add admin gate

This commit is contained in:
TimmensOne 2023-03-31 17:17:09 +02:00
parent 7a95a3d36f
commit 8b7ae81d66
11 changed files with 80 additions and 86 deletions

View File

@ -5,10 +5,12 @@
use App\Models\Device; use App\Models\Device;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Validation\Rule; use Illuminate\Validation\Rule;
use Illuminate\Support\Facades\Gate;
use Illuminate\Http\RedirectResponse;
class DeviceController extends Controller class DeviceController extends Controller
{ {
//
public function index() public function index()
{ {
return view('devices.index', [ return view('devices.index', [
@ -16,11 +18,15 @@ public function index()
]); ]);
} }
public function create(){ public function create()
{
$this->authorize('admin-only');
return view('devices.create'); return view('devices.create');
} }
public function store(Request $request){ public function store(Request $request)
{
$this->authorize('admin-only');
$formFields = $request->validate([ $formFields = $request->validate([
'title' => 'required', 'title' => 'required',
'device_type' => 'required', 'device_type' => 'required',
@ -36,11 +42,15 @@ public function store(Request $request){
return redirect('/devices'); return redirect('/devices');
} }
public function edit(Device $device) { public function edit(Device $device)
{
$this->authorize('admin-only');
return view('devices.edit', ['device' => $device]); return view('devices.edit', ['device' => $device]);
} }
public function update(Device $device, Request $request){ public function update(Device $device, Request $request)
{
$this->authorize('admin-only');
$formFields = $request->validate([ $formFields = $request->validate([
'title' => 'required', 'title' => 'required',
'device_type' => 'required', 'device_type' => 'required',
@ -56,7 +66,9 @@ public function update(Device $device, Request $request){
return back(); return back();
} }
public function destroy(Device $device){ public function destroy(Device $device): RedirectResponse
{
$this->authorize('admin-only');
$device->delete(); $device->delete();
return redirect('devices'); return redirect('devices');
} }

View File

@ -28,11 +28,13 @@ public function store(Device $device, Request $request)
public function edit(LocationTransaction $location) public function edit(LocationTransaction $location)
{ {
$this->authorize('admin-only');
return view('locations.edit', ['location' => $location]); return view('locations.edit', ['location' => $location]);
} }
public function update(LocationTransaction $location, Request $request) public function update(LocationTransaction $location, Request $request)
{ {
$this->authorize('admin-only');
$formFields = $request->validate([ $formFields = $request->validate([
'room_code' => 'required', 'room_code' => 'required',
'timestamp_located_since' => 'required' 'timestamp_located_since' => 'required'
@ -45,6 +47,7 @@ public function update(LocationTransaction $location, Request $request)
public function destroy(LocationTransaction $location) public function destroy(LocationTransaction $location)
{ {
$this->authorize('admin-only');
$location->delete(); $location->delete();
return back(); return back();
} }

View File

@ -28,11 +28,13 @@ public function store(Device $device, Request $request)
public function edit(OwnerTransaction $owner) public function edit(OwnerTransaction $owner)
{ {
$this->authorize('admin-only');
return view('owners.edit', ['owner' => $owner]); return view('owners.edit', ['owner' => $owner]);
} }
public function update(OwnerTransaction $owner, Request $request) public function update(OwnerTransaction $owner, Request $request)
{ {
$this->authorize('admin-only');
$formFields = $request->validate([ $formFields = $request->validate([
'rz_username' => 'required', 'rz_username' => 'required',
'timestamp_owner_since' => 'required' 'timestamp_owner_since' => 'required'
@ -45,6 +47,7 @@ public function update(OwnerTransaction $owner, Request $request)
public function destroy(OwnerTransaction $owner) public function destroy(OwnerTransaction $owner)
{ {
$this->authorize('admin-only');
$owner->delete(); $owner->delete();
return back(); return back();
} }

View File

@ -8,32 +8,16 @@
class PurchasingInformationController extends Controller class PurchasingInformationController extends Controller
{ {
public function create()
{
return view('purchasings.create');
}
public function store(Request $request)
{
$formFields = $request->validate([
'price' => 'required',
'timestamp_warranty_end' => 'required',
'timestamp_purchase' => 'required',
'cost_centre' => 'required',
]);
PurchasingInformation::create($formFields);
return redirect('/');
}
public function edit(Device $device) public function edit(Device $device)
{ {
$this->authorize('admin-only');
return view('purchasings.edit', ['purchasing' => $device->purchasing]); return view('purchasings.edit', ['purchasing' => $device->purchasing]);
} }
public function update(Device $device, Request $request) public function update(Device $device, Request $request)
{ {
$this->authorize('admin-only');
$formFields = $request->validate([ $formFields = $request->validate([
'price' => 'required', 'price' => 'required',
'timestamp_warranty_end' => 'required', 'timestamp_warranty_end' => 'required',
@ -45,10 +29,4 @@ public function update(Device $device, Request $request)
return redirect('/'); return redirect('/');
} }
public function destroy(PurchasingInformation $purchasing)
{
$purchasing->delete();
return back();
}
} }

