diff --git a/app/Http/Controllers/ApplicationController.php b/app/Http/Controllers/ApplicationController.php index 15d08c0..aaa5dc3 100644 --- a/app/Http/Controllers/ApplicationController.php +++ b/app/Http/Controllers/ApplicationController.php @@ -282,4 +282,16 @@ class ApplicationController extends Controller return redirect()->back(); } + + public function delete(Request $request, Application $application) + { + + $this->authorize('delete', $application); + $application->delete(); // observers will run, cleaning it up + + $request->session()->flash('success', 'Application deleted. Comments, appointments and responses have also been deleted.'); + return redirect()->back(); + + } + } diff --git a/app/Http/Controllers/VacancyController.php b/app/Http/Controllers/VacancyController.php index 7700b58..3674d9c 100644 --- a/app/Http/Controllers/VacancyController.php +++ b/app/Http/Controllers/VacancyController.php @@ -114,6 +114,7 @@ class VacancyController extends Controller public function edit(Request $request, Vacancy $position) { + $this->authorize('update', $vacancy); return view('dashboard.administration.editposition') ->with('vacancy', $position); } @@ -122,6 +123,7 @@ class VacancyController extends Controller public function update(VacancyEditRequest $request, Vacancy $position) { + $this->authorize('update', $vacancy); $position->vacancyFullDescription = $request->vacancyFullDescription; $position->vacancyDescription = $request->vacancyDescription; diff --git a/app/Observers/ApplicationObserver.php b/app/Observers/ApplicationObserver.php new file mode 100644 index 0000000..18d39f3 --- /dev/null +++ b/app/Observers/ApplicationObserver.php @@ -0,0 +1,93 @@ +response()->delete(); + $votes = $application->votes; + + foreach ($votes as $vote) + { + Log::debug('Referential integrity cleanup: Deleting and detaching vote ' . $vote->id); + $vote->application()->detach($application->id); + $vote->delete(); + } + + if (!is_null($application->appointment)) + { + Log::debug('RIC: Deleting appointment!'); + $application->appointment()->delete(); + } + + if (!$application->comments->isEmpty()) + { + Log::debug('RIC: Deleting comments!'); + foreach($application->comments as $comment) + { + $comment->delete(); + } + } + + // application can now be deleted + } + + /** + * Handle the application "deleted" event. + * + * @param \App\Application $application + * @return void + */ + public function deleted(Application $application) + { + // + } + + /** + * Handle the application "restored" event. + * + * @param \App\Application $application + * @return void + */ + public function restored(Application $application) + { + // + } + + /** + * Handle the application "force deleted" event. + * + * @param \App\Application $application + * @return void + */ + public function forceDeleted(Application $application) + { + // + } +} diff --git a/app/Observers/UserObserver.php b/app/Observers/UserObserver.php index d405ab5..38f7660 100644 --- a/app/Observers/UserObserver.php +++ b/app/Observers/UserObserver.php @@ -48,30 +48,7 @@ class UserObserver Log::debug('RIC: Now trying to delete applications and responses...'); foreach($applications as $application) { - $application->response()->delete(); - $votes = $application->votes; - - foreach ($votes as $vote) - { - Log::debug('RIC: Deleting and detaching vote ' . $vote->id); - $vote->application()->detach($application->id); - $vote->delete(); - } - - if (!is_null($application->appointment)) - { - Log::debug('RIC: Deleting appointment!'); - $application->appointment()->delete(); - } - - if (!$application->comments->isEmpty()) - { - Log::debug('RIC: Deleting comments!'); - foreach($application->comments as $comment) - { - $comment->delete(); - } - } + // code moved to Application observer, where it gets rid of attached elements individually Log::debug('RIC: Deleting application ' . $application->id); $application->delete(); diff --git a/app/Policies/ApplicationPolicy.php b/app/Policies/ApplicationPolicy.php index 8a771ea..07edbca 100644 --- a/app/Policies/ApplicationPolicy.php +++ b/app/Policies/ApplicationPolicy.php @@ -45,4 +45,11 @@ class ApplicationPolicy { return $user->hasAnyRole('admin', 'hiringManager'); } + + public function delete(User $user, Application $application) + { + + return $user->hasRole('admin'); + + } } diff --git a/app/View/Components/NoPermission.php b/app/View/Components/NoPermission.php new file mode 100644 index 0000000..6da51a1 --- /dev/null +++ b/app/View/Components/NoPermission.php @@ -0,0 +1,33 @@ +type = $type; + + $this->inDashboard = $inDashboard; + } + + /** + * Get the view / contents that represent the component. + * + * @return \Illuminate\View\View|string + */ + public function render() + { + return view('components.no-permission'); + } +} diff --git a/public/img/403.svg b/public/img/403.svg new file mode 100644 index 0000000..9c6a1b5 --- /dev/null +++ b/public/img/403.svg @@ -0,0 +1 @@ +access_denied \ No newline at end of file diff --git a/resources/views/components/no-permission.blade.php b/resources/views/components/no-permission.blade.php new file mode 100644 index 0000000..7695e4d --- /dev/null +++ b/resources/views/components/no-permission.blade.php @@ -0,0 +1,74 @@ +@if ($inDashboard) +
+ +
+ + + Access denied + + +
+ +
+ +
+ +
+ +
+

