From 19c771b3c44c9f51571ba9dc4bb11f5f75760d32 Mon Sep 17 00:00:00 2001 From: Marko259 Date: Tue, 30 Jul 2024 19:51:02 +0200 Subject: [PATCH] Replaced middleware with policy + new logo and other small stuff --- .env.example | 29 +---------------- app/Http/Controllers/FrontController.php | 2 ++ app/Http/Kernel.php | 1 - app/Http/Middleware/StaffCheck.php | 31 ------------------- app/Policies/UserPolicy.php | 2 +- config/custom.php | 2 -- public/images/vatsca.svg | 2 +- public/images/vatsca_logo.svg | 1 + .../views/layouts/auth/sidebar.blade.php | 2 +- .../views/layouts/public/topbar.blade.php | 12 ++++--- resources/views/welcome.blade.php | 7 +---- routes/web.php | 2 +- tests/Feature/Models/CalendarTest.php | 6 ++-- tests/Feature/Models/EventTest.php | 6 ++-- tests/Feature/Models/UserTest.php | 2 +- 15 files changed, 23 insertions(+), 84 deletions(-) delete mode 100644 app/Http/Middleware/StaffCheck.php create mode 100644 public/images/vatsca_logo.svg diff --git a/.env.example b/.env.example index 7b44a3d..8f16346 100755 --- a/.env.example +++ b/.env.example @@ -21,13 +21,6 @@ DB_DATABASE='events' DB_USERNAME='' DB_PASSWORD='' -DB_HANDOVER_HOST=127.0.0.1 -DB_HANDOVER_PORT=3306 -DB_HANDOVER_DATABASE=handover -DB_HANDOVER_USERNAME='' -DB_HANDOVER_PASSWORD='' -DB_HANDOVER_TABLE_PREFIX= - OAUTH_ID="" OAUTH_SECRET="" OAUTH_URL="" @@ -38,21 +31,15 @@ OAUTH_MAPPING_EMAIL=data-personal-email OAUTH_MAPPING_FIRSTNAME=data-personal-name_first OAUTH_MAPPING_LASTNAME=data-personal-name_last -EVENTS_API_KEY="" - BROADCAST_DRIVER=log CACHE_DRIVER=file FILESYSTEM_DISK=local QUEUE_CONNECTION=sync SESSION_DRIVER=file -SESSION_LIFETIME=120 +SESSION_LIFETIME=10080 MEMCACHED_HOST=127.0.0.1 -REDIS_HOST=127.0.0.1 -REDIS_PASSWORD=null -REDIS_PORT=6379 - MAIL_MAILER=smtp MAIL_HOST=mailpit MAIL_PORT=1025 @@ -62,20 +49,6 @@ MAIL_ENCRYPTION=null MAIL_FROM_ADDRESS="hello@example.com" MAIL_FROM_NAME="${APP_NAME}" -AWS_ACCESS_KEY_ID= -AWS_SECRET_ACCESS_KEY= -AWS_DEFAULT_REGION=us-east-1 -AWS_BUCKET= -AWS_USE_PATH_STYLE_ENDPOINT=false - -PUSHER_APP_ID= -PUSHER_APP_KEY= -PUSHER_APP_SECRET= -PUSHER_HOST= -PUSHER_PORT=443 -PUSHER_SCHEME=https -PUSHER_APP_CLUSTER=mt1 - VITE_PUSHER_APP_KEY="${PUSHER_APP_KEY}" VITE_PUSHER_HOST="${PUSHER_HOST}" VITE_PUSHER_PORT="${PUSHER_PORT}" diff --git a/app/Http/Controllers/FrontController.php b/app/Http/Controllers/FrontController.php index 289515e..eee9980 100644 --- a/app/Http/Controllers/FrontController.php +++ b/app/Http/Controllers/FrontController.php @@ -25,6 +25,8 @@ public function __construct() */ public function index() { + $this->authorize('index', Event::class); + $now = Carbon::now(); $events = Event::whereBetween('start_date', [$now, $now->copy()->addDay()]) ->orderBy('start_date', 'asc') diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index e4c3901..7b2b9ed 100755 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -64,6 +64,5 @@ class Kernel extends HttpKernel 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, 'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class, 'api-token' => \App\Http\Middleware\ApiToken::class, - 'staff' => \App\Http\Middleware\StaffCheck::class, ]; } diff --git a/app/Http/Middleware/StaffCheck.php b/app/Http/Middleware/StaffCheck.php deleted file mode 100644 index 5e89a8d..0000000 --- a/app/Http/Middleware/StaffCheck.php +++ /dev/null @@ -1,31 +0,0 @@ -groups->where('id', '<=', 2)->isNotEmpty(); - } - - if(!$check) { - auth()->logout(); - return redirect()->route('welcome')->withError('You do not have permission to access this system.'); - } - - return $next($request); - } -} diff --git a/app/Policies/UserPolicy.php b/app/Policies/UserPolicy.php index 3aaabb5..7aaf578 100644 --- a/app/Policies/UserPolicy.php +++ b/app/Policies/UserPolicy.php @@ -18,7 +18,7 @@ public function index(User $user) public function view(User $user, User $model) { - return $user->isAdmin() || $user->is($model); + return $user->isAdmin() || ($user->is($model) && $user->isModeratorOrAbove()); } public function viewAccess(User $user) diff --git a/config/custom.php b/config/custom.php index b69dd29..9dc83c4 100644 --- a/config/custom.php +++ b/config/custom.php @@ -9,6 +9,4 @@ */ 'discord_bot_token' => env('DISCORD_BOT_TOKEN', null), 'discord_guild_id' => env('DISCORD_GUILD_ID', null), - - 'events_api_key' => env('EVENTS_API_KEY', null), ]; \ No newline at end of file diff --git a/public/images/vatsca.svg b/public/images/vatsca.svg index 340ea27..0b912e1 100644 --- a/public/images/vatsca.svg +++ b/public/images/vatsca.svg @@ -1 +1 @@ -Negative \ No newline at end of file +Arrow transparent \ No newline at end of file diff --git a/public/images/vatsca_logo.svg b/public/images/vatsca_logo.svg new file mode 100644 index 0000000..340ea27 --- /dev/null +++ b/public/images/vatsca_logo.svg @@ -0,0 +1 @@ +Negative \ No newline at end of file diff --git a/resources/views/layouts/auth/sidebar.blade.php b/resources/views/layouts/auth/sidebar.blade.php index 0f5bb53..dbd4ef0 100644 --- a/resources/views/layouts/auth/sidebar.blade.php +++ b/resources/views/layouts/auth/sidebar.blade.php @@ -96,7 +96,7 @@ @endif - + Event Manager v{{ config('app.version') }} @else diff --git a/resources/views/layouts/public/topbar.blade.php b/resources/views/layouts/public/topbar.blade.php index e9aa169..84ccf29 100644 --- a/resources/views/layouts/public/topbar.blade.php +++ b/resources/views/layouts/public/topbar.blade.php @@ -15,11 +15,13 @@ @if (Route::has('login')) @auth -
  • - - - Dashboard -
    • + @can('index', \App\Models\Event::class) +
  • + + + Dashboard +
    • + @endcan @else
  • diff --git a/resources/views/welcome.blade.php b/resources/views/welcome.blade.php index a6ae408..6e8de80 100755 --- a/resources/views/welcome.blade.php +++ b/resources/views/welcome.blade.php @@ -2,9 +2,6 @@ @section('title', 'Home') @section('content')
    -
    -