View File

@ -2,7 +2,8 @@
namespace App\Providers; namespace App\Providers;
// use Illuminate\Support\Facades\Gate; use App\Models\User;
use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider; use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
class AuthServiceProvider extends ServiceProvider class AuthServiceProvider extends ServiceProvider
@ -21,6 +22,10 @@ class AuthServiceProvider extends ServiceProvider
*/ */
public function boot(): void public function boot(): void
{ {
// $this->registerPolicies();
Gate::define('admin-only', function (User $user) {
return $user->has_admin_privileges;
});
} }
} }

View File

@ -11,12 +11,14 @@
<li>serial_number: {{ $device['serial_number'] }}</li> <li>serial_number: {{ $device['serial_number'] }}</li>
<li>image_url: {{ $device['image_url'] }}</li> <li>image_url: {{ $device['image_url'] }}</li>
</ul> </ul>
@can('admin-only')
<button><a href="{{ $device->device_id }}/edit">Edit</a></button> <button><a href="{{ $device->device_id }}/edit">Edit</a></button>
<form method="POST" action="{{ $device->device_id }}"> <form method="POST" action="{{ $device->device_id }}">
@method('DELETE') @method('DELETE')
@csrf @csrf
<button>Delete</button> <button>Delete</button>
</form> </form>
@endcan
<x-purchasing-information :device="$device" /> <x-purchasing-information :device="$device" />
@php @php
$locationTransactions = $device->locations; $locationTransactions = $device->locations;

View File

@ -3,10 +3,12 @@
<li>room_code: {{ $location->room_code }}</li> <li>room_code: {{ $location->room_code }}</li>
<li>timestamp_located_since: {{ $location->timestamp_located_since }}</li> <li>timestamp_located_since: {{ $location->timestamp_located_since }}</li>
</ul> </ul>
@can('admin-only')
<button><a href="locations/{{ $location->location_transaction_id }}/edit">Edit</a></button> <button><a href="locations/{{ $location->location_transaction_id }}/edit">Edit</a></button>
<form method="POST" action="locations/{{ $location->location_transaction_id }}"> <form method="POST" action="locations/{{ $location->location_transaction_id }}">
@method('DELETE') @method('DELETE')
@csrf @csrf
<button>Delete</button> <button>Delete</button>
</form> </form>
@endcan
</div> </div>

View File

@ -3,10 +3,12 @@
<li>rz_username: {{ $owner->rz_username }}</li> <li>rz_username: {{ $owner->rz_username }}</li>
<li>timestamp_owner_since: {{ $owner->timestamp_owner_since }}</li> <li>timestamp_owner_since: {{ $owner->timestamp_owner_since }}</li>
</ul> </ul>
@can('admin-only')
<button><a href="owners/{{ $owner->owner_transaction_id }}/edit">Edit</a></button> <button><a href="owners/{{ $owner->owner_transaction_id }}/edit">Edit</a></button>
<form method="POST" action="owners/{{ $owner->owner_transaction_id }}"> <form method="POST" action="owners/{{ $owner->owner_transaction_id }}">
@method('DELETE') @method('DELETE')
@csrf @csrf
<button>Delete</button> <button>Delete</button>
</form> </form>
@endcan
</div> </div>

View File

@ -10,5 +10,7 @@
<li>cost_centre: {{ $purchasing->cost_centre }}</li> <li>cost_centre: {{ $purchasing->cost_centre }}</li>
<li>seller: {{ $purchasing->seller }}</li> <li>seller: {{ $purchasing->seller }}</li>
</ul> </ul>
@can('admin-only')
<button><a href="{{ $device->device_id }}/purchasing/edit">Edit</a></button> <button><a href="{{ $device->device_id }}/purchasing/edit">Edit</a></button>
@endcan
</div> </div>

View File

@ -11,5 +11,7 @@
@else @else
<p>No devices found</p> <p>No devices found</p>
@endunless @endunless
@can('admin-only')
<button><a href="devices/create">Device</a></button> <button><a href="devices/create">Device</a></button>
@endcan
@endsection @endsection

