miguel456
/
rbrecruiter
1
0
Fork 1
Code Issues Pull Requests 1 Projects Releases 2 Wiki Activity

WIP: Road to 1.0.0 #1

Draft
miguel456 wants to merge 123 commits from develop into master
pull from: develop
merge into: miguel456:master
Conversation 1 Commits 123 Files Changed 586 +90 -21
5 changed files with 90 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 7323ffec2b - Show all commits

36
app/Http/Controllers/TeamController.php
View File

@ -44,22 +44,14 @@ class TeamController extends Controller
*/ */
public function index() public function index()
{ {
$this->authorize('index');
$teams = Team::with('users.roles')->get(); $teams = Team::with('users.roles')->get();
return view('dashboard.teams.teams') return view('dashboard.teams.teams')
->with('teams', $teams); ->with('teams', $teams);
} }
/**
* Show the form for creating a new resource.
*
* @return \Illuminate\Http\Response
*/
public function create()
{
//
}
/** /**
* Store a newly created resource in storage. * Store a newly created resource in storage.
* *
@ -68,6 +60,8 @@ class TeamController extends Controller
*/ */
public function store(NewTeamRequest $request) public function store(NewTeamRequest $request)
{ {
$this->authorize('create');
$team = Team::create([ $team = Team::create([
'name' => $request->teamName, 'name' => $request->teamName,
'owner_id' => Auth::user()->id, 'owner_id' => Auth::user()->id,
@ -80,17 +74,6 @@ class TeamController extends Controller
return redirect()->back(); return redirect()->back();
} }
/**
* Display the specified resource.
*
* @param int $id
* @return \Illuminate\Http\Response
*/
public function show($id)
{
//
}
/** /**
* Show the form for editing the specified resource. * Show the form for editing the specified resource.
* *
@ -99,6 +82,8 @@ class TeamController extends Controller
*/ */
public function edit(Team $team) public function edit(Team $team)
{ {
$this->authorize('update', $team);
return view('dashboard.teams.edit-team') return view('dashboard.teams.edit-team')
->with('team', $team) ->with('team', $team)
->with('users', User::all()) ->with('users', User::all())
@ -114,6 +99,9 @@ class TeamController extends Controller
*/ */
public function update(EditTeamRequest $request, Team $team) public function update(EditTeamRequest $request, Team $team)
{ {
$this->authorize('update', $team);
$team->description = $request->teamDescription; $team->description = $request->teamDescription;
$team->openJoin = $request->joinType; $team->openJoin = $request->joinType;
@ -137,6 +125,8 @@ class TeamController extends Controller
public function invite(SendInviteRequest $request, Team $team) public function invite(SendInviteRequest $request, Team $team)
{ {
$this->authorize('invite', $team);
$user = User::findOrFail($request->user); $user = User::findOrFail($request->user);
if (! $team->openJoin) { if (! $team->openJoin) {
@ -196,6 +186,8 @@ class TeamController extends Controller
public function switchTeam(Request $request, Team $team) public function switchTeam(Request $request, Team $team)
{ {
$this->authorize('switchTeam', $team);
try { try {
Auth::user()->switchTeam($team); Auth::user()->switchTeam($team);
@ -210,6 +202,8 @@ class TeamController extends Controller
// Since it's a separate form, we shouldn't use the same update method // Since it's a separate form, we shouldn't use the same update method
public function assignVacancies(Request $request, Team $team) public function assignVacancies(Request $request, Team $team)
{ {
$this->authorize('update', $team);
// P.S. To future developers // P.S. To future developers
// This method gave me a lot of trouble lol. It's hard to write code when you're half asleep. // This method gave me a lot of trouble lol. It's hard to write code when you're half asleep.
// There may be an n+1 query in the view and I don't think there's a way to avoid that without writing a lot of extra code. // There may be an n+1 query in the view and I don't think there's a way to avoid that without writing a lot of extra code.

56
app/Policies/TeamPolicy.php Normal file
View File

@ -0,0 +1,56 @@
<?php
namespace App\Policies;
use App\Team;
use App\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class TeamPolicy
{
use HandlesAuthorization;
/**
* Create a new policy instance.
*
* @return void
*/
public function __construct()
{
//
}
public function index(User $user)
{
return $user->hasPermissionTo('teams.view');
}
public function create(User $user)
{
return $user->hasPermissionTo('teams.create');
}
public function update(User $user, Team $team)
{
// Team owners can update their team regardless of perm.
// This perm would let admins change all teams
return $user->isOwnerOfTeam($team) || $user->hasPermissionTo('teams.update');
}
public function invite(User $user, Team $team)
{
if (!$team->openJoin && $user->isOwnerOfTeam($team) || !$team->openJoin && $user->hasPermissionTo('teams.invite'))
{
return true;
}
return false;
}
public function switchTeam(User $user, Team $team): bool
{
// is the user in the team they're trying to switch to?
return $user->hasTeam($team);
}
}

3
app/Providers/AuthServiceProvider.php
View File

@ -30,9 +30,11 @@ use App\Policies\AppointmentPolicy;
use App\Policies\BanPolicy; use App\Policies\BanPolicy;
use App\Policies\FormPolicy; use App\Policies\FormPolicy;
use App\Policies\ProfilePolicy; use App\Policies\ProfilePolicy;
use App\Policies\TeamPolicy;
use App\Policies\UserPolicy; use App\Policies\UserPolicy;
use App\Policies\VacancyPolicy; use App\Policies\VacancyPolicy;
use App\Policies\VotePolicy; use App\Policies\VotePolicy;
use App\Team;
use App\User; use App\User;
use App\Vacancy; use App\Vacancy;
use App\Vote; use App\Vote;
@ -56,6 +58,7 @@ class AuthServiceProvider extends ServiceProvider
Vote::class => VotePolicy::class, Vote::class => VotePolicy::class,
Ban::class => BanPolicy::class, Ban::class => BanPolicy::class,
Appointment::class => AppointmentPolicy::class, Appointment::class => AppointmentPolicy::class,
Team::class => TeamPolicy::class
]; ];
/** /**

15
app/User.php
View File

@ -109,6 +109,21 @@ class User extends Authenticatable implements MustVerifyEmail
return ! is_null($this->twofa_secret); return ! is_null($this->twofa_secret);
} }
public function hasTeam($team): bool
{
if ($team instanceof Team || is_int($team))
{
return $this->teams->contains($team);
}
else
{
/**
* In PHP 8, we can just use union types and let PHP enforce this for us.
*/
throw new \InvalidArgumentException('Please pass either a Team object or an integer identifying a Team.');
}
}
public function routeNotificationForSlack($notification) public function routeNotificationForSlack($notification)
{ {
return config('slack.webhook.integrationURL'); return config('slack.webhook.integrationURL');

1
routes/web.php
View File

@ -35,6 +35,7 @@ use App\Http\Controllers\TeamFileController;
use App\Http\Controllers\UserController; use App\Http\Controllers\UserController;
use App\Http\Controllers\VacancyController; use App\Http\Controllers\VacancyController;
use App\Http\Controllers\VoteController; use App\Http\Controllers\VoteController;
use App\Http\Controllers\OptionsController;
use Illuminate\Support\Facades\Route; use Illuminate\Support\Facades\Route;
use Mcamara\LaravelLocalization\Facades\LaravelLocalization; use Mcamara\LaravelLocalization\Facades\LaravelLocalization;