miguel456/rbrecruiter
1
0
Fork 1
Code Issues Pull Requests 1 Projects Releases 2 Wiki Activity

Add user directory & isolate authorisation

Browse Source
This commit is contained in:
Miguel Nogueira
2020-06-27 19:15:33 +01:00
parent 71efdf93d8
commit 33c16fcf46
25 changed files with 812 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/Http/Controllers/ApplicationController.php
View File

@@ -80,6 +80,8 @@ class ApplicationController extends Controller
public function showAllPendingApps()
{
$this->authorize('viewAny', Application::class);
return view('dashboard.appmanagement.outstandingapps')
->with('applications', Application::where('applicationStatus', 'STAGE_SUBMITTED')->get());
}
@@ -90,6 +92,7 @@ class ApplicationController extends Controller
public function showPendingInterview()
{
$this->authorize('viewAny', Application::class);
$applications = Application::with('appointment', 'user')->get();
$count = 0;
@@ -131,6 +134,7 @@ class ApplicationController extends Controller
public function showPeerReview()
{
$this->authorize('viewAny', Application::class);
return view('dashboard.appmanagement.peerreview')
->with('applications', Application::where('applicationStatus', 'STAGE_PEERAPPROVAL')->get());
@@ -246,6 +250,7 @@ class ApplicationController extends Controller
public function updateApplicationStatus(Request $request, $applicationID, $newStatus)
{
$application = Application::find($applicationID);
$this->authorize('update', Application::class);
if (!is_null($application))
{

7
app/Http/Controllers/AppointmentController.php
View File

@@ -28,6 +28,8 @@ class AppointmentController extends Controller
{
// Unrelated TODO: change if's in application page to a switch statement, & have the row encompass it
$this->authorize('create', Appointment::class);
$app = Application::find($applicationID);
if (!is_null($app))
@@ -49,7 +51,7 @@ class AppointmentController extends Controller
'datetime' => $appointmentDate->toDateTimeString(),
'scheduled' => now()
]);
$app->user->notify(new AppointmentScheduled($appointment));
$request->session()->flash('success', 'Appointment successfully scheduled @ ' . $appointmentDate->toDateTimeString());
@@ -64,6 +66,9 @@ class AppointmentController extends Controller
public function updateAppointment(Request $request, $applicationID, $status)
{
$this->authorize('update', Appointment::class);
$application = Application::find($applicationID);
$validStatuses = [
'SCHEDULED',

3
app/Http/Controllers/BanController.php
View File

@@ -76,6 +76,9 @@ class BanController extends Controller
public function delete(Request $request, User $user)
{
$this->authorize('delete', $user->bans);
if (!is_null($user->bans))
{
$user->bans->delete();

13
app/Http/Controllers/CommentController.php
View File

@@ -21,8 +21,8 @@ class CommentController extends Controller
public function insert(NewCommentRequest $request, Application $application)
{
// Type hinting makes laravel automatically validate everything
$this->authorize('create', Comment::class);
$comment = Comment::create([
'authorID' => Auth::user()->id,
'applicationID' => $application->id,
@@ -53,13 +53,10 @@ class CommentController extends Controller
public function delete(Request $request, Comment $comment)
{
if (Auth::user()->is($comment->user) || Auth::user()->hasRole('admin'))
{
$comment->delete();
$request->session()->flash('success', 'Comment deleted!');
}
$this->authorize('delete', $comment);
$request->session()->flash('error', 'You do not have permission to delete this comment!');
$comment->delete();
$request->session()->flash('success', 'Comment deleted!');
return redirect()->back();

10
app/Http/Controllers/FormController.php
View File

@@ -5,24 +5,31 @@ namespace App\Http\Controllers;
use App\Form;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Validator;
use Illuminate\Support\Facades\Auth;
class FormController extends Controller
{
public function index()
{
$forms = Form::all();
$this->authorize('viewAny', Form::class);
return view('dashboard.administration.forms')
->with('forms', Form::all());
->with('forms', $forms);
}
public function showFormBuilder()
{
$this->authorize('viewFormbuilder', Form::class);
return view('dashboard.administration.formbuilder');
}
public function saveForm(Request $request)
{
$this->authorize('create', Form::class);
$formFields = $request->all();
$formStructure = [];
@@ -72,6 +79,7 @@ class FormController extends Controller
{
$form = Form::find($id);
$this->authorize('delete', $form);
// TODO: Check if form is linked to vacancies before allowing deletion
if (!is_null($form))

