add admin gate
This commit is contained in:
parent
7a95a3d36f
commit
8b7ae81d66
@ -5,10 +5,12 @@
|
|||||||
use App\Models\Device;
|
use App\Models\Device;
|
||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
use Illuminate\Validation\Rule;
|
use Illuminate\Validation\Rule;
|
||||||
|
use Illuminate\Support\Facades\Gate;
|
||||||
|
use Illuminate\Http\RedirectResponse;
|
||||||
|
|
||||||
class DeviceController extends Controller
|
class DeviceController extends Controller
|
||||||
{
|
{
|
||||||
//
|
|
||||||
public function index()
|
public function index()
|
||||||
{
|
{
|
||||||
return view('devices.index', [
|
return view('devices.index', [
|
||||||
@ -16,11 +18,15 @@ public function index()
|
|||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function create(){
|
public function create()
|
||||||
|
{
|
||||||
|
$this->authorize('admin-only');
|
||||||
return view('devices.create');
|
return view('devices.create');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function store(Request $request){
|
public function store(Request $request)
|
||||||
|
{
|
||||||
|
$this->authorize('admin-only');
|
||||||
$formFields = $request->validate([
|
$formFields = $request->validate([
|
||||||
'title' => 'required',
|
'title' => 'required',
|
||||||
'device_type' => 'required',
|
'device_type' => 'required',
|
||||||
@ -36,11 +42,15 @@ public function store(Request $request){
|
|||||||
return redirect('/devices');
|
return redirect('/devices');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function edit(Device $device) {
|
public function edit(Device $device)
|
||||||
|
{
|
||||||
|
$this->authorize('admin-only');
|
||||||
return view('devices.edit', ['device' => $device]);
|
return view('devices.edit', ['device' => $device]);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function update(Device $device, Request $request){
|
public function update(Device $device, Request $request)
|
||||||
|
{
|
||||||
|
$this->authorize('admin-only');
|
||||||
$formFields = $request->validate([
|
$formFields = $request->validate([
|
||||||
'title' => 'required',
|
'title' => 'required',
|
||||||
'device_type' => 'required',
|
'device_type' => 'required',
|
||||||
@ -56,7 +66,9 @@ public function update(Device $device, Request $request){
|
|||||||
return back();
|
return back();
|
||||||
}
|
}
|
||||||
|
|
||||||
public function destroy(Device $device){
|
public function destroy(Device $device): RedirectResponse
|
||||||
|
{
|
||||||
|
$this->authorize('admin-only');
|
||||||
$device->delete();
|
$device->delete();
|
||||||
return redirect('devices');
|
return redirect('devices');
|
||||||
}
|
}
|
||||||
|
@ -28,11 +28,13 @@ public function store(Device $device, Request $request)
|
|||||||
|
|
||||||
public function edit(LocationTransaction $location)
|
public function edit(LocationTransaction $location)
|
||||||
{
|
{
|
||||||
|
$this->authorize('admin-only');
|
||||||
return view('locations.edit', ['location' => $location]);
|
return view('locations.edit', ['location' => $location]);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function update(LocationTransaction $location, Request $request)
|
public function update(LocationTransaction $location, Request $request)
|
||||||
{
|
{
|
||||||
|
$this->authorize('admin-only');
|
||||||
$formFields = $request->validate([
|
$formFields = $request->validate([
|
||||||
'room_code' => 'required',
|
'room_code' => 'required',
|
||||||
'timestamp_located_since' => 'required'
|
'timestamp_located_since' => 'required'
|
||||||
@ -45,6 +47,7 @@ public function update(LocationTransaction $location, Request $request)
|
|||||||
|
|
||||||
public function destroy(LocationTransaction $location)
|
public function destroy(LocationTransaction $location)
|
||||||
{
|
{
|
||||||
|
$this->authorize('admin-only');
|
||||||
$location->delete();
|
$location->delete();
|
||||||
return back();
|
return back();
|
||||||
}
|
}
|
||||||
|
@ -28,11 +28,13 @@ public function store(Device $device, Request $request)
|
|||||||
|
|
||||||
public function edit(OwnerTransaction $owner)
|
public function edit(OwnerTransaction $owner)
|
||||||
{
|
{
|
||||||
|
$this->authorize('admin-only');
|
||||||
return view('owners.edit', ['owner' => $owner]);
|
return view('owners.edit', ['owner' => $owner]);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function update(OwnerTransaction $owner, Request $request)
