diff --git a/device-app/app/Http/Controllers/DeviceController.php b/device-app/app/Http/Controllers/DeviceController.php
index 19a1a84..c99b7a0 100644
--- a/device-app/app/Http/Controllers/DeviceController.php
+++ b/device-app/app/Http/Controllers/DeviceController.php
@@ -5,10 +5,12 @@
use App\Models\Device;
use Illuminate\Http\Request;
use Illuminate\Validation\Rule;
+use Illuminate\Support\Facades\Gate;
+use Illuminate\Http\RedirectResponse;
class DeviceController extends Controller
{
- //
+
public function index()
{
return view('devices.index', [
@@ -16,11 +18,15 @@ public function index()
]);
}
- public function create(){
+ public function create()
+ {
+ $this->authorize('admin-only');
return view('devices.create');
}
- public function store(Request $request){
+ public function store(Request $request)
+ {
+ $this->authorize('admin-only');
$formFields = $request->validate([
'title' => 'required',
'device_type' => 'required',
@@ -36,11 +42,15 @@ public function store(Request $request){
return redirect('/devices');
}
- public function edit(Device $device) {
+ public function edit(Device $device)
+ {
+ $this->authorize('admin-only');
return view('devices.edit', ['device' => $device]);
}
- public function update(Device $device, Request $request){
+ public function update(Device $device, Request $request)
+ {
+ $this->authorize('admin-only');
$formFields = $request->validate([
'title' => 'required',
'device_type' => 'required',
@@ -56,7 +66,9 @@ public function update(Device $device, Request $request){
return back();
}
- public function destroy(Device $device){
+ public function destroy(Device $device): RedirectResponse
+ {
+ $this->authorize('admin-only');
$device->delete();
return redirect('devices');
}
diff --git a/device-app/app/Http/Controllers/LocationTransactionController.php b/device-app/app/Http/Controllers/LocationTransactionController.php
index b40be93..25e1af0 100644
--- a/device-app/app/Http/Controllers/LocationTransactionController.php
+++ b/device-app/app/Http/Controllers/LocationTransactionController.php
@@ -28,11 +28,13 @@ public function store(Device $device, Request $request)
public function edit(LocationTransaction $location)
{
+ $this->authorize('admin-only');
return view('locations.edit', ['location' => $location]);
}
public function update(LocationTransaction $location, Request $request)
{
+ $this->authorize('admin-only');
$formFields = $request->validate([
'room_code' => 'required',
'timestamp_located_since' => 'required'
@@ -45,6 +47,7 @@ public function update(LocationTransaction $location, Request $request)
public function destroy(LocationTransaction $location)
{
+ $this->authorize('admin-only');
$location->delete();
return back();
}
diff --git a/device-app/app/Http/Controllers/OwnerTransactionController.php b/device-app/app/Http/Controllers/OwnerTransactionController.php
index 60198fa..df7e20b 100644
--- a/device-app/app/Http/Controllers/OwnerTransactionController.php
+++ b/device-app/app/Http/Controllers/OwnerTransactionController.php
@@ -28,11 +28,13 @@ public function store(Device $device, Request $request)
public function edit(OwnerTransaction $owner)
{
+ $this->authorize('admin-only');
return view('owners.edit', ['owner' => $owner]);
}
public function update(OwnerTransaction $owner, Request $request)
{
+ $this->authorize('admin-only');
$formFields = $request->validate([
'rz_username' => 'required',
'timestamp_owner_since' => 'required'
@@ -45,6 +47,7 @@ public function update(OwnerTransaction $owner, Request $request)
public function destroy(OwnerTransaction $owner)
{
+ $this->authorize('admin-only');
$owner->delete();
return back();
}
diff --git a/device-app/app/Http/Controllers/PurchasingInformationController.php b/device-app/app/Http/Controllers/PurchasingInformationController.php
index 0602f3b..7c2945f 100644
--- a/device-app/app/Http/Controllers/PurchasingInformationController.php
+++ b/device-app/app/Http/Controllers/PurchasingInformationController.php
@@ -8,32 +8,16 @@
class PurchasingInformationController extends Controller
{
- public function create()
- {
- return view('purchasings.create');
- }
-
- public function store(Request $request)
- {
- $formFields = $request->validate([
- 'price' => 'required',
- 'timestamp_warranty_end' => 'required',
- 'timestamp_purchase' => 'required',