View File

@ -25,53 +25,36 @@
return view('welcome'); return view('welcome');
}); });
// Devices routes
// index - show all devices
Route::get('/devices', [DeviceController::class, 'index']);
// create - show device create form
Route::get('/devices/create', [DeviceController::class, 'create'])->middleware('auth');
// store - store new device
Route::post('/devices', [DeviceController::class, 'store'])->middleware('auth');
// Device purchasing routes // Device purchasing routes
//Route::get('/devices/{device}/purchasing/create', [PurchasingInformationController::class, 'create']); Route::get('/devices/{device}/purchasing/edit', [PurchasingInformationController::class, 'edit'])->middleware('auth');
//Route::post('/devices/{device}/purchasing', [PurchasingInformationController::class, 'store']); Route::put('/devices/{device}/purchasing', [PurchasingInformationController::class, 'update'])->middleware('auth');
Route::get('/devices/{device}/purchasing/edit', [PurchasingInformationController::class, 'edit']);
Route::put('/devices/{device}/purchasing', [PurchasingInformationController::class, 'update']);
//Route::delete('/devices/{device}/purchasing', [PurchasingInformationController::class, 'destroy']);
// Device location routes // Device location routes
Route::get('/devices/{device}/locations/create', [LocationTransactionController::class, 'create']); Route::get('/devices/{device}/locations/create', [LocationTransactionController::class, 'create'])->middleware('auth');
Route::post('/devices/{device}/locations', [LocationTransactionController::class, 'store']); Route::post('/devices/{device}/locations', [LocationTransactionController::class, 'store'])->middleware('auth');
Route::get('/devices/locations/{location}/edit', [LocationTransactionController::class, 'edit']); Route::get('/devices/locations/{location}/edit', [LocationTransactionController::class, 'edit'])->middleware('auth');
Route::put('/devices/locations/{location}', [LocationTransactionController::class, 'update']); Route::put('/devices/locations/{location}', [LocationTransactionController::class, 'update'])->middleware('auth');
Route::delete('/devices/locations/{location}', [LocationTransactionController::class, 'destroy']); Route::delete('/devices/locations/{location}', [LocationTransactionController::class, 'destroy'])->middleware('auth');
// Device owner routes // Device owner routes
Route::get('/devices/{device}/owners/create', [OwnerTransactionController::class, 'create']); Route::get('/devices/{device}/owners/create', [OwnerTransactionController::class, 'create'])->middleware('auth');
Route::post('/devices/{device}/owners', [OwnerTransactionController::class, 'store']); Route::post('/devices/{device}/owners', [OwnerTransactionController::class, 'store'])->middleware('auth');
Route::get('/devices/owners/{owner}/edit', [OwnerTransactionController::class, 'edit']); Route::get('/devices/owners/{owner}/edit', [OwnerTransactionController::class, 'edit'])->middleware('auth');
Route::put('/devices/owners/{owner}', [OwnerTransactionController::class, 'update']); Route::put('/devices/owners/{owner}', [OwnerTransactionController::class, 'update'])->middleware('auth');
Route::delete('/devices/owners/{owner}', [OwnerTransactionController::class, 'destroy']); Route::delete('/devices/owners/{owner}', [OwnerTransactionController::class, 'destroy'])->middleware('auth');
// // Devices routes
// edit - show edit form Route::get('/devices', [DeviceController::class, 'index'])->middleware('auth');
Route::get('/devices/create', [DeviceController::class, 'create'])->middleware('auth');
Route::post('/devices', [DeviceController::class, 'store'])->middleware('auth')->middleware('auth');
Route::get('devices/{device}/edit', [DeviceController::class, 'edit'])->middleware('auth'); Route::get('devices/{device}/edit', [DeviceController::class, 'edit'])->middleware('auth');
// update - update device
Route::put('devices/{device}', [DeviceController::class, 'update'])->middleware('auth'); Route::put('devices/{device}', [DeviceController::class, 'update'])->middleware('auth');
// destroy - delete device
Route::delete('devices/{device}', [DeviceController::class, 'destroy'])->middleware('auth'); Route::delete('devices/{device}', [DeviceController::class, 'destroy'])->middleware('auth');
// show - show sigle device Route::get('/devices/{device}', [DeviceController::class, 'show'])->middleware('auth');
Route::get('/devices/{device}', [DeviceController::class, 'show']);
//User routes //User routes
// create - show register form
Route::get('/register', [UserController::class, 'create']); Route::get('/register', [UserController::class, 'create']);
// store - store new user
Route::post('/users', [UserController::class, 'store']); Route::post('/users', [UserController::class, 'store']);
// login - show user login form
Route::get('/login', [UserController::class, 'login'])->name('login'); Route::get('/login', [UserController::class, 'login'])->name('login');
// authenticate - log in user
Route::post('/users/authenticate', [UserController::class, 'authenticate']); Route::post('/users/authenticate', [UserController::class, 'authenticate']);
// logout - log out user
Route::post('/logout', [UserController::class, 'logout']); Route::post('/logout', [UserController::class, 'logout']);