Add user directory & isolate authorisation

app/Http/Controllers/ApplicationController.php

@@ -80,6 +80,8 @@ class ApplicationController extends Controller
 
     public function showAllPendingApps()
     {
+        $this->authorize('viewAny', Application::class);
+
         return view('dashboard.appmanagement.outstandingapps')
             ->with('applications', Application::where('applicationStatus', 'STAGE_SUBMITTED')->get());
     }
@@ -90,6 +92,7 @@ class ApplicationController extends Controller
 
     public function showPendingInterview()
     {
+        $this->authorize('viewAny', Application::class);
         $applications = Application::with('appointment', 'user')->get();
         $count = 0;
 
@@ -131,6 +134,7 @@ class ApplicationController extends Controller
 
     public function showPeerReview()
     {
+        $this->authorize('viewAny', Application::class);
         return view('dashboard.appmanagement.peerreview')
             ->with('applications', Application::where('applicationStatus', 'STAGE_PEERAPPROVAL')->get());
 
@@ -246,6 +250,7 @@ class ApplicationController extends Controller
     public function updateApplicationStatus(Request $request, $applicationID, $newStatus)
     {
         $application = Application::find($applicationID);
+        $this->authorize('update', Application::class);
 
         if (!is_null($application))
         {

app/Http/Controllers/AppointmentController.php

@@ -28,6 +28,8 @@ class AppointmentController extends Controller
     {
         // Unrelated TODO: change if's in application page to a switch statement, & have the row encompass it
 
+        $this->authorize('create', Appointment::class);
+
         $app = Application::find($applicationID);
 
         if (!is_null($app))
@@ -64,6 +66,9 @@ class AppointmentController extends Controller
 
     public function updateAppointment(Request $request, $applicationID, $status)
     {
+
+      $this->authorize('update', Appointment::class);
+
         $application = Application::find($applicationID);
         $validStatuses = [
           'SCHEDULED',

app/Http/Controllers/BanController.php

@@ -76,6 +76,9 @@ class BanController extends Controller
 
     public function delete(Request $request, User $user)
     {
+
+        $this->authorize('delete', $user->bans);
+
         if (!is_null($user->bans))
         {
             $user->bans->delete();

app/Http/Controllers/CommentController.php

@@ -21,7 +21,7 @@ class CommentController extends Controller
 
     public function insert(NewCommentRequest $request, Application $application)
     {
-        // Type hinting makes laravel automatically validate everything
+        $this->authorize('create', Comment::class);
         
         $comment = Comment::create([
             'authorID' => Auth::user()->id,
@@ -53,13 +53,10 @@ class CommentController extends Controller
 
     public function delete(Request $request, Comment $comment)
     {
-        if (Auth::user()->is($comment->user) || Auth::user()->hasRole('admin'))
+        $this->authorize('delete', $comment);
-        {
+
         $comment->delete();
         $request->session()->flash('success', 'Comment deleted!');
-        }
-
-        $request->session()->flash('error', 'You do not have permission to delete this comment!');
 
         return redirect()->back();
 

app/Http/Controllers/FormController.php

@@ -5,24 +5,31 @@ namespace App\Http\Controllers;
 use App\Form;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Validator;
+use Illuminate\Support\Facades\Auth;
 
 class FormController extends Controller
 {
 
     public function index()
     {
+        $forms = Form::all();
+        $this->authorize('viewAny', Form::class);
+
         return view('dashboard.administration.forms')
-            ->with('forms', Form::all());
+            ->with('forms', $forms);
     }
 
     public function showFormBuilder()
     {
+        $this->authorize('viewFormbuilder', Form::class);
         return view('dashboard.administration.formbuilder');
     }
 
     public function saveForm(Request $request)
     {
 
+        $this->authorize('create', Form::class);
+
         $formFields = $request->all();
 
         $formStructure = [];
@@ -72,6 +79,7 @@ class FormController extends Controller
     {
 
         $form = Form::find($id);
+        $this->authorize('delete', $form);
 
