Merge branch 'admin-authentication' into 'main'

add admin gate

See merge request ase22ws/abschlussprojekt-device-manager-timon-lorenz!4
This commit is contained in:
lot17014 2023-03-31 17:18:53 +02:00
commit f43db84171
11 changed files with 80 additions and 86 deletions

View File

@ -5,10 +5,12 @@
use App\Models\Device;
use Illuminate\Http\Request;
use Illuminate\Validation\Rule;
use Illuminate\Support\Facades\Gate;
use Illuminate\Http\RedirectResponse;
class DeviceController extends Controller
{
//
public function index()
{
return view('devices.index', [
@ -16,11 +18,15 @@ public function index()
]);
}
public function create(){
public function create()
{
$this->authorize('admin-only');
return view('devices.create');
}
public function store(Request $request){
public function store(Request $request)
{
$this->authorize('admin-only');
$formFields = $request->validate([
'title' => 'required',
'device_type' => 'required',
@ -36,11 +42,15 @@ public function store(Request $request){
return redirect('/devices');
}
public function edit(Device $device) {
public function edit(Device $device)
{
$this->authorize('admin-only');
return view('devices.edit', ['device' => $device]);
}
public function update(Device $device, Request $request){
public function update(Device $device, Request $request)
{
$this->authorize('admin-only');
$formFields = $request->validate([
'title' => 'required',
'device_type' => 'required',
@ -56,7 +66,9 @@ public function update(Device $device, Request $request){
return back();
}
public function destroy(Device $device){
public function destroy(Device $device): RedirectResponse
{
$this->authorize('admin-only');
$device->delete();
return redirect('devices');
}

View File

@ -28,11 +28,13 @@ public function store(Device $device, Request $request)
public function edit(LocationTransaction $location)
{
$this->authorize('admin-only');
return view('locations.edit', ['location' => $location]);
}
public function update(LocationTransaction $location, Request $request)
{
$this->authorize('admin-only');
$formFields = $request->validate([
'room_code' => 'required',
'timestamp_located_since' => 'required'
@ -45,6 +47,7 @@ public function update(LocationTransaction $location, Request $request)
public function destroy(LocationTransaction $location)
{
$this->authorize('admin-only');
$location->delete();
return back();
}

View File

@ -28,11 +28,13 @@ public function store(Device $device, Request $request)
public function edit(OwnerTransaction $owner)
{
$this->authorize('admin-only');
return view('owners.edit', ['owner' => $owner]);
}
public function update(OwnerTransaction $owner, Request $request)
{
$this->authorize('admin-only');
$formFields = $request->validate([
'rz_username' => 'required',
'timestamp_owner_since' => 'required'
@ -45,6 +47,7 @@ public function update(OwnerTransaction $owner, Request $request)
public function destroy(OwnerTransaction $owner)
{
$this->authorize('admin-only');
$owner->delete();
return back();
}

View File

@ -8,32 +8,16 @@
class PurchasingInformationController extends Controller
{
public function create()
{
return view('purchasings.create');
}
public function store(Request $request)
{
$formFields = $request->validate([
'price' => 'required',
'timestamp_warranty_end' => 'required',
'timestamp_purchase' => 'required',
'cost_centre' => 'required',
]);
PurchasingInformation::create($formFields);
return redirect('/');
}
public function edit(Device $device)
{
$this->authorize('admin-only');
return view('purchasings.edit', ['purchasing' => $device->purchasing]);
}
public function update(Device $device, Request $request)
{
$this->authorize('admin-only');
$formFields = $request->validate([
'price' => 'required',
'timestamp_warranty_end' => 'required',
@ -45,10 +29,4 @@ public function update(Device $device, Request $request)
return redirect('/');
}
public function destroy(PurchasingInformation $purchasing)
{
$purchasing->delete();
return back();
}
}

View File

@ -2,7 +2,8 @@
namespace App\Providers;
// use Illuminate\Support\Facades\Gate;
use App\Models\User;
use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
class AuthServiceProvider extends ServiceProvider
@ -21,6 +22,10 @@ class AuthServiceProvider extends ServiceProvider
*/
public function boot(): void
{
//
$this->registerPolicies();
Gate::define('admin-only', function (User $user) {
return $user->has_admin_privileges;
});
}
}

View File

@ -11,12 +11,14 @@
<li>serial_number: {{ $device['serial_number'] }}</li>
<li>image_url: {{ $device['image_url'] }}</li>
</ul>
@can('admin-only')
<button><a href="{{ $device->device_id }}/edit">Edit</a></button>
<form method="POST" action="{{ $device->device_id }}">
@method('DELETE')
@csrf
<button>Delete</button>
</form>
@endcan
<x-purchasing-information :device="$device" />
@php
$locationTransactions = $device->locations;

View File

@ -3,10 +3,12 @@
<li>room_code: {{ $location->room_code }}</li>
<li>timestamp_located_since: {{ $location->timestamp_located_since }}</li>
</ul>
@can('admin-only')
<button><a href="locations/{{ $location->location_transaction_id }}/edit">Edit</a></button>
<form method="POST" action="locations/{{ $location->location_transaction_id }}">
@method('DELETE')
@csrf
<button>Delete</button>
</form>
@endcan
</div>

