diff --git a/device-app/app/Http/Controllers/DeviceController.php b/device-app/app/Http/Controllers/DeviceController.php index 19a1a84..c99b7a0 100644 --- a/device-app/app/Http/Controllers/DeviceController.php +++ b/device-app/app/Http/Controllers/DeviceController.php @@ -5,10 +5,12 @@ use App\Models\Device; use Illuminate\Http\Request; use Illuminate\Validation\Rule; +use Illuminate\Support\Facades\Gate; +use Illuminate\Http\RedirectResponse; class DeviceController extends Controller { - // + public function index() { return view('devices.index', [ @@ -16,11 +18,15 @@ public function index() ]); } - public function create(){ + public function create() + { + $this->authorize('admin-only'); return view('devices.create'); } - public function store(Request $request){ + public function store(Request $request) + { + $this->authorize('admin-only'); $formFields = $request->validate([ 'title' => 'required', 'device_type' => 'required', @@ -36,11 +42,15 @@ public function store(Request $request){ return redirect('/devices'); } - public function edit(Device $device) { + public function edit(Device $device) + { + $this->authorize('admin-only'); return view('devices.edit', ['device' => $device]); } - public function update(Device $device, Request $request){ + public function update(Device $device, Request $request) + { + $this->authorize('admin-only'); $formFields = $request->validate([ 'title' => 'required', 'device_type' => 'required', @@ -56,7 +66,9 @@ public function update(Device $device, Request $request){ return back(); } - public function destroy(Device $device){ + public function destroy(Device $device): RedirectResponse + { + $this->authorize('admin-only'); $device->delete(); return redirect('devices'); } diff --git a/device-app/app/Http/Controllers/LocationTransactionController.php b/device-app/app/Http/Controllers/LocationTransactionController.php index b40be93..25e1af0 100644 --- a/device-app/app/Http/Controllers/LocationTransactionController.php +++ b/device-app/app/Http/Controllers/LocationTransactionController.php @@ -28,11 +28,13 @@ public function store(Device $device, Request $request) public function edit(LocationTransaction $location) { + $this->authorize('admin-only'); return view('locations.edit', ['location' => $location]); } public function update(LocationTransaction $location, Request $request) { + $this->authorize('admin-only'); $formFields = $request->validate([ 'room_code' => 'required', 'timestamp_located_since' => 'required' @@ -45,6 +47,7 @@ public function update(LocationTransaction $location, Request $request) public function destroy(LocationTransaction $location) { + $this->authorize('admin-only'); $location->delete(); return back(); } diff --git a/device-app/app/Http/Controllers/OwnerTransactionController.php b/device-app/app/Http/Controllers/OwnerTransactionController.php index 60198fa..df7e20b 100644 --- a/device-app/app/Http/Controllers/OwnerTransactionController.php +++ b/device-app/app/Http/Controllers/OwnerTransactionController.php @@ -28,11 +28,13 @@ public function store(Device $device, Request $request) public function edit(OwnerTransaction $owner) { + $this->authorize('admin-only'); return view('owners.edit', ['owner' => $owner]); } public function update(OwnerTransaction $owner, Request $request) { + $this->authorize('admin-only'); $formFields = $request->validate([ 'rz_username' => 'required', 'timestamp_owner_since' => 'required' @@ -45,6 +47,7 @@ public function update(OwnerTransaction $owner, Request $request) public function destroy(OwnerTransaction $owner) { + $this->authorize('admin-only'); $owner->delete(); return back(); } diff --git a/device-app/app/Http/Controllers/PurchasingInformationController.php b/device-app/app/Http/Controllers/PurchasingInformationController.php index 0602f3b..7c2945f 100644 --- a/device-app/app/Http/Controllers/PurchasingInformationController.php +++ b/device-app/app/Http/Controllers/PurchasingInformationController.php @@ -8,32 +8,16 @@ class PurchasingInformationController extends Controller { - public function create() - { - return view('purchasings.create'); - } - - public function store(Request $request) - { - $formFields = $request->validate([ - 'price' => 'required', - 'timestamp_warranty_end' => 'required', - 'timestamp_purchase' => 'required', - 'cost_centre' => 'required', - ]); - - PurchasingInformation::create($formFields); - - return