboard.administration.positions')
|
||||
->with([
|
||||
'forms' => Form::all(),
|
||||
@ -24,6 +26,7 @@ class VacancyController extends Controller
|
||||
|
||||
public function store(VacancyRequest $request)
|
||||
{
|
||||
$this->authorize('create', Vacancy::class);
|
||||
$form = Form::find($request->vacancyFormID);
|
||||
|
||||
if (!is_null($form))
|
||||
@ -53,7 +56,9 @@ class VacancyController extends Controller
|
||||
|
||||
public function updatePositionAvailability(Request $request, $status, $id)
|
||||
{
|
||||
|
||||
$vacancy = Vacancy::find($id);
|
||||
$this->authorize('update', $vacancy);
|
||||
|
||||
if (!is_null($vacancy))
|
||||
{
|
||||
|
@ -16,6 +16,7 @@ class VoteController extends Controller
|
||||
public function vote(VoteRequest $voteRequest, $applicationID)
|
||||
{
|
||||
$application = Application::find($applicationID);
|
||||
$this->authorize('create', Vote::class);
|
||||
|
||||
if (!is_null($application))
|
||||
{
|
||||
|
@ -21,6 +21,16 @@ class ApplicationPolicy
|
||||
//
|
||||
}
|
||||
|
||||
public function viewAny(User $user)
|
||||
{
|
||||
if ($user->can('applications.view.all'))
|
||||
{
|
||||
return Response::allow();
|
||||
}
|
||||
|
||||
return Response::deny('Forbidden');
|
||||
}
|
||||
|
||||
public function view(User $user, Application $application)
|
||||
{
|
||||
if ($user->is($application->user) && $user->can('applications.view.own') || $user->can('applications.view.all'))
|
||||
@ -30,4 +40,9 @@ class ApplicationPolicy
|
||||
|
||||
return Response::deny('You are not authorised to view this application');
|
||||
}
|
||||
|
||||
public function update(User $user)
|
||||
{
|
||||
return $user->hasAnyRole('admin', 'hiringManager');
|
||||
}
|
||||
}
|
||||
|
94
app/Policies/AppointmentPolicy.php
Normal file
94
app/Policies/AppointmentPolicy.php
Normal file
@ -0,0 +1,94 @@
|
||||
<?php
|
||||
|
||||
namespace App\Policies;
|
||||
|
||||
use App\Appointment;
|
||||
use App\User;
|
||||
use Illuminate\Auth\Access\HandlesAuthorization;
|
||||
|
||||
class AppointmentPolicy
|
||||
{
|
||||
use HandlesAuthorization;
|
||||
|
||||
/**
|
||||
* Determine whether the user can view any models.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @return mixed
|
||||
*/
|
||||
public function viewAny(User $user)
|
||||
{
|
||||
//
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can view the model.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\Appointment $appointment
|
||||
* @return mixed
|
||||
*/
|
||||
public function view(User $user, Appointment $appointment)
|
||||
{
|
||||
//
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can create models.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @return mixed
|
||||
*/
|
||||
public function create(User $user)
|
||||
{
|
||||
return $user->can('appointments.schedule');
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can update the model.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\Appointment $appointment
|
||||
* @return mixed
|
||||
*/
|
||||
public function update(User $user, Appointment $appointment)
|
||||
{
|
||||
return $user->can('appointments.schedule.edit');
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can delete the model.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\Appointment $appointment
|
||||
* @return mixed
|
||||
*/
|
||||
public function delete(User $user, Appointment $appointment)
|
||||
{
|
||||
//
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can restore the model.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\Appointment $appointment
|
||||
* @return mixed
|
||||
*/
|
||||
public function restore(User $user, Appointment $appointment)
|
||||
{
|
||||
//
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can permanently delete the model.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\Appointment $appointment