         // TODO: Check if form is linked to vacancies before allowing deletion
         if (!is_null($form))

app/Http/Controllers/ProfileController.php

@@ -14,6 +14,14 @@ use Spatie\Permission\Models\Role;
 
 class ProfileController extends Controller
 {
+
+  public function index()
+  {
+
+    return view('dashboard.user.directory')
+          ->with('users', User::with('profile', 'bans')->paginate(9));
+  }
+
     public function showProfile()
     {
 

app/Http/Controllers/UserController.php

@@ -24,17 +24,16 @@ use Spatie\Permission\Models\Role;
 class UserController extends Controller
 {
 
+
     public function showStaffMembers()
     {
+        $this->authorize('viewStaff', User::class);
 
         $staffRoles = [
             'reviewer',
             'hiringManager',
             'admin'
         ]; // TODO: Un-hardcode this, move to config/roles.php
-
-        if (Auth::user()->can('admin.stafflist'))
-        {
         $users = User::with('roles')->get();
         $staffMembers = collect([]);
 
@@ -63,11 +62,10 @@ class UserController extends Controller
             ]);
     }
 
-        abort(403, 'Forbidden');
-    }
-
     public function showPlayers()
     {
+        $this->authorize('viewPlayers', User::class);
+
         $users = User::with('roles')->get();
         $players = collect([]);
 
@@ -80,8 +78,6 @@ class UserController extends Controller
             }
         }
 
-        if (Auth::user()->can('admin.userlist'))
-        {
         return view('dashboard.administration.players')
             ->with([
                 'users' => $players,
@@ -89,14 +85,12 @@ class UserController extends Controller
             ]);
     }
 
-        abort(403, 'Forbidden');
-    }
-
 
     public function showPlayersLike(SearchPlayerRequest $request)
     {
-        $searchTerm = $request->searchTerm;
+        $this->authorize('viewPlayers', User::class);
 
+        $searchTerm = $request->searchTerm;
         $matchingUsers = User::query()
             ->where('name', 'LIKE', "%{$searchTerm}%")
             ->orWhere('email', 'LIKE', "%{$searchTerm}%")
@@ -250,7 +244,7 @@ class UserController extends Controller
 
     public function terminate(Request $request, User $user)
     {
-        $this->authorize('terminate', Auth::user());
+        $this->authorize('terminate', User::class);
 
         if (!$user->isStaffMember() || $user->is(Auth::user()))
         {

app/Http/Controllers/VacancyController.php

@@ -10,11 +10,13 @@ use App\Form;
 use App\Notifications\VacancyClosed;
 use Illuminate\Http\Request;
 use Illuminate\Support\Str;
+use Illuminate\Support\Facades\Auth;
 
 class VacancyController extends Controller
 {
     public function index()
     {
+      $this->authorize('viewAny', Vacancy::class);
         return view('dashboard.administration.positions')
             ->with([
                 'forms' => Form::all(),
@@ -24,6 +26,7 @@ class VacancyController extends Controller
 
     public function store(VacancyRequest $request)
     {
+        $this->authorize('create', Vacancy::class);
         $form = Form::find($request->vacancyFormID);
 
         if (!is_null($form))
@@ -53,7 +56,9 @@ class VacancyController extends Controller
 
     public function updatePositionAvailability(Request $request, $status, $id)
     {
+
         $vacancy = Vacancy::find($id);
+        $this->authorize('update', $vacancy);
 
         if (!is_null($vacancy))
         {

app/Http/Controllers/VoteController.php

@@ -16,6 +16,7 @@ class VoteController extends Controller
     public function vote(VoteRequest $voteRequest, $applicationID)
     {
         $application = Application::find($applicationID);
+        $this->authorize('create', Vote::class);
 