redirect('/'); - } public function edit(Device $device) { + $this->authorize('admin-only'); return view('purchasings.edit', ['purchasing' => $device->purchasing]); } public function update(Device $device, Request $request) { + $this->authorize('admin-only'); $formFields = $request->validate([ 'price' => 'required', 'timestamp_warranty_end' => 'required', @@ -45,10 +29,4 @@ public function update(Device $device, Request $request) return redirect('/'); } - - public function destroy(PurchasingInformation $purchasing) - { - $purchasing->delete(); - return back(); - } } diff --git a/device-app/app/Providers/AuthServiceProvider.php b/device-app/app/Providers/AuthServiceProvider.php index dafcbee..910a928 100644 --- a/device-app/app/Providers/AuthServiceProvider.php +++ b/device-app/app/Providers/AuthServiceProvider.php @@ -2,7 +2,8 @@ namespace App\Providers; -// use Illuminate\Support\Facades\Gate; +use App\Models\User; +use Illuminate\Support\Facades\Gate; use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider; class AuthServiceProvider extends ServiceProvider @@ -21,6 +22,10 @@ class AuthServiceProvider extends ServiceProvider */ public function boot(): void { - // + $this->registerPolicies(); + + Gate::define('admin-only', function (User $user) { + return $user->has_admin_privileges; + }); } } diff --git a/device-app/resources/views/components/device-detail.blade.php b/device-app/resources/views/components/device-detail.blade.php index 7049f8f..c5e467c 100644 --- a/device-app/resources/views/components/device-detail.blade.php +++ b/device-app/resources/views/components/device-detail.blade.php @@ -11,12 +11,14 @@
  • serial_number: {{ $device['serial_number'] }}
  • image_url: {{ $device['image_url'] }}
  • - -
    - @method('DELETE') - @csrf - -
    + @can('admin-only') + +
    + @method('DELETE') + @csrf + +
    + @endcan @php $locationTransactions = $device->locations; diff --git a/device-app/resources/views/components/location-transaction.blade.php b/device-app/resources/views/components/location-transaction.blade.php index 632a17e..a5db6ea 100644 --- a/device-app/resources/views/components/location-transaction.blade.php +++ b/device-app/resources/views/components/location-transaction.blade.php @@ -3,10 +3,12 @@
  • room_code: {{ $location->room_code }}
  • timestamp_located_since: {{ $location->timestamp_located_since }}
  • - -
    - @method('DELETE') - @csrf - -
    + @can('admin-only') + +
    + @method('DELETE') + @csrf + +
    + @endcan \ No newline at end of file diff --git a/device-app/resources/views/components/owner-transaction.blade.php b/device-app/resources/views/components/owner-transaction.blade.php index 7105dad..1092aae 100644 --- a/device-app/resources/views/components/owner-transaction.blade.php +++ b/device-app/resources/views/components/owner-transaction.blade.php @@ -3,10 +3,12 @@
  • rz_username: {{ $owner->rz_username }}
  • timestamp_owner_since: {{ $owner->timestamp_owner_since }}
  • - -
    - @method('DELETE') - @csrf - -
    + @can('admin-only') + +
    + @method('DELETE') + @csrf + +
    + @endcan \ No newline at end of file diff --git a/device-app/resources/views/components/purchasing-information.blade.php b/device-app/resources/views/components/purchasing-information.blade.php index 6d532ec..298408c 100644 --- a/device-app/resources/views/components/purchasing-information.blade.php +++ b/device-app/resources/views/components/purchasing-information.blade.php @@ -10,5 +10,7 @@
  • cost_centre: {{ $purchasing->cost_centre }}
  • seller: {{ $purchasing->seller }}
  • - + @can('admin-only') + + @endcan \ No newline at end of file diff --git a/device-app/resources/views/devices/index.blade.php b/device-app/resources/views/devices/index.blade.php index dc001f8..3f8fba0 100644 --- a/device-app/resources/views/devices/index.blade.php +++ b/device-app/resources/views/devices/index.blade.php @@ -11,5 +11,7 @@ @else

    No devices found