|
public function update(OwnerTransaction $owner, Request $request)
|
||||||
{
|
{
|
||||||
|
$this->authorize('admin-only');
|
||||||
$formFields = $request->validate([
|
$formFields = $request->validate([
|
||||||
'rz_username' => 'required',
|
'rz_username' => 'required',
|
||||||
'timestamp_owner_since' => 'required'
|
'timestamp_owner_since' => 'required'
|
||||||
@ -45,6 +47,7 @@ public function update(OwnerTransaction $owner, Request $request)
|
|||||||
|
|
||||||
public function destroy(OwnerTransaction $owner)
|
public function destroy(OwnerTransaction $owner)
|
||||||
{
|
{
|
||||||
|
$this->authorize('admin-only');
|
||||||
$owner->delete();
|
$owner->delete();
|
||||||
return back();
|
return back();
|
||||||
}
|
}
|
||||||
|
@ -8,32 +8,16 @@
|
|||||||
|
|
||||||
class PurchasingInformationController extends Controller
|
class PurchasingInformationController extends Controller
|
||||||
{
|
{
|
||||||
public function create()
|
|
||||||
{
|
|
||||||
return view('purchasings.create');
|
|
||||||
}
|
|
||||||
|
|
||||||
public function store(Request $request)
|
|
||||||
{
|
|
||||||
$formFields = $request->validate([
|
|
||||||
'price' => 'required',
|
|
||||||
'timestamp_warranty_end' => 'required',
|
|
||||||
'timestamp_purchase' => 'required',
|
|
||||||
'cost_centre' => 'required',
|
|
||||||
]);
|
|
||||||
|
|
||||||
PurchasingInformation::create($formFields);
|
|
||||||
|
|
||||||
return redirect('/');
|
|
||||||
}
|
|
||||||
|
|
||||||
public function edit(Device $device)
|
public function edit(Device $device)
|
||||||
{
|
{
|
||||||
|
$this->authorize('admin-only');
|
||||||
return view('purchasings.edit', ['purchasing' => $device->purchasing]);
|
return view('purchasings.edit', ['purchasing' => $device->purchasing]);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function update(Device $device, Request $request)
|
public function update(Device $device, Request $request)
|
||||||
{
|
{
|
||||||
|
$this->authorize('admin-only');
|
||||||
$formFields = $request->validate([
|
$formFields = $request->validate([
|
||||||
'price' => 'required',
|
'price' => 'required',
|
||||||
'timestamp_warranty_end' => 'required',
|
'timestamp_warranty_end' => 'required',
|
||||||
@ -45,10 +29,4 @@ public function update(Device $device, Request $request)
|
|||||||
|
|
||||||
return redirect('/');
|
return redirect('/');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function destroy(PurchasingInformation $purchasing)
|
|
||||||
{
|
|
||||||
$purchasing->delete();
|
|
||||||
return back();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
@ -2,7 +2,8 @@
|
|||||||
|
|
||||||
namespace App\Providers;
|
namespace App\Providers;
|
||||||
|
|
||||||
// use Illuminate\Support\Facades\Gate;
|
use App\Models\User;
|
||||||
|
use Illuminate\Support\Facades\Gate;
|
||||||
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
|
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
|
||||||
|
|
||||||
class AuthServiceProvider extends ServiceProvider
|
class AuthServiceProvider extends ServiceProvider
|
||||||
@ -21,6 +22,10 @@ class AuthServiceProvider extends ServiceProvider
|
|||||||
*/
|
*/
|
||||||
public function boot(): void
|
public function boot(): void
|
||||||
{
|
{
|
||||||
//
|
$this->registerPolicies();
|
||||||
|
|
||||||
|
Gate::define('admin-only', function (User $user) {
|
||||||
|
return $user->has_admin_privileges;
|
||||||
|
});
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -11,12 +11,14 @@
|
|||||||
<li>serial_number: {{ $device['serial_number'] }}</li>
|
<li>serial_number: {{ $device['serial_number'] }}</li>
|
||||||
<li>image_url: {{ $device['image_url'] }}</li>
|
<li>image_url: {{ $device['image_url'] }}</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
@can('admin-only')
|
||||||
<button><a href="{{ $device->device_id }}/edit">Edit</a></button>
|
<button><a href="{{ $device->device_id }}/edit">Edit</a></button>
|
||||||
<form method="POST" action="{{ $device->device_id }}">
|
<form method="POST" action="{{ $device->device_id }}">
|
||||||
@method('DELETE')
|
@method('DELETE')
|
||||||
@csrf
|
@csrf
|
||||||
<button>Delete</button>
|
<button>Delete</button>
|
||||||
</form>
|
</form>
|
||||||
|
@endcan
|
||||||
<x-purchasing-information :device="$device" />
|
<x-purchasing-information :device="$device" />