View File

@ -3,10 +3,12 @@
<li>rz_username: {{ $owner->rz_username }}</li>
<li>timestamp_owner_since: {{ $owner->timestamp_owner_since }}</li>
</ul>
@can('admin-only')
<button><a href="owners/{{ $owner->owner_transaction_id }}/edit">Edit</a></button>
<form method="POST" action="owners/{{ $owner->owner_transaction_id }}">
@method('DELETE')
@csrf
<button>Delete</button>
</form>
@endcan
</div>

View File

@ -10,5 +10,7 @@
<li>cost_centre: {{ $purchasing->cost_centre }}</li>
<li>seller: {{ $purchasing->seller }}</li>
</ul>
@can('admin-only')
<button><a href="{{ $device->device_id }}/purchasing/edit">Edit</a></button>
@endcan
</div>

View File

@ -11,5 +11,7 @@
@else
<p>No devices found</p>
@endunless
@can('admin-only')
<button><a href="devices/create">Device</a></button>
@endcan
@endsection

View File

@ -25,53 +25,36 @@
return view('welcome');
});
// Devices routes
// index - show all devices
Route::get('/devices', [DeviceController::class, 'index']);
// create - show device create form
Route::get('/devices/create', [DeviceController::class, 'create'])->middleware('auth');
// store - store new device
Route::post('/devices', [DeviceController::class, 'store'])->middleware('auth');
// Device purchasing routes
//Route::get('/devices/{device}/purchasing/create', [PurchasingInformationController::class, 'create']);
//Route::post('/devices/{device}/purchasing', [PurchasingInformationController::class, 'store']);
Route::get('/devices/{device}/purchasing/edit', [PurchasingInformationController::class, 'edit']);
Route::put('/devices/{device}/purchasing', [PurchasingInformationController::class, 'update']);
//Route::delete('/devices/{device}/purchasing', [PurchasingInformationController::class, 'destroy']);
Route::get('/devices/{device}/purchasing/edit', [PurchasingInformationController::class, 'edit'])->middleware('auth');
Route::put('/devices/{device}/purchasing', [PurchasingInformationController::class, 'update'])->middleware('auth');
// Device location routes
Route::get('/devices/{device}/locations/create', [LocationTransactionController::class, 'create']);
Route::post('/devices/{device}/locations', [LocationTransactionController::class, 'store']);
Route::get('/devices/locations/{location}/edit', [LocationTransactionController::class, 'edit']);
Route::put('/devices/locations/{location}', [LocationTransactionController::class, 'update']);
Route::delete('/devices/locations/{location}', [LocationTransactionController::class, 'destroy']);
Route::get('/devices/{device}/locations/create', [LocationTransactionController::class, 'create'])->middleware('auth');
Route::post('/devices/{device}/locations', [LocationTransactionController::class, 'store'])->middleware('auth');
Route::get('/devices/locations/{location}/edit', [LocationTransactionController::class, 'edit'])->middleware('auth');
Route::put('/devices/locations/{location}', [LocationTransactionController::class, 'update'])->middleware('auth');
Route::delete('/devices/locations/{location}', [LocationTransactionController::class, 'destroy'])->middleware('auth');
// Device owner routes
Route::get('/devices/{device}/owners/create', [OwnerTransactionController::class, 'create']);
Route::post('/devices/{device}/owners', [OwnerTransactionController::class, 'store']);
Route::get('/devices/owners/{owner}/edit', [OwnerTransactionController::class, 'edit']);
Route::put('/devices/owners/{owner}', [OwnerTransactionController::class, 'update']);
Route::delete('/devices/owners/{owner}', [OwnerTransactionController::class, 'destroy']);
Route::get('/devices/{device}/owners/create', [OwnerTransactionController::class, 'create'])->middleware('auth');
Route::post('/devices/{device}/owners', [OwnerTransactionController::class, 'store'])->middleware('auth');
Route::get('/devices/owners/{owner}/edit', [OwnerTransactionController::class, 'edit'])->middleware('auth');
Route::put('/devices/owners/{owner}', [OwnerTransactionController::class, 'update'])->middleware('auth');
Route::delete('/devices/owners/{owner}', [OwnerTransactionController::class, 'destroy'])->middleware('auth');
//
// edit - show edit form
// Devices routes
Route::get('/devices', [DeviceController::class, 'index'])->middleware('auth');
Route::get('/devices/create', [DeviceController::class, 'create'])->middleware('auth');
Route::post('/devices', [DeviceController::class, 'store'])->middleware('auth')->middleware('auth');
Route::get('devices/{device}/edit', [DeviceController::class, 'edit'])->middleware('auth');
// update - update device
Route::put('devices/{device}', [DeviceController::class, 'update'])->middleware('auth');
// destroy - delete device
Route::delete('devices/{device}', [DeviceController::class, 'destroy'])->middleware('auth');
// show - show sigle device
Route::get('/devices/{device}', [DeviceController::class, 'show']);
Route::get('/devices/{device}', [DeviceController::class, 'show'])->middleware('auth');
//User routes
// create - show register form
Route::get('/register', [UserController::class, 'create']);
// store - store new user
Route::post('/users', [UserController::class, 'store']);
// login - show user login form
Route::get('/login', [UserController::class, 'login'])->name('login');
// authenticate - log in user
Route::post('/users/authenticate', [UserController::class, 'authenticate']);
// logout - log out user
Route::post('/logout', [UserController::class, 'logout']);