    @endunless - + @can('admin-only') + + @endcan @endsection diff --git a/device-app/routes/web.php b/device-app/routes/web.php index e88a952..90a3586 100644 --- a/device-app/routes/web.php +++ b/device-app/routes/web.php @@ -25,53 +25,36 @@ return view('welcome'); }); -// Devices routes -// index - show all devices -Route::get('/devices', [DeviceController::class, 'index']); -// create - show device create form -Route::get('/devices/create', [DeviceController::class, 'create'])->middleware('auth'); -// store - store new device -Route::post('/devices', [DeviceController::class, 'store'])->middleware('auth'); - // Device purchasing routes -//Route::get('/devices/{device}/purchasing/create', [PurchasingInformationController::class, 'create']); -//Route::post('/devices/{device}/purchasing', [PurchasingInformationController::class, 'store']); -Route::get('/devices/{device}/purchasing/edit', [PurchasingInformationController::class, 'edit']); -Route::put('/devices/{device}/purchasing', [PurchasingInformationController::class, 'update']); -//Route::delete('/devices/{device}/purchasing', [PurchasingInformationController::class, 'destroy']); +Route::get('/devices/{device}/purchasing/edit', [PurchasingInformationController::class, 'edit'])->middleware('auth'); +Route::put('/devices/{device}/purchasing', [PurchasingInformationController::class, 'update'])->middleware('auth'); // Device location routes -Route::get('/devices/{device}/locations/create', [LocationTransactionController::class, 'create']); -Route::post('/devices/{device}/locations', [LocationTransactionController::class, 'store']); -Route::get('/devices/locations/{location}/edit', [LocationTransactionController::class, 'edit']); -Route::put('/devices/locations/{location}', [LocationTransactionController::class, 'update']); -Route::delete('/devices/locations/{location}', [LocationTransactionController::class, 'destroy']); +Route::get('/devices/{device}/locations/create', [LocationTransactionController::class, 'create'])->middleware('auth'); +Route::post('/devices/{device}/locations', [LocationTransactionController::class, 'store'])->middleware('auth'); +Route::get('/devices/locations/{location}/edit', [LocationTransactionController::class, 'edit'])->middleware('auth'); +Route::put('/devices/locations/{location}', [LocationTransactionController::class, 'update'])->middleware('auth'); +Route::delete('/devices/locations/{location}', [LocationTransactionController::class, 'destroy'])->middleware('auth'); // Device owner routes -Route::get('/devices/{device}/owners/create', [OwnerTransactionController::class, 'create']); -Route::post('/devices/{device}/owners', [OwnerTransactionController::class, 'store']); -Route::get('/devices/owners/{owner}/edit', [OwnerTransactionController::class, 'edit']); -Route::put('/devices/owners/{owner}', [OwnerTransactionController::class, 'update']); -Route::delete('/devices/owners/{owner}', [OwnerTransactionController::class, 'destroy']); +Route::get('/devices/{device}/owners/create', [OwnerTransactionController::class, 'create'])->middleware('auth'); +Route::post('/devices/{device}/owners', [OwnerTransactionController::class, 'store'])->middleware('auth'); +Route::get('/devices/owners/{owner}/edit', [OwnerTransactionController::class, 'edit'])->middleware('auth'); +Route::put('/devices/owners/{owner}', [OwnerTransactionController::class, 'update'])->middleware('auth'); +Route::delete('/devices/owners/{owner}', [OwnerTransactionController::class, 'destroy'])->middleware('auth'); -// -// edit - show edit form +// Devices routes +Route::get('/devices', [DeviceController::class, 'index'])->middleware('auth'); +Route::get('/devices/create', [DeviceController::class, 'create'])->middleware('auth'); +Route::post('/devices', [DeviceController::class, 'store'])->middleware('auth')->middleware('auth'); Route::get('devices/{device}/edit', [DeviceController::class, 'edit'])->middleware('auth'); -// update - update device Route::put('devices/{device}', [DeviceController::class, 'update'])->middleware('auth'); -// destroy - delete device Route::delete('devices/{device}', [DeviceController::class, 'destroy'])->middleware('auth'); -// show - show sigle device -Route::get('/devices/{device}', [DeviceController::class, 'show']); +Route::get('/devices/{device}', [DeviceController::class, 'show'])->middleware('auth'); //User routes -// create - show register form Route::get('/register', [UserController::class, 'create']); -// store - store new user Route::post('/users', [UserController::class, 'store']); -// login - show user login form Route::get('/login', [UserController::class, 'login'])->name('login'); -// authenticate - log in user Route::post('/users/authenticate', [UserController::class, 'authenticate']); -// logout - log out user Route::post('/logout', [UserController::class, 'logout']); \ No newline at end of file