|
||||
* @return mixed
|
||||
*/
|
||||
public function forceDelete(User $user, Appointment $appointment)
|
||||
{
|
||||
//
|
||||
}
|
||||
}
|
94
app/Policies/BanPolicy.php
Normal file
94
app/Policies/BanPolicy.php
Normal file
@ -0,0 +1,94 @@
|
||||
<?php
|
||||
|
||||
namespace App\Policies;
|
||||
|
||||
use App\Ban;
|
||||
use App\User;
|
||||
use Illuminate\Auth\Access\HandlesAuthorization;
|
||||
|
||||
class BanPolicy
|
||||
{
|
||||
use HandlesAuthorization;
|
||||
|
||||
/**
|
||||
* Determine whether the user can view any models.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @return mixed
|
||||
*/
|
||||
public function viewAny(User $user)
|
||||
{
|
||||
//
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can view the model.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\Ban $ban
|
||||
* @return mixed
|
||||
*/
|
||||
public function view(User $user, Ban $ban)
|
||||
{
|
||||
//
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can create models.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @return mixed
|
||||
*/
|
||||
public function create(User $user)
|
||||
{
|
||||
//
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can update the model.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\Ban $ban
|
||||
* @return mixed
|
||||
*/
|
||||
public function update(User $user, Ban $ban)
|
||||
{
|
||||
//
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can delete the model.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\Ban $ban
|
||||
* @return mixed
|
||||
*/
|
||||
public function delete(User $user, Ban $ban)
|
||||
{
|
||||
return $user->hasRole('admin');
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can restore the model.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\Ban $ban
|
||||
* @return mixed
|
||||
*/
|
||||
public function restore(User $user, Ban $ban)
|
||||
{
|
||||
//
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can permanently delete the model.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\Ban $ban
|
||||
* @return mixed
|
||||
*/
|
||||
public function forceDelete(User $user, Ban $ban)
|
||||
{
|
||||
//
|
||||
}
|
||||
}
|
99
app/Policies/CommentPolicy.php
Normal file
99
app/Policies/CommentPolicy.php
Normal file
@ -0,0 +1,99 @@
|
||||
<?php
|
||||
|
||||
namespace App\Policies;
|
||||
|
||||
use App\Comment;
|
||||
use App\User;
|
||||
use Illuminate\Auth\Access\HandlesAuthorization;
|
||||
|
||||
class CommentPolicy
|
||||
{
|
||||
use HandlesAuthorization;
|
||||
|
||||
/**
|
||||
* Determine whether the user can view any models.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @return mixed
|
||||
*/
|
||||
public function viewAny(User $user)
|
||||
{
|
||||
//
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can view the model.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\Comment $comment
|
||||
* @return mixed
|
||||
*/
|
||||
public function view(User $user, Comment $comment)
|
||||
{
|
||||
//
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can create models.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @return mixed
|
||||
*/
|
||||
public function create(User $user)
|
||||
{
|
||||
return $user->isStaffMember();
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can update the model.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\Comment $comment
|
||||
* @return mixed
|
||||
*/
|
||||
public function update(User $user, Comment $comment)
|
||||
{
|
||||
//
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can delete the model.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\Comment $comment
|
||||
* @return mixed
|
||||
*/
|
||||
public function delete(User $user, Comment $comment)
|
||||
{
|
||||
