From 535a2c39738a39971e872812243205cda3b548ce Mon Sep 17 00:00:00 2001 From: Miguel Nogueira Date: Thu, 13 Aug 2020 22:12:17 +0100 Subject: [PATCH] Fixed broken banning logic --- app/Http/Controllers/BanController.php | 18 ++++++++------ app/Policies/AppointmentPolicy.php | 24 +++++++++---------- app/Policies/BanPolicy.php | 10 +++++++- .../user/profile/displayprofile.blade.php | 6 ++--- 4 files changed, 35 insertions(+), 23 deletions(-) diff --git a/app/Http/Controllers/BanController.php b/app/Http/Controllers/BanController.php index e9aefd1..cfc8443 100644 --- a/app/Http/Controllers/BanController.php +++ b/app/Http/Controllers/BanController.php @@ -24,34 +24,38 @@ class BanController extends Controller $duration = strtolower($request->durationOperator); $durationOperand = $request->durationOperand; + $expiryDate = now(); if (!empty($duration)) { - $expiryDate = now(); - switch($duration) { case 'days': - $expiryDate->addDays($duration); + $expiryDate->addDays($durationOperand); break; case 'weeks': - $expiryDate->addWeeks($duration); + $expiryDate->addWeeks($durationOperand); break; case 'months': - $expiryDate->addMonths($duration); + $expiryDate->addMonths($durationOperand); break; case 'years': - $expiryDate->addYears($duration); + $expiryDate->addYears($durationOperand); break; } } + else + { + // Essentially permanent + $expiryDate->addYears(100); + } $ban = Ban::create([ 'userID' => $user->id, - 'reason' => $request->reason, + 'reason' => $reason, 'bannedUntil' => $expiryDate->toDateTimeString() ?? null, 'userAgent' => "Unknown", 'authorUserID' => Auth::user()->id diff --git a/app/Policies/AppointmentPolicy.php b/app/Policies/AppointmentPolicy.php index fc5636b..e541e4c 100644 --- a/app/Policies/AppointmentPolicy.php +++ b/app/Policies/AppointmentPolicy.php @@ -13,7 +13,7 @@ class AppointmentPolicy /** * Determine whether the user can view any models. * - * @param \App\User $user + * @param User $user * @return mixed */ public function viewAny(User $user) @@ -24,8 +24,8 @@ class AppointmentPolicy /** * Determine whether the user can view the model. * - * @param \App\User $user - * @param \App\Appointment $appointment + * @param User $user + * @param Appointment $appointment * @return mixed */ public function view(User $user, Appointment $appointment) @@ -36,7 +36,7 @@ class AppointmentPolicy /** * Determine whether the user can create models. * - * @param \App\User $user + * @param User $user * @return mixed */ public function create(User $user) @@ -47,8 +47,8 @@ class AppointmentPolicy /** * Determine whether the user can update the model. * - * @param \App\User $user - * @param \App\Appointment $appointment + * @param User $user + * @param Appointment $appointment * @return mixed */ public function update(User $user, Appointment $appointment) @@ -59,8 +59,8 @@ class AppointmentPolicy /** * Determine whether the user can delete the model. * - * @param \App\User $user - * @param \App\Appointment $appointment + * @param User $user + * @param Appointment $appointment * @return mixed */ public function delete(User $user, Appointment $appointment) @@ -71,8 +71,8 @@ class AppointmentPolicy /** * Determine whether the user can restore the model. * - * @param \App\User $user - * @param \App\Appointment $appointment + * @param User $user + * @param Appointment $appointment * @return mixed */ public function restore(User $user, Appointment $appointment) @@ -83,8 +83,8 @@ class AppointmentPolicy /** * Determine whether the user can permanently delete the model. * - * @param \App\User $user - * @param \App\Appointment $appointment + * @param User $user + * @param Appointment $appointment * @return mixed */ public function forceDelete(User $user, Appointment $appointment) diff --git a/app/Policies/BanPolicy.php b/app/Policies/BanPolicy.php index 962cad2..12b893e 100644 --- a/app/Policies/BanPolicy.php +++ b/app/Policies/BanPolicy.php @@ -5,6 +5,8 @@ namespace App\Policies; use App\Ban; use App\User; use Illuminate\Auth\Access\HandlesAuthorization; +use Illuminate\Support\Facades\Auth; +use Illuminate\Support\Facades\Log; class BanPolicy { @@ -41,7 +43,13 @@ class BanPolicy */ public function create(User $user) { - return $user->hasRole('admin') && $user->isNot(Auth::user()); + Log::debug("Authorization check started", [ + 'requiredRoles' => 'admin', + 'currentRoles' => $user->roles(), + 'hasRequiredRole' => $user->hasRole('admin'), + 'isCurrentUser' => Auth::user()->is($user) + ]); + return $user->hasRole('admin') && Auth::user()->isNot($user); } /** diff --git a/resources/views/dashboard/user/profile/displayprofile.blade.php b/resources/views/dashboard/user/profile/displayprofile.blade.php index b39638b..0d0711a 100644 --- a/resources/views/dashboard/user/profile/displayprofile.blade.php +++ b/resources/views/dashboard/user/profile/displayprofile.blade.php @@ -44,10 +44,10 @@ @csrf - +
- +
@@ -61,7 +61,7 @@

Leave empty for a permanent ban

- +