Access Denied

+

+ We're sorry, but you do not have permission to access this web page. +

+

+ Please contact your administrator if you believe this was in error. +

+
+ +
+
+ +@else + @extends('adminlte::page') + + @section('title', 'Raspberry Network | Access Denied') + + @section('content_header') +

Access Denied - HTTP 403

+ @stop + + @section('content') +
+ +
+ + + Access denied + + +
+ +
+ +
+
+ +
+

Access Denied

+

+ @if (isset($slot)) + {{ $slot }} + @endif +

+

+ We're sorry, but you do not have permission to access this web page. +

+

+ Please contact your administrator if you believe this was in error. +

+
+ +
+
+ @stop +@endif diff --git a/resources/views/dashboard/administration/positions.blade.php b/resources/views/dashboard/administration/positions.blade.php index 008d699..d707de4 100644 --- a/resources/views/dashboard/administration/positions.blade.php +++ b/resources/views/dashboard/administration/positions.blade.php @@ -4,7 +4,11 @@ @section('content_header') -

Administration / Open Positions

+ @if (Auth::user()->hasAnyRole('admin', 'hiringManager')) +

Administration / Open Positions

+ @else +

Application Access Denied

+ @endif @stop @@ -33,7 +37,7 @@ @stop @section('content') - + @if (Auth::user()->hasAnyRole('admin', 'hiringManager')) - + @else + + @endif @stop diff --git a/resources/views/dashboard/appmanagement/all.blade.php b/resources/views/dashboard/appmanagement/all.blade.php index cc2196f..5bc93d5 100644 --- a/resources/views/dashboard/appmanagement/all.blade.php +++ b/resources/views/dashboard/appmanagement/all.blade.php @@ -11,12 +11,37 @@ @section('js') + @stop @section('content') + @foreach($applications as $application) + + + +

Really delete this?

+

+ This action is IRREVERSBILE. +

+

Comments, appointments and any votes attached to this application WILL be deleted too. Please make sure this application really needs to be deleted.

+ + + + + @csrf + @method('DELETE') + + + + + + + + + @endforeach
@@ -167,6 +192,7 @@ {{ $application->created_at }} + diff --git a/routes/web.php b/routes/web.php index 271e0a2..d3e88cc 100644 --- a/routes/web.php +++ b/routes/web.php @@ -57,6 +57,9 @@ Route::group(['middleware' => ['auth', 'forcelogout']], function(){ Route::patch('/update/{id}/{newStatus}', 'ApplicationController@updateApplicationStatus') ->name('updateApplicationStatus'); + Route::delete('{application}/delete', 'ApplicationController@delete') + ->name('deleteApplication'); + Route::get('/staff/all', 'ApplicationController@showAllApps') ->name('allApplications');