|
||||||
@php
|
@php
|
||||||
$locationTransactions = $device->locations;
|
$locationTransactions = $device->locations;
|
||||||
|
@ -3,10 +3,12 @@
|
|||||||
<li>room_code: {{ $location->room_code }}</li>
|
<li>room_code: {{ $location->room_code }}</li>
|
||||||
<li>timestamp_located_since: {{ $location->timestamp_located_since }}</li>
|
<li>timestamp_located_since: {{ $location->timestamp_located_since }}</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
@can('admin-only')
|
||||||
<button><a href="locations/{{ $location->location_transaction_id }}/edit">Edit</a></button>
|
<button><a href="locations/{{ $location->location_transaction_id }}/edit">Edit</a></button>
|
||||||
<form method="POST" action="locations/{{ $location->location_transaction_id }}">
|
<form method="POST" action="locations/{{ $location->location_transaction_id }}">
|
||||||
@method('DELETE')
|
@method('DELETE')
|
||||||
@csrf
|
@csrf
|
||||||
<button>Delete</button>
|
<button>Delete</button>
|
||||||
</form>
|
</form>
|
||||||
|
@endcan
|
||||||
</div>
|
</div>
|
@ -3,10 +3,12 @@
|
|||||||
<li>rz_username: {{ $owner->rz_username }}</li>
|
<li>rz_username: {{ $owner->rz_username }}</li>
|
||||||
<li>timestamp_owner_since: {{ $owner->timestamp_owner_since }}</li>
|
<li>timestamp_owner_since: {{ $owner->timestamp_owner_since }}</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
@can('admin-only')
|
||||||
<button><a href="owners/{{ $owner->owner_transaction_id }}/edit">Edit</a></button>
|
<button><a href="owners/{{ $owner->owner_transaction_id }}/edit">Edit</a></button>
|
||||||
<form method="POST" action="owners/{{ $owner->owner_transaction_id }}">
|
<form method="POST" action="owners/{{ $owner->owner_transaction_id }}">
|
||||||
@method('DELETE')
|
@method('DELETE')
|
||||||
@csrf
|
@csrf
|
||||||
<button>Delete</button>
|
<button>Delete</button>
|
||||||
</form>
|
</form>
|
||||||
|
@endcan
|
||||||
</div>
|
</div>
|
@ -10,5 +10,7 @@
|
|||||||
<li>cost_centre: {{ $purchasing->cost_centre }}</li>
|
<li>cost_centre: {{ $purchasing->cost_centre }}</li>
|
||||||
<li>seller: {{ $purchasing->seller }}</li>
|
<li>seller: {{ $purchasing->seller }}</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
@can('admin-only')
|
||||||
<button><a href="{{ $device->device_id }}/purchasing/edit">Edit</a></button>
|
<button><a href="{{ $device->device_id }}/purchasing/edit">Edit</a></button>
|
||||||
|
@endcan
|
||||||
</div>
|
</div>
|
@ -11,5 +11,7 @@
|
|||||||
@else
|
@else
|
||||||
<p>No devices found</p>
|
<p>No devices found</p>
|
||||||
@endunless
|
@endunless
|
||||||
|
@can('admin-only')
|
||||||
<button><a href="devices/create">Device</a></button>
|
<button><a href="devices/create">Device</a></button>
|
||||||
|
@endcan
|
||||||
@endsection
|
@endsection
|
||||||
|
@ -25,53 +25,36 @@
|
|||||||
return view('welcome');
|
return view('welcome');
|
||||||
});
|
});
|
||||||
|
|
||||||
// Devices routes
|
|
||||||
// index - show all devices
|
|
||||||
Route::get('/devices', [DeviceController::class, 'index']);
|
|
||||||
// create - show device create form
|
|
||||||
Route::get('/devices/create', [DeviceController::class, 'create'])->middleware('auth');
|
|
||||||
// store - store new device
|
|
||||||
Route::post('/devices', [DeviceController::class, 'store'])->middleware('auth');
|
|
||||||
|
|
||||||
// Device purchasing routes
|
// Device purchasing routes
|
||||||
//Route::get('/devices/{device}/purchasing/create', [PurchasingInformationController::class, 'create']);
|
Route::get('/devices/{device}/purchasing/edit', [PurchasingInformationController::class, 'edit'])->middleware('auth');
|
||||||
//Route::post('/devices/{device}/purchasing', [PurchasingInformationController::class, 'store']);
|
Route::put('/devices/{device}/purchasing', [PurchasingInformationController::class, 'update'])->middleware('auth');
|
||||||
Route::get('/devices/{device}/purchasing/edit', [PurchasingInformationController::class, 'edit']);
|
|
||||||
Route::put('/devices/{device}/purchasing', [PurchasingInformationController::class, 'update']);
|
|
||||||
//Route::delete('/devices/{device}/purchasing', [PurchasingInformationController::class, 'destroy']);
|
|
||||||
|
|
||||||
// Device location routes
|
// Device location routes
|
||||||
Route::get('/devices/{device}/locations/create', [LocationTransactionController::class, 'create']);
