This commit fixes some superficial instances of Broken Access Control
(https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control).
There may be some more instances of this, as authorization was only done
after most of the controllers were done (big mistake).
Some refactoring was also performed, where Route Model Binding with DI
(dependency injection) was used whenever possible, to increase
testability of the codebase.
Some reused code was also moved to Helper classes as to enforce DRY;
There may be some lines of code that are still copy-pasted from other
parts of the codebase for reuse.
Non-breaking refactoring changes were made, but the app as a whole still
needs full manual testing, and customised responses to HTTP 500
responses. Some errors are also not handled gracefully and this wasn't
checked in this commit.
This commit fixes the appointment policy being called at the wrong time, with the wrong arguments.
It also fixes wrong references on the auth service provider, also fixing other issues with poliy usage.
Fixes#3 and SPACEJEWEL-HOSTING-59.
This commit adds the ability to edit and modify existing forms.
On the technical side, it also adds a new reusable validation Facade which helps reduce duplicated code.
Remove process args
Silence npm WARN output (when applicable)
Compat for npm in different directories
Reverse npm silence
Replace Symfony Process
Remove Symfony Process refs
Add forgotten output for commands
Removed colons that artisan already added
Remove optional parameters in install cmd
Simplify settings save call
Further simplify settings save call
This commit finally adds the dynamically rendered form that changes according to how the user builds their form.
It also fragments the header and footer for the main page into their own separate files for ease of access later.
Vacancy status has also been added to the Vacancies in DB.
All staff application endpoints have also been moved to under the user application endpoints group, for ease of use (duplicated route group).
Tooltips also added, as well as a general configuration file for Mojang Status URL.
Relationships were also added between forms and Vacancies.
Status verification for the dashboard was moved to a Service Provider, where it adds log entries when cache expires.
Authentication controllers were also updated to reflect the new dashboard URL.
This commit also improves how forms are parsed by PHP by passing them as arrays, therefore making them easier to process.
Note: One of the files contains a debug statement that will be removed in the next commit
This commit also includes Chart.js for the whole project using Webpack. It also updates NPM packages to support ChartJS, and suppresses locale.js warnings from Webpack builds.
Gitignore removes the webpack bundle file since that file should be built each time dependencies/js code are modified.
This commit makes optional registration parameters optional; They should only be filled in after the user has submitted an application. The application will crash during registration without these parameters being optional, and adding them to the form would be illogical.