if ($user->is($comment->user) || $user->hasRole('admin'))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can restore the model.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\Comment $comment
|
||||
* @return mixed
|
||||
*/
|
||||
public function restore(User $user, Comment $comment)
|
||||
{
|
||||
//
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can permanently delete the model.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\Comment $comment
|
||||
* @return mixed
|
||||
*/
|
||||
public function forceDelete(User $user, Comment $comment)
|
||||
{
|
||||
//
|
||||
}
|
||||
}
|
98
app/Policies/FormPolicy.php
Normal file
98
app/Policies/FormPolicy.php
Normal file
@ -0,0 +1,98 @@
|
||||
<?php
|
||||
|
||||
namespace App\Policies;
|
||||
|
||||
use App\Form;
|
||||
use App\User;
|
||||
use Illuminate\Auth\Access\HandlesAuthorization;
|
||||
|
||||
class FormPolicy
|
||||
{
|
||||
use HandlesAuthorization;
|
||||
|
||||
/**
|
||||
* Determine whether the user can view any models.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @return mixed
|
||||
*/
|
||||
public function viewAny(User $user)
|
||||
{
|
||||
return $user->can('admin.hiring.forms');
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can view the model.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\Form $form
|
||||
* @return mixed
|
||||
*/
|
||||
public function view(User $user, Form $form)
|
||||
{
|
||||
return $user->can('admin.hiring.forms');
|
||||
}
|
||||
|
||||
public function viewFormbuilder(User $user)
|
||||
{
|
||||
return $user->can('admin.hiring.formbuilder');
|
||||
}
|
||||
/**
|
||||
* Determine whether the user can create models.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @return mixed
|
||||
*/
|
||||
public function create(User $user)
|
||||
{
|
||||
return $this->user->can('admin.hiring.forms');
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can update the model.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\Form $form
|
||||
* @return mixed
|
||||
*/
|
||||
public function update(User $user, Form $form)
|
||||
{
|
||||
// unused
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can delete the model.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\Form $form
|
||||
* @return mixed
|
||||
*/
|
||||
public function delete(User $user, Form $form)
|
||||
{
|
||||
return $this->user->can('admin.hiring.forms');
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can restore the model.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\Form $form
|
||||
* @return mixed
|
||||
*/
|
||||
public function restore(User $user, Form $form)
|
||||
{
|
||||
//
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can permanently delete the model.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\Form $form
|
||||
* @return mixed
|
||||
*/
|
||||
public function forceDelete(User $user, Form $form)
|
||||
{
|
||||
//
|
||||
}
|
||||
}
|
94
app/Policies/VacancyPolicy.php
Normal file
94
app/Policies/VacancyPolicy.php
Normal file
@ -0,0 +1,94 @@
|
||||
<?php
|
||||
|
||||
namespace App\Policies;
|
||||
|
||||
use App\User;
|
||||
use App\Vacancy;
|
||||
use Illuminate\Auth\Access\HandlesAuthorization;
|
||||
|
||||
class VacancyPolicy
|
||||
{
|
||||
use HandlesAuthorization;
|
||||
// TODO: Switch to permissions (there are no specific permissions yet)
|
||||
/**
|
||||
* Determine whether the user can view any models.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @return mixed
|
||||
*/
|
||||
public function viewAny(User $user)
|
||||
{
|
||||
return $user->hasAnyRole('admin', 'hiringManager');
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can view the model.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\Vacancy $vacancy
|
||||
* @return mixed
|
||||
*/
|
||||
public function view(User $user, Vacancy $vacancy)
|
||||
{
|
||||
// unused