2
app/Http/Controllers/HomeController.php
View File

@@ -18,7 +18,7 @@ class HomeController extends Controller
// TODO: Relationships for Applications, Users and Responses
// Also prevent apps if user already has one in the space of 30d
// Display apps in the relevant menus
$positions = DB::table('vacancies')
->where('vacancyStatus', 'OPEN')
->where('vacancyCount', '!=', 0)

8
app/Http/Controllers/ProfileController.php
View File

@@ -14,6 +14,14 @@ use Spatie\Permission\Models\Role;
class ProfileController extends Controller
{
public function index()
{
return view('dashboard.user.directory')
->with('users', User::with('profile', 'bans')->paginate(9));
}
public function showProfile()
{

68
app/Http/Controllers/UserController.php
View File

@@ -24,50 +24,48 @@ use Spatie\Permission\Models\Role;
class UserController extends Controller
{
public function showStaffMembers()
{
$this->authorize('viewStaff', User::class);
$staffRoles = [
'reviewer',
'hiringManager',
'admin'
]; // TODO: Un-hardcode this, move to config/roles.php
$users = User::with('roles')->get();
$staffMembers = collect([]);
if (Auth::user()->can('admin.stafflist'))
foreach($users as $user)
{
$users = User::with('roles')->get();
$staffMembers = collect([]);
foreach($users as $user)
if (empty($user->roles))
{
if (empty($user->roles))
{
Log::debug($user->role->name);
Log::debug('Staff list: User without role detected; Ignoring');
continue;
}
foreach($user->roles as $role)
{
if (in_array($role->name, $staffRoles))
{
$staffMembers->push($user);
continue 2; // Skip directly to the next user instead of comparing more roles for the current user
}
}
Log::debug($user->role->name);
Log::debug('Staff list: User without role detected; Ignoring');
continue;
}
return view('dashboard.administration.staff-members')
->with([
'users' => $staffMembers
]);
foreach($user->roles as $role)
{
if (in_array($role->name, $staffRoles))
{
$staffMembers->push($user);
continue 2; // Skip directly to the next user instead of comparing more roles for the current user
}
}
}
abort(403, 'Forbidden');
return view('dashboard.administration.staff-members')
->with([
'users' => $staffMembers
]);
}
public function showPlayers()
{
$this->authorize('viewPlayers', User::class);
$users = User::with('roles')->get();
$players = collect([]);
@@ -80,23 +78,19 @@ class UserController extends Controller
}
}
if (Auth::user()->can('admin.userlist'))
{
return view('dashboard.administration.players')
->with([
'users' => $players,
'bannedUserCount' => Ban::all()->count()
]);
}
abort(403, 'Forbidden');
return view('dashboard.administration.players')
->with([
'users' => $players,
'bannedUserCount' => Ban::all()->count()
]);
}
public function showPlayersLike(SearchPlayerRequest $request)
{
$searchTerm = $request->searchTerm;
$this->authorize('viewPlayers', User::class);
$searchTerm = $request->searchTerm;
$matchingUsers = User::query()
->where('name', 'LIKE', "%{$searchTerm}%")
->orWhere('email', 'LIKE', "%{$searchTerm}%")
@@ -250,7 +244,7 @@ class UserController extends Controller
public function terminate(Request $request, User $user)
{
$this->authorize('terminate', Auth::user());
$this->authorize('terminate', User::class);
if (!$user->isStaffMember() || $user->is(Auth::user()))
{

5
app/Http/Controllers/VacancyController.php
View File

@@ -10,11 +10,13 @@ use App\Form;
use App\Notifications\VacancyClosed;
use Illuminate\Http\Request;
use Illuminate\Support\Str;
use Illuminate\Support\Facades\Auth;
class VacancyController extends Controller
{
public function index()
{
$this->authorize('viewAny', Vacancy::class);
return view('dashboard.administration.positions')
->with([
'forms' => Form::all(),
@@ -24,6 +26,7 @@ class VacancyController extends Controller
public function store(VacancyRequest $request)
{
$this->authorize('create', Vacancy::class);
$form = Form::find($request->vacancyFormID);
if (!is_null($form))
@@ -53,7 +56,9 @@ class VacancyController extends Controller
public function updatePositionAvailability(Request $request, $status, $id)
{
$vacancy = Vacancy::find($id);
$this->authorize('update', $vacancy);
if (!is_null($vacancy))
{

1
app/Http/Controllers/VoteController.php
View File

@@ -16,6 +16,7 @@ class VoteController extends Controller
public function vote(VoteRequest $voteRequest, $applicationID)
{
$application = Application::find($applicationID);
$this->authorize('create', Vote::class);
if (!is_null($application))
{