- 'cost_centre' => 'required',
- ]);
-
- PurchasingInformation::create($formFields);
-
- return redirect('/');
- }
public function edit(Device $device)
{
+ $this->authorize('admin-only');
return view('purchasings.edit', ['purchasing' => $device->purchasing]);
}
public function update(Device $device, Request $request)
{
+ $this->authorize('admin-only');
$formFields = $request->validate([
'price' => 'required',
'timestamp_warranty_end' => 'required',
@@ -45,10 +29,4 @@ public function update(Device $device, Request $request)
return redirect('/');
}
-
- public function destroy(PurchasingInformation $purchasing)
- {
- $purchasing->delete();
- return back();
- }
}
diff --git a/device-app/app/Providers/AuthServiceProvider.php b/device-app/app/Providers/AuthServiceProvider.php
index dafcbee..910a928 100644
--- a/device-app/app/Providers/AuthServiceProvider.php
+++ b/device-app/app/Providers/AuthServiceProvider.php
@@ -2,7 +2,8 @@
namespace App\Providers;
-// use Illuminate\Support\Facades\Gate;
+use App\Models\User;
+use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
class AuthServiceProvider extends ServiceProvider
@@ -21,6 +22,10 @@ class AuthServiceProvider extends ServiceProvider
*/
public function boot(): void
{
- //
+ $this->registerPolicies();
+
+ Gate::define('admin-only', function (User $user) {
+ return $user->has_admin_privileges;
+ });
}
}
diff --git a/device-app/resources/views/components/device-detail.blade.php b/device-app/resources/views/components/device-detail.blade.php
index 7049f8f..c5e467c 100644
--- a/device-app/resources/views/components/device-detail.blade.php
+++ b/device-app/resources/views/components/device-detail.blade.php
@@ -11,12 +11,14 @@
serial_number: {{ $device['serial_number'] }}
image_url: {{ $device['image_url'] }}
-
-
+ @can('admin-only')
+
+
+ @endcan
@php
$locationTransactions = $device->locations;
diff --git a/device-app/resources/views/components/location-transaction.blade.php b/device-app/resources/views/components/location-transaction.blade.php
index 632a17e..a5db6ea 100644
--- a/device-app/resources/views/components/location-transaction.blade.php
+++ b/device-app/resources/views/components/location-transaction.blade.php
@@ -3,10 +3,12 @@
room_code: {{ $location->room_code }}
timestamp_located_since: {{ $location->timestamp_located_since }}
-
-
+ @can('admin-only')
+
+
+ @endcan
\ No newline at end of file
diff --git a/device-app/resources/views/components/owner-transaction.blade.php b/device-app/resources/views/components/owner-transaction.blade.php
index 7105dad..1092aae 100644
--- a/device-app/resources/views/components/owner-transaction.blade.php
+++ b/device-app/resources/views/components/owner-transaction.blade.php
@@ -3,10 +3,12 @@
rz_username: {{ $owner->rz_username }}
timestamp_owner_since: {{ $owner->timestamp_owner_since }}
-
-
+ @can('admin-only')
+
+
+ @endcan
\ No newline at end of file
diff --git a/device-app/resources/views/components/purchasing-information.blade.php b/device-app/resources/views/components/purchasing-information.blade.php
index 6d532ec..298408c 100644
--- a/device-app/resources/views/components/purchasing-information.blade.php
+++ b/device-app/resources/views/components/purchasing-information.blade.php
@@ -10,5 +10,7 @@
cost_centre: {{ $purchasing->cost_centre }}
seller: {{ $purchasing->seller }}
-
+ @can('admin-only')
+
+ @endcan
\ No newline at end of file
diff --git a/device-app/resources/views/devices/index.blade.php b/device-app/resources/views/devices/index.blade.php
index dc001f8..3f8fba0 100644
--- a/device-app/resources/views/devices/index.blade.php
+++ b/device-app/resources/views/devices/index.blade.php
@@ -11,5 +11,7 @@
@else
No devices found
@endunless
-
+ @can('admin-only')
+
+ @endcan
@endsection
diff --git a/device-app/routes/web.php b/device-app/routes/web.php
index e88a952..90a3586 100644
--- a/device-app/routes/web.php
+++ b/device-app/routes/web.php
@@ -25,53 +25,36 @@
return view('welcome');
});
-// Devices routes
-// index - show all devices
-Route::get('/devices', [DeviceController::class, 'index']);
-// create - show device create form
-Route::get('/devices/create', [DeviceController::class, 'create'])->middleware('auth');
-// store - store new device
-Route::post('/devices', [DeviceController::class, 'store'])->middleware('auth');