         if (!is_null($application))
         {

app/Policies/ApplicationPolicy.php

@@ -21,6 +21,16 @@ class ApplicationPolicy
         //
     }
 
+    public function viewAny(User $user)
+    {
+      if ($user->can('applications.view.all'))
+      {
+        return Response::allow();
+      }
+
+      return Response::deny('Forbidden');
+    }
+
     public function view(User $user, Application $application)
     {
        if ($user->is($application->user) && $user->can('applications.view.own') || $user->can('applications.view.all'))
@@ -30,4 +40,9 @@ class ApplicationPolicy
 
        return Response::deny('You are not authorised to view this application');
     }
+
+    public function update(User $user)
+    {
+        return $user->hasAnyRole('admin', 'hiringManager');
+    }
 }

app/Policies/AppointmentPolicy.php

@@ -0,0 +1,94 @@
+<?php
+
+namespace App\Policies;
+
+use App\Appointment;
+use App\User;
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+class AppointmentPolicy
+{
+    use HandlesAuthorization;
+
+    /**
+     * Determine whether the user can view any models.
+     *
+     * @param  \App\User  $user
+     * @return mixed
+     */
+    public function viewAny(User $user)
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can view the model.
+     *
+     * @param  \App\User  $user
+     * @param  \App\Appointment  $appointment
+     * @return mixed
+     */
+    public function view(User $user, Appointment $appointment)
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can create models.
+     *
+     * @param  \App\User  $user
+     * @return mixed
+     */
+    public function create(User $user)
+    {
+        return $user->can('appointments.schedule');
+    }
+
+    /**
+     * Determine whether the user can update the model.
+     *
+     * @param  \App\User  $user
+     * @param  \App\Appointment  $appointment
+     * @return mixed
+     */
+    public function update(User $user, Appointment $appointment)
+    {
+        return $user->can('appointments.schedule.edit');
+    }
+
+    /**
+     * Determine whether the user can delete the model.
+     *
+     * @param  \App\User  $user
+     * @param  \App\Appointment  $appointment
+     * @return mixed
+     */
+    public function delete(User $user, Appointment $appointment)
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can restore the model.
+     *
+     * @param  \App\User  $user
+     * @param  \App\Appointment  $appointment
+     * @return mixed
+     */
+    public function restore(User $user, Appointment $appointment)
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can permanently delete the model.
+     *
+     * @param  \App\User  $user
+     * @param  \App\Appointment  $appointment
+     * @return mixed
+     */
+    public function forceDelete(User $user, Appointment $appointment)
+    {
+        //
+    }
+}

app/Policies/BanPolicy.php

@@ -0,0 +1,94 @@
+<?php
+
+namespace App\Policies;
+
+use App\Ban;
+use App\User;
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+class BanPolicy
+{
+    use HandlesAuthorization;
+
+    /**
+     * Determine whether the user can view any models.
+     *
+     * @param  \App\User  $user
+     * @return mixed
+     */
+    public function viewAny(User $user)
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can view the model.
+     *
+     * @param  \App\User  $user
+     * @param  \App\Ban  $ban
+     * @return mixed
+     */
+    public function view(User $user, Ban $ban)
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can create models.
+     *
+     * @param  \App\User  $user
+     * @return mixed
+     */
+    public function create(User $user)
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can update the model.
+     *
+     * @param  \App\User  $user
+     * @param  \App\Ban  $ban
+     * @return mixed
+     */
+    public function update(User $user, Ban $ban)
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can delete the model.
+     *
+     * @param  \App\User  $user
+     * @param  \App\Ban  $ban
+     * @return mixed
+     */
+    public function delete(User $user, Ban $ban)
+    {
+        return $user->hasRole('admin');
+    }
+
+    /**
+     * Determine whether the user can restore the model.
+     *
+     * @param  \App\User  $user
+     * @param  \App\Ban  $ban
+     * @return mixed
+     */
+    public function restore(User $user, Ban $ban)
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can permanently delete the model.
+     *
+     * @param  \App\User  $user
+     * @param  \App\Ban  $ban
+     * @return mixed
+     */
+    public function forceDelete(User $user, Ban $ban)
+    {
+        //
+    }
+}