|
Route::get('/devices/{device}/locations/create', [LocationTransactionController::class, 'create'])->middleware('auth');
|
||||||
Route::post('/devices/{device}/locations', [LocationTransactionController::class, 'store']);
|
Route::post('/devices/{device}/locations', [LocationTransactionController::class, 'store'])->middleware('auth');
|
||||||
Route::get('/devices/locations/{location}/edit', [LocationTransactionController::class, 'edit']);
|
Route::get('/devices/locations/{location}/edit', [LocationTransactionController::class, 'edit'])->middleware('auth');
|
||||||
Route::put('/devices/locations/{location}', [LocationTransactionController::class, 'update']);
|
Route::put('/devices/locations/{location}', [LocationTransactionController::class, 'update'])->middleware('auth');
|
||||||
Route::delete('/devices/locations/{location}', [LocationTransactionController::class, 'destroy']);
|
Route::delete('/devices/locations/{location}', [LocationTransactionController::class, 'destroy'])->middleware('auth');
|
||||||
|
|
||||||
// Device owner routes
|
// Device owner routes
|
||||||
Route::get('/devices/{device}/owners/create', [OwnerTransactionController::class, 'create']);
|
Route::get('/devices/{device}/owners/create', [OwnerTransactionController::class, 'create'])->middleware('auth');
|
||||||
Route::post('/devices/{device}/owners', [OwnerTransactionController::class, 'store']);
|
Route::post('/devices/{device}/owners', [OwnerTransactionController::class, 'store'])->middleware('auth');
|
||||||
Route::get('/devices/owners/{owner}/edit', [OwnerTransactionController::class, 'edit']);
|
Route::get('/devices/owners/{owner}/edit', [OwnerTransactionController::class, 'edit'])->middleware('auth');
|
||||||
Route::put('/devices/owners/{owner}', [OwnerTransactionController::class, 'update']);
|
Route::put('/devices/owners/{owner}', [OwnerTransactionController::class, 'update'])->middleware('auth');
|
||||||
Route::delete('/devices/owners/{owner}', [OwnerTransactionController::class, 'destroy']);
|
Route::delete('/devices/owners/{owner}', [OwnerTransactionController::class, 'destroy'])->middleware('auth');
|
||||||
|
|
||||||
//
|
// Devices routes
|
||||||
// edit - show edit form
|
Route::get('/devices', [DeviceController::class, 'index'])->middleware('auth');
|
||||||
|
Route::get('/devices/create', [DeviceController::class, 'create'])->middleware('auth');
|
||||||
|
Route::post('/devices', [DeviceController::class, 'store'])->middleware('auth')->middleware('auth');
|
||||||
Route::get('devices/{device}/edit', [DeviceController::class, 'edit'])->middleware('auth');
|
Route::get('devices/{device}/edit', [DeviceController::class, 'edit'])->middleware('auth');
|
||||||
// update - update device
|
|
||||||
Route::put('devices/{device}', [DeviceController::class, 'update'])->middleware('auth');
|
Route::put('devices/{device}', [DeviceController::class, 'update'])->middleware('auth');
|
||||||
// destroy - delete device
|
|
||||||
Route::delete('devices/{device}', [DeviceController::class, 'destroy'])->middleware('auth');
|
Route::delete('devices/{device}', [DeviceController::class, 'destroy'])->middleware('auth');
|
||||||
// show - show sigle device
|
Route::get('/devices/{device}', [DeviceController::class, 'show'])->middleware('auth');
|
||||||
Route::get('/devices/{device}', [DeviceController::class, 'show']);
|
|
||||||
|
|
||||||
//User routes
|
//User routes
|
||||||
// create - show register form
|
|
||||||
Route::get('/register', [UserController::class, 'create']);
|
Route::get('/register', [UserController::class, 'create']);
|
||||||
// store - store new user
|
|
||||||
Route::post('/users', [UserController::class, 'store']);
|
Route::post('/users', [UserController::class, 'store']);
|
||||||
// login - show user login form
|
|
||||||
Route::get('/login', [UserController::class, 'login'])->name('login');
|
Route::get('/login', [UserController::class, 'login'])->name('login');
|
||||||
// authenticate - log in user
|
|
||||||
Route::post('/users/authenticate', [UserController::class, 'authenticate']);
|
Route::post('/users/authenticate', [UserController::class, 'authenticate']);
|
||||||
// logout - log out user
|
|
||||||
Route::post('/logout', [UserController::class, 'logout']);
|
Route::post('/logout', [UserController::class, 'logout']);
|
Loading…
Reference in New Issue
Block a user