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can create models.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @return mixed
|
||||
*/
|
||||
public function create(User $user)
|
||||
{
|
||||
return $user->hasAnyRole('admin', 'hiringManager');
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can update the model.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\Vacancy $vacancy
|
||||
* @return mixed
|
||||
*/
|
||||
public function update(User $user, Vacancy $vacancy)
|
||||
{
|
||||
return $user->hasRole('admin', 'hiringManager');
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can delete the model.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\Vacancy $vacancy
|
||||
* @return mixed
|
||||
*/
|
||||
public function delete(User $user, Vacancy $vacancy)
|
||||
{
|
||||
//
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can restore the model.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\Vacancy $vacancy
|
||||
* @return mixed
|
||||
*/
|
||||
public function restore(User $user, Vacancy $vacancy)
|
||||
{
|
||||
//
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can permanently delete the model.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\Vacancy $vacancy
|
||||
* @return mixed
|
||||
*/
|
||||
public function forceDelete(User $user, Vacancy $vacancy)
|
||||
{
|
||||
//
|
||||
}
|
||||
}
|
94
app/Policies/VotePolicy.php
Normal file
94
app/Policies/VotePolicy.php
Normal file
@ -0,0 +1,94 @@
|
||||
<?php
|
||||
|
||||
namespace App\Policies;
|
||||
|
||||
use App\User;
|
||||
use App\Vote;
|
||||
use Illuminate\Auth\Access\HandlesAuthorization;
|
||||
|
||||
class VotePolicy
|
||||
{
|
||||
use HandlesAuthorization;
|
||||
|
||||
/**
|
||||
* Determine whether the user can view any models.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @return mixed
|
||||
*/
|
||||
public function viewAny(User $user)
|
||||
{
|
||||
//
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can view the model.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\Vote $vote
|
||||
* @return mixed
|
||||
*/
|
||||
public function view(User $user, Vote $vote)
|
||||
{
|
||||
//
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can create models.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @return mixed
|
||||
*/
|
||||
public function create(User $user)
|
||||
{
|
||||
return $user->can('applications.vote');
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can update the model.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\Vote $vote
|
||||
* @return mixed
|
||||
*/
|
||||
public function update(User $user, Vote $vote)
|
||||
{
|
||||
//
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can delete the model.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\Vote $vote
|
||||
* @return mixed
|
||||
*/
|
||||
public function delete(User $user, Vote $vote)
|
||||
{
|
||||
//
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can restore the model.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\Vote $vote
|
||||
* @return mixed
|
||||
*/
|
||||
public function restore(User $user, Vote $vote)
|
||||
{
|
||||
//
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can permanently delete the model.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\Vote $vote
|
||||
* @return mixed
|
||||
*/
|
||||
public function forceDelete(User $user, Vote $vote)
|
||||
{
|
||||
//
|
||||
}
|
||||
}
|
@ -2,10 +2,22 @@
|
||||
|
||||
namespace App\Providers;
|
||||
|
||||
use App\Http\Controllers\BanController;
|
||||
use App\Http\Controllers\VoteController;
|
||||
use App\Http\Controllers\ProfileController;
|
||||
use App\Http\Controllers\AppointmentController;
|
||||
use App\Policies\ProfilePolicy;
|
||||
use App\Policies\VacancyPolicy;
|
||||
use App\Policies\UserPolicy;
|
||||
use App\Policies\FormPolicy;
|
||||
use App\Policies\ApplicationPolicy;
|
||||