app/Policies/CommentPolicy.php

@@ -0,0 +1,99 @@
+<?php
+
+namespace App\Policies;
+
+use App\Comment;
+use App\User;
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+class CommentPolicy
+{
+    use HandlesAuthorization;
+
+    /**
+     * Determine whether the user can view any models.
+     *
+     * @param  \App\User  $user
+     * @return mixed
+     */
+    public function viewAny(User $user)
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can view the model.
+     *
+     * @param  \App\User  $user
+     * @param  \App\Comment  $comment
+     * @return mixed
+     */
+    public function view(User $user, Comment $comment)
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can create models.
+     *
+     * @param  \App\User  $user
+     * @return mixed
+     */
+    public function create(User $user)
+    {
+        return $user->isStaffMember();
+    }
+
+    /**
+     * Determine whether the user can update the model.
+     *
+     * @param  \App\User  $user
+     * @param  \App\Comment  $comment
+     * @return mixed
+     */
+    public function update(User $user, Comment $comment)
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can delete the model.
+     *
+     * @param  \App\User  $user
+     * @param  \App\Comment  $comment
+     * @return mixed
+     */
+    public function delete(User $user, Comment $comment)
+    {
+        if ($user->is($comment->user) || $user->hasRole('admin'))
+        {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * Determine whether the user can restore the model.
+     *
+     * @param  \App\User  $user
+     * @param  \App\Comment  $comment
+     * @return mixed
+     */
+    public function restore(User $user, Comment $comment)
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can permanently delete the model.
+     *
+     * @param  \App\User  $user
+     * @param  \App\Comment  $comment
+     * @return mixed
+     */
+    public function forceDelete(User $user, Comment $comment)
+    {
+        //
+    }
+}

app/Policies/FormPolicy.php

@@ -0,0 +1,98 @@
+<?php
+
+namespace App\Policies;
+
+use App\Form;
+use App\User;
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+class FormPolicy
+{
+    use HandlesAuthorization;
+
+    /**
+     * Determine whether the user can view any models.
+     *
+     * @param  \App\User  $user
+     * @return mixed
+     */
+    public function viewAny(User $user)
+    {
+        return $user->can('admin.hiring.forms');
+    }
+
+    /**
+     * Determine whether the user can view the model.
+     *
+     * @param  \App\User  $user
+     * @param  \App\Form  $form
+     * @return mixed
+     */
+    public function view(User $user, Form $form)
+    {
+        return $user->can('admin.hiring.forms');
+    }
+
+    public function viewFormbuilder(User $user)
+    {
+      return $user->can('admin.hiring.formbuilder');
+    }
+    /**
+     * Determine whether the user can create models.
+     *
+     * @param  \App\User  $user
+     * @return mixed
+     */
+    public function create(User $user)
+    {
+        return $this->user->can('admin.hiring.forms');
+    }
+
+    /**
+     * Determine whether the user can update the model.
+     *
+     * @param  \App\User  $user
+     * @param  \App\Form  $form
+     * @return mixed
+     */
+    public function update(User $user, Form $form)
+    {
+        // unused
+    }
+
+    /**
+     * Determine whether the user can delete the model.
+     *
+     * @param  \App\User  $user
+     * @param  \App\Form  $form
+     * @return mixed
+     */
+    public function delete(User $user, Form $form)
+    {
+        return $this->user->can('admin.hiring.forms');
+    }
+
+    /**
+     * Determine whether the user can restore the model.
+     *
+     * @param  \App\User  $user
+     * @param  \App\Form  $form
+     * @return mixed
+     */
+    public function restore(User $user, Form $form)
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can permanently delete the model.
+     *
+     * @param  \App\User  $user
+     * @param  \App\Form  $form
+     * @return mixed
+     */
+    public function forceDelete(User $user, Form $form)
+    {
+        //
+    }
+}