-
// Device purchasing routes
-//Route::get('/devices/{device}/purchasing/create', [PurchasingInformationController::class, 'create']);
-//Route::post('/devices/{device}/purchasing', [PurchasingInformationController::class, 'store']);
-Route::get('/devices/{device}/purchasing/edit', [PurchasingInformationController::class, 'edit']);
-Route::put('/devices/{device}/purchasing', [PurchasingInformationController::class, 'update']);
-//Route::delete('/devices/{device}/purchasing', [PurchasingInformationController::class, 'destroy']);
+Route::get('/devices/{device}/purchasing/edit', [PurchasingInformationController::class, 'edit'])->middleware('auth');
+Route::put('/devices/{device}/purchasing', [PurchasingInformationController::class, 'update'])->middleware('auth');
// Device location routes
-Route::get('/devices/{device}/locations/create', [LocationTransactionController::class, 'create']);
-Route::post('/devices/{device}/locations', [LocationTransactionController::class, 'store']);
-Route::get('/devices/locations/{location}/edit', [LocationTransactionController::class, 'edit']);
-Route::put('/devices/locations/{location}', [LocationTransactionController::class, 'update']);
-Route::delete('/devices/locations/{location}', [LocationTransactionController::class, 'destroy']);
+Route::get('/devices/{device}/locations/create', [LocationTransactionController::class, 'create'])->middleware('auth');
+Route::post('/devices/{device}/locations', [LocationTransactionController::class, 'store'])->middleware('auth');
+Route::get('/devices/locations/{location}/edit', [LocationTransactionController::class, 'edit'])->middleware('auth');
+Route::put('/devices/locations/{location}', [LocationTransactionController::class, 'update'])->middleware('auth');
+Route::delete('/devices/locations/{location}', [LocationTransactionController::class, 'destroy'])->middleware('auth');
// Device owner routes
-Route::get('/devices/{device}/owners/create', [OwnerTransactionController::class, 'create']);
-Route::post('/devices/{device}/owners', [OwnerTransactionController::class, 'store']);
-Route::get('/devices/owners/{owner}/edit', [OwnerTransactionController::class, 'edit']);
-Route::put('/devices/owners/{owner}', [OwnerTransactionController::class, 'update']);
-Route::delete('/devices/owners/{owner}', [OwnerTransactionController::class, 'destroy']);
+Route::get('/devices/{device}/owners/create', [OwnerTransactionController::class, 'create'])->middleware('auth');
+Route::post('/devices/{device}/owners', [OwnerTransactionController::class, 'store'])->middleware('auth');
+Route::get('/devices/owners/{owner}/edit', [OwnerTransactionController::class, 'edit'])->middleware('auth');
+Route::put('/devices/owners/{owner}', [OwnerTransactionController::class, 'update'])->middleware('auth');
+Route::delete('/devices/owners/{owner}', [OwnerTransactionController::class, 'destroy'])->middleware('auth');
-//
-// edit - show edit form
+// Devices routes
+Route::get('/devices', [DeviceController::class, 'index'])->middleware('auth');
+Route::get('/devices/create', [DeviceController::class, 'create'])->middleware('auth');
+Route::post('/devices', [DeviceController::class, 'store'])->middleware('auth')->middleware('auth');
Route::get('devices/{device}/edit', [DeviceController::class, 'edit'])->middleware('auth');
-// update - update device
Route::put('devices/{device}', [DeviceController::class, 'update'])->middleware('auth');
-// destroy - delete device
Route::delete('devices/{device}', [DeviceController::class, 'destroy'])->middleware('auth');
-// show - show sigle device
-Route::get('/devices/{device}', [DeviceController::class, 'show']);
+Route::get('/devices/{device}', [DeviceController::class, 'show'])->middleware('auth');
//User routes
-// create - show register form
Route::get('/register', [UserController::class, 'create']);
-// store - store new user
Route::post('/users', [UserController::class, 'store']);
-// login - show user login form
Route::get('/login', [UserController::class, 'login'])->name('login');
-// authenticate - log in user
Route::post('/users/authenticate', [UserController::class, 'authenticate']);
-// logout - log out user
Route::post('/logout', [UserController::class, 'logout']);
\ No newline at end of file