use App\User;
|
||||
use App\Form;
|
||||
use App\Vote;
|
||||
use App\Vacancy;
|
||||
use App\Application;
|
||||
use App\Appointment;
|
||||
use App\Ban;
|
||||
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
|
||||
use Illuminate\Support\Facades\Gate;
|
||||
|
||||
@ -18,9 +30,15 @@ class AuthServiceProvider extends ServiceProvider
|
||||
*/
|
||||
protected $policies = [
|
||||
// 'App\Model' => 'App\Policies\ModelPolicy',
|
||||
'App\Application' => 'App\Policies\ApplicationPolicy',
|
||||
ProfileController::class => ProfilePolicy::class,
|
||||
User::class => UserPolicy::class
|
||||
Application::class => ApplicationPolicy::class,
|
||||
Profile::class => ProfilePolicy::class,
|
||||
User::class => UserPolicy::class,
|
||||
Vacancy::class => VacancyPolicy::class,
|
||||
//Form::class => FormPolicy::class
|
||||
'App\Form' => 'App\Policies\FormPolicy',
|
||||
Vote::class => VoteController::class,
|
||||
Ban::class => BanController::class,
|
||||
Appointment::class => AppointmentController::class
|
||||
];
|
||||
|
||||
/**
|
||||
@ -31,7 +49,6 @@ class AuthServiceProvider extends ServiceProvider
|
||||
public function boot()
|
||||
{
|
||||
$this->registerPolicies();
|
||||
|
||||
//
|
||||
}
|
||||
}
|
||||
|
@ -213,6 +213,12 @@ return [
|
||||
'icon' => 'fas fa-home',
|
||||
'url' => 'dashboard'
|
||||
],
|
||||
[
|
||||
'text' => 'Directory',
|
||||
'icon' => 'fas fa-users',
|
||||
'url' => 'users/directory',
|
||||
'can' => 'profiles.view.others'
|
||||
],
|
||||
[
|
||||
'header' => 'Applications',
|
||||
'can' => 'applications.view.own'
|
||||
|
3
public/css/directory.css
vendored
Normal file
3
public/css/directory.css
vendored
Normal file
@ -0,0 +1,3 @@
|
||||
.links nav {
|
||||
display: inline-block;
|
||||
}
|
@ -63,7 +63,7 @@ I
|
||||
<form name="search" method="POST" action="{{route('searchRegisteredPLayerList')}}">
|
||||
@csrf
|
||||
<div class="input-group">
|
||||
<input type="text" name="searchTerm" class="form-control" placeholder="Username/email search">
|
||||
<input type="text" name="searchTerm" class="form-control" placeholder="Full/partial email search">
|
||||
<span class="input-group-btn">
|
||||
<button class="btn btn-default" type="submit">
|
||||
<i class="fa fa-search"></i>
|
||||
@ -116,6 +116,7 @@ I
|
||||
<th>#</th>
|
||||
<th>IGN</th>
|
||||
<th>UUID</th>
|
||||
<th>Email</th>
|
||||
<th>Status</th>
|
||||
<th>Registration Date</th>
|
||||
<th>Actions</th>
|
||||
@ -125,11 +126,12 @@ I
|
||||
<tbody>
|
||||
|
||||
@foreach($users as $user)
|
||||
|
||||
|
||||
<tr>
|
||||
<td>{{$user->id}}</td>
|
||||
<td>{{UUID::toUsername($user->uuid)}}</td>
|
||||
<td>{{$user->uuid}}</td>
|
||||
<td>{{ $user->email }}</td>
|
||||
<td>
|
||||
@if ($user->isBanned())
|
||||
<span class="badge badge-danger"><i class="fa fa-ban"></i> Banned</span>
|
||||
@ -150,7 +152,7 @@ I
|
||||
</table>
|
||||
@else
|
||||
<div class="alert alert-secondary">
|
||||
|
||||
|
||||
<i class="fas fa-question"></i><span> There are no registered players!</span>
|
||||
<p>
|
||||
Registered players are those without a staff role in the team management application.
|
||||
|
@ -49,6 +49,7 @@
|
||||
<th>Full Name</th>
|
||||
<th>UUID</th>
|
||||
<th>Rank</th>
|
||||
<th>Email</th>
|
||||
<th>Status</th>
|
||||
<th>Join Date</th>
|
||||
<th>Actions</th>
|
||||
@ -60,7 +61,7 @@
|
||||
@foreach($users as $user)
|
||||
|
||||
<tr>
|
||||
<td>1</td>
|
||||
<td>{{ $user->id }}</td>
|
||||
<td>{{$user->name}}</td>
|
||||
<td>{{UUID::toUsername($user->uuid)}}</td>
|
||||
<td>
|
||||
@ -68,16 +69,16 @@
|
||||
<span class="badge badge-info badge-sm">{{$role->name}}</span>
|
||||
@endforeach
|
||||
</td>
|
||||
<td>{{ $user->email }}</td>
|
||||
<td><span class="badge badge-success">Active</span></td>
|
||||
<td>{{$user->created_at}}</td>
|
||||
<td>
|
||||