app/Policies/VacancyPolicy.php

@@ -0,0 +1,94 @@
+<?php
+
+namespace App\Policies;
+
+use App\User;
+use App\Vacancy;
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+class VacancyPolicy
+{
+    use HandlesAuthorization;
+    // TODO: Switch to permissions (there are no specific permissions yet)
+    /**
+     * Determine whether the user can view any models.
+     *
+     * @param  \App\User  $user
+     * @return mixed
+     */
+    public function viewAny(User $user)
+    {
+        return $user->hasAnyRole('admin', 'hiringManager');
+    }
+
+    /**
+     * Determine whether the user can view the model.
+     *
+     * @param  \App\User  $user
+     * @param  \App\Vacancy  $vacancy
+     * @return mixed
+     */
+    public function view(User $user, Vacancy $vacancy)
+    {
+        // unused
+    }
+
+    /**
+     * Determine whether the user can create models.
+     *
+     * @param  \App\User  $user
+     * @return mixed
+     */
+    public function create(User $user)
+    {
+        return $user->hasAnyRole('admin', 'hiringManager');
+    }
+
+    /**
+     * Determine whether the user can update the model.
+     *
+     * @param  \App\User  $user
+     * @param  \App\Vacancy  $vacancy
+     * @return mixed
+     */
+    public function update(User $user, Vacancy $vacancy)
+    {
+        return $user->hasRole('admin', 'hiringManager');
+    }
+
+    /**
+     * Determine whether the user can delete the model.
+     *
+     * @param  \App\User  $user
+     * @param  \App\Vacancy  $vacancy
+     * @return mixed
+     */
+    public function delete(User $user, Vacancy $vacancy)
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can restore the model.
+     *
+     * @param  \App\User  $user
+     * @param  \App\Vacancy  $vacancy
+     * @return mixed
+     */
+    public function restore(User $user, Vacancy $vacancy)
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can permanently delete the model.
+     *
+     * @param  \App\User  $user
+     * @param  \App\Vacancy  $vacancy
+     * @return mixed
+     */
+    public function forceDelete(User $user, Vacancy $vacancy)
+    {
+        //
+    }
+}

app/Policies/VotePolicy.php

@@ -0,0 +1,94 @@
+<?php
+
+namespace App\Policies;
+
+use App\User;
+use App\Vote;
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+class VotePolicy
+{
+    use HandlesAuthorization;
+
+    /**
+     * Determine whether the user can view any models.
+     *
+     * @param  \App\User  $user
+     * @return mixed
+     */
+    public function viewAny(User $user)
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can view the model.
+     *
+     * @param  \App\User  $user
+     * @param  \App\Vote  $vote
+     * @return mixed
+     */
+    public function view(User $user, Vote $vote)
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can create models.
+     *
+     * @param  \App\User  $user
+     * @return mixed
+     */
+    public function create(User $user)
+    {
+        return $user->can('applications.vote');
+    }
+
+    /**
+     * Determine whether the user can update the model.
+     *
+     * @param  \App\User  $user
+     * @param  \App\Vote  $vote
+     * @return mixed
+     */
+    public function update(User $user, Vote $vote)
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can delete the model.
+     *
+     * @param  \App\User  $user
+     * @param  \App\Vote  $vote
+     * @return mixed
+     */
+    public function delete(User $user, Vote $vote)
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can restore the model.
+     *
+     * @param  \App\User  $user
+     * @param  \App\Vote  $vote
+     * @return mixed
+     */
+    public function restore(User $user, Vote $vote)
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can permanently delete the model.
+     *
+     * @param  \App\User  $user
+     * @param  \App\Vote  $vote
+     * @return mixed
+     */
+    public function forceDelete(User $user, Vote $vote)
+    {
+        //
+    }
+}

app/Providers/AuthServiceProvider.php

@@ -2,10 +2,22 @@
 
 namespace App\Providers;
 
+use App\Http\Controllers\BanController;
+use App\Http\Controllers\VoteController;
 use App\Http\Controllers\ProfileController;
+use App\Http\Controllers\AppointmentController;
 use App\Policies\ProfilePolicy;
+use App\Policies\VacancyPolicy;
 use App\Policies\UserPolicy;
+use App\Policies\FormPolicy;
+use App\Policies\ApplicationPolicy;
 use App\User;
+use App\Form;
+use App\Vote;
+use App\Vacancy;
+use App\Application;
+use App\Appointment;
+use App\Ban;
 use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
 use Illuminate\Support\Facades\Gate;
 
@@ -18,9 +30,15 @@ class AuthServiceProvider extends ServiceProvider
      */
     protected $policies = [
         // 'App\Model' => 'App\Policies\ModelPolicy',
-        'App\Application' => 'App\Policies\ApplicationPolicy',
+        Application::class => ApplicationPolicy::class,
-        ProfileController::class => ProfilePolicy::class,
+        Profile::class => ProfilePolicy::class,
-        User::class => UserPolicy::class
+        User::class => UserPolicy::class,
+        Vacancy::class => VacancyPolicy::class,
+        //Form::class => FormPolicy::class
+        'App\Form' => 'App\Policies\FormPolicy',
+        Vote::class => VoteController::class,
+        Ban::class => BanController::class,
+        Appointment::class => AppointmentController::class
     ];
 
     /**
@@ -31,7 +49,6 @@ class AuthServiceProvider extends ServiceProvider
     public function boot()
     {
         $this->registerPolicies();
-
         //
     }
 }

config/adminlte.php

@@ -213,6 +213,12 @@ return [
           'icon' => 'fas fa-home',
           'url' => 'dashboard'
         ],
+        [
+          'text' => 'Directory',
+          'icon' => 'fas fa-users',
+          'url' => 'users/directory',
+          'can' => 'profiles.view.others'
+        ],
         [
             'header' => 'Applications',
             'can' => 'applications.view.own'

public/css/directory.css

@@ -0,0 +1,3 @@
+.links nav  {
+  display: inline-block;
+}

resources/views/dashboard/administration/players.blade.php

@@ -63,7 +63,7 @@ I
                     <form name="search" method="POST" action="{{route('searchRegisteredPLayerList')}}">
                         @csrf
                         <div class="input-group">
-                            <input type="text" name="searchTerm" class="form-control" placeholder="Username/email search">
+                            <input type="text" name="searchTerm" class="form-control" placeholder="Full/partial email search">
                             <span class="input-group-btn">
                                 <button class="btn btn-default" type="submit">
                                     <i class="fa fa-search"></i>
@@ -116,6 +116,7 @@ I
                           <th>#</th>
                           <th>IGN</th>
                           <th>UUID</th>
+                          <th>Email</th>
                           <th>Status</th>
                           <th>Registration Date</th>
                           <th>Actions</th>
@@ -130,6 +131,7 @@ I
                                 <td>{{$user->id}}</td>
                                 <td>{{UUID::toUsername($user->uuid)}}</td>
                                 <td>{{$user->uuid}}</td>
+                                <td>{{ $user->email }}</td>
                                 <td>
                                     @if ($user->isBanned())
                                         <span class="badge badge-danger"><i class="fa fa-ban"></i> Banned</span>

resources/views/dashboard/administration/staff-members.blade.php

@@ -49,6 +49,7 @@
                           <th>Full Name</th>
                           <th>UUID</th>
                           <th>Rank</th>
+                          <th>Email</th>
                           <th>Status</th>
                           <th>Join Date</th>
                           <th>Actions</th>
@@ -60,7 +61,7 @@
                       @foreach($users as $user)
 