<button type="button" class="btn btn-sm btn-success mr-2" onclick="window.location.href='{{route('showSingleProfile', ['user' => $user->id])}}'"><i class="fa fa-eye"></i></button>
|
||||
<button type="button" class="btn btn-sm btn-warning mr-2"><i class="fas fa-pencil-alt"></i></button>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
@endforeach
|
||||
|
||||
|
||||
</tbody>
|
||||
|
||||
</table>
|
||||
|
107
resources/views/dashboard/user/directory.blade.php
Normal file
107
resources/views/dashboard/user/directory.blade.php
Normal file
@ -0,0 +1,107 @@
|
||||
@extends('adminlte::page')
|
||||
|
||||
@section('title', 'Raspberry Network | User Directory')
|
||||
|
||||
@section('content_header')
|
||||
|
||||
<h4>Users / Directory</h4>
|
||||
|
||||
@stop
|
||||
|
||||
@section('js')
|
||||
<script src="/js/app.js"></script>
|
||||
<x-global-errors></x-global-errors>
|
||||
@stop
|
||||
|
||||
@section('css')
|
||||
|
||||
<link rel="stylesheet" href="/css/directory.css" />
|
||||
|
||||
@stop
|
||||
|
||||
|
||||
@section('content')
|
||||
|
||||
@if (Auth::user()->can('profiles.view.others'))
|
||||
|
||||
|
||||
<div class="row">
|
||||
|
||||
@foreach ($users as $user)
|
||||
<div class="col-md-4">
|
||||
<!-- Widget: user widget style 1 -->
|
||||
<div class="card card-widget widget-user">
|
||||
<div class="widget-user-header bg-secondary">
|
||||
<h3 class="widget-user-username">{{ $user->name }}</h3>
|
||||
<h5 class="widget-user-desc">{{ $user->profile->profileShortBio }}</h5>
|
||||
</div>
|
||||
<div class="widget-user-image">
|
||||
@if($user->profile->avatarPreference == 'gravatar')
|
||||
<img class="profile-user-img elevation-2 img-fluid img-circle" src="https://gravatar.com/avatar/{{md5($user->email)}}" alt="User profile picture">
|
||||
@else
|
||||
<img class="profile-user-img elevation-2 img-fluid img-circle" src="https://crafatar.com/avatars/{{$user->uuid}}" alt="User profile picture">
|
||||
@endif
|
||||
</div>
|
||||
<div class="card-footer text-center">
|
||||
|
||||
@if (Auth::user()->is($user))
|
||||
|
||||
<div class="user-indicator mb-2">
|
||||
|
||||
<span class="badge badge-success">It's you!</span>
|
||||
|
||||
</div>
|
||||
|
||||
@endif
|
||||
|
||||
<div class="roles mb-2">
|
||||
|
||||
@foreach ($user->roles as $role)
|
||||
|
||||
<span class="badge badge-secondary mr-2">{{ucfirst($role->name)}}</span>
|
||||
|
||||
@endforeach
|
||||
|
||||
</div>
|
||||
|
||||
<button type="button" class="btn btn-sm btn-primary" onclick="window.location.href='{{ route('showSingleProfile', ['user' => $user->id]) }}'"><i class="fa fa-eye"></i> Profile</button>
|
||||
|
||||
</div>
|
||||
</div>
|
||||
<!-- /.widget-user -->
|
||||
</div>
|
||||
@endforeach
|
||||
|
||||
</div>
|
||||
|
||||
<div clsas="row mt-4">
|
||||
|
||||
<div class="col">
|
||||
|
||||
<div class="card">
|
||||
|
||||
<div class="card-body text-center">
|
||||
|
||||
<div class="links">
|
||||
{{ $users->links() }}
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
@else
|
||||
<div class="alert alert-danger">
|
||||
|
||||
<p>
|
||||
You do not have permission to view this page.
|
||||
</p>
|
||||
|
||||
</div>
|
||||
@endif
|
||||
|
||||
@stop
|
@ -4,7 +4,7 @@
|
||||
|
||||
@section('content_header')
|
||||
|
||||
<h4>Profile</h4>
|
||||
<h4>Users / Profile / {{ $profile->user->name }}</h4>
|
||||
|
||||
@stop
|
||||
|
||||
|
@ -31,6 +31,9 @@ Route::group(['middleware' => ['auth', 'forcelogout']], function(){
|
||||
->name('dashboard')
|
||||
->middleware('eligibility');
|
||||
|
||||
Route::get('users/directory', 'ProfileController@index')
|
||||
->name('directory');
|
||||
|
||||
Route::group(['prefix' => '/applications'], function (){
|
||||
|
||||
Route::get('/my-applications', 'ApplicationController@showUserApps')
|
||||
|
Loading…
Reference in New Issue
Block a user