                         <tr>
-                            <td>1</td>
+                            <td>{{ $user->id }}</td>
                             <td>{{$user->name}}</td>
                             <td>{{UUID::toUsername($user->uuid)}}</td>
                             <td>
@@ -68,11 +69,11 @@
                                     <span class="badge badge-info badge-sm">{{$role->name}}</span>
                                 @endforeach
                             </td>
+                            <td>{{ $user->email }}</td>
                             <td><span class="badge badge-success">Active</span></td>
                             <td>{{$user->created_at}}</td>
                             <td>
                                 <button type="button" class="btn btn-sm btn-success mr-2" onclick="window.location.href='{{route('showSingleProfile', ['user' => $user->id])}}'"><i class="fa fa-eye"></i></button>
-                                <button type="button" class="btn btn-sm btn-warning mr-2"><i class="fas fa-pencil-alt"></i></button>
                             </td>
                         </tr>
 

resources/views/dashboard/user/directory.blade.php

@@ -0,0 +1,107 @@
+@extends('adminlte::page')
+
+@section('title', 'Raspberry Network | User Directory')
+
+@section('content_header')
+
+    <h4>Users / Directory</h4>
+
+@stop
+
+@section('js')
+    <script src="/js/app.js"></script>
+    <x-global-errors></x-global-errors>
+@stop
+
+@section('css')
+
+  <link rel="stylesheet" href="/css/directory.css" />
+
+@stop
+
+
+@section('content')
+
+  @if (Auth::user()->can('profiles.view.others'))
+
+
+      <div class="row">
+
+        @foreach ($users as $user)
+              <div class="col-md-4">
+                  <!-- Widget: user widget style 1 -->
+                  <div class="card card-widget widget-user">
+                    <div class="widget-user-header bg-secondary">
+                        <h3 class="widget-user-username">{{ $user->name }}</h3>
+                      <h5 class="widget-user-desc">{{ $user->profile->profileShortBio }}</h5>
+                    </div>
+                    <div class="widget-user-image">
+                      @if($user->profile->avatarPreference == 'gravatar')
+                          <img class="profile-user-img elevation-2 img-fluid img-circle" src="https://gravatar.com/avatar/{{md5($user->email)}}" alt="User profile picture">
+                      @else
+                          <img class="profile-user-img elevation-2 img-fluid img-circle" src="https://crafatar.com/avatars/{{$user->uuid}}" alt="User profile picture">
+                      @endif
+                    </div>
+                    <div class="card-footer text-center">
+
+                      @if (Auth::user()->is($user))
+
+                        <div class="user-indicator mb-2">
+
+                            <span class="badge badge-success">It's you!</span>
+
+                        </div>
+
+                      @endif
+
+                      <div class="roles mb-2">
+
+                        @foreach ($user->roles as $role)
+
+                            <span class="badge badge-secondary mr-2">{{ucfirst($role->name)}}</span>
+
+                        @endforeach
+
+                      </div>
+
+                        <button type="button" class="btn btn-sm btn-primary" onclick="window.location.href='{{ route('showSingleProfile', ['user' => $user->id]) }}'"><i class="fa fa-eye"></i> Profile</button>
+
+                    </div>
+                  </div>
+                  <!-- /.widget-user -->
+                </div>
+        @endforeach
+
+      </div>
+
+      <div clsas="row mt-4">
+
+        <div class="col">
+
+            <div class="card">
+
+                <div class="card-body text-center">
+
+                    <div class="links">
+                      {{ $users->links() }}
+                    </div>
+
+                </div>
+
+            </div>
+
+        </div>
+
+      </div>
+
+  @else
+      <div class="alert alert-danger">
+
+        <p>
+          You do not have permission to view this page.
+        </p>
+
+      </div>
+  @endif
+
+@stop

resources/views/dashboard/user/profile/displayprofile.blade.php

@@ -4,7 +4,7 @@
 
 @section('content_header')
 
-    <h4>Profile</h4>
+    <h4>Users / Profile / {{ $profile->user->name }}</h4>
 
 @stop
 

routes/web.php

@@ -31,6 +31,9 @@ Route::group(['middleware' => ['auth', 'forcelogout']], function(){
         ->name('dashboard')
         ->middleware('eligibility');
 
+    Route::get('users/directory', 'ProfileController@index')
+          ->name('directory');
+
     Route::group(['prefix' => '/applications'], function (){
 
         Route::get('/my-applications', 'ApplicationController@showUserApps')