    Welcome to {{ config('app.owner_name') }} Event Manager

    -
    @@ -23,9 +20,7 @@
    • @endforeach @else -
  • -

    No Events Available

    -
    • + No Events Available @endif diff --git a/routes/web.php b/routes/web.php index d1d61de..cc23241 100755 --- a/routes/web.php +++ b/routes/web.php @@ -38,7 +38,7 @@ // Auth::routes(); -Route::middleware(['auth', 'staff'])->group(function() { +Route::middleware(['auth'])->group(function() { Route::get('/dashboard', [FrontController::class, 'index'])->name('dashboard'); diff --git a/tests/Feature/Models/CalendarTest.php b/tests/Feature/Models/CalendarTest.php index ed21862..d4a53a9 100644 --- a/tests/Feature/Models/CalendarTest.php +++ b/tests/Feature/Models/CalendarTest.php @@ -40,7 +40,7 @@ public function test_calendars_page_cannot_be_rendered_without_correct_permissio $response = $this->actingAs($user)->get(route('calendars.index')); // Check status code - $response->assertStatus(302); + $response->assertStatus(403); } /** @@ -70,7 +70,7 @@ public function test_calendars_create_page_cannot_be_rendered_without_correct_pe $response = $this->actingAs($user)->get(route('calendars.create')); // Check status code - $response->assertStatus(302); + $response->assertStatus(403); } /** @@ -107,7 +107,7 @@ public function test_calendars_edit_page_cannot_be_rendered_without_correct_perm $response = $this->actingAs($user)->get(route('calendars.edit', $calendar)); // Check status code - $response->assertStatus(302); + $response->assertStatus(403); } /** diff --git a/tests/Feature/Models/EventTest.php b/tests/Feature/Models/EventTest.php index a2fc4b8..fa4c349 100644 --- a/tests/Feature/Models/EventTest.php +++ b/tests/Feature/Models/EventTest.php @@ -44,7 +44,7 @@ public function test_events_page_cannot_be_rendered_without_correct_permissions( $response = $this->actingAs($user)->get(route('events.index')); // Check status code - $response->assertStatus(302); + $response->assertStatus(403); } /** @@ -74,7 +74,7 @@ public function test_events_create_page_cannot_be_rendered_without_correct_permi $response = $this->actingAs($user)->get(route('events.create')); // Check status code - $response->assertStatus(302); + $response->assertStatus(403); } /** @@ -113,7 +113,7 @@ public function test_events_edit_page_cannot_be_rendered_without_correct_permiss $response = $this->actingAs($user)->get(route('events.edit', $event)); // Check status code - $response->assertStatus(302); + $response->assertStatus(403); } public function test_normal_event_can_be_created() : void diff --git a/tests/Feature/Models/UserTest.php b/tests/Feature/Models/UserTest.php index 39fd7ac..db5e564 100644 --- a/tests/Feature/Models/UserTest.php +++ b/tests/Feature/Models/UserTest.php @@ -40,7 +40,7 @@ public function test_users_page_cannot_be_rendered(): void $response = $this->actingAs($user)->get(route('users.index', $user)); // Check status code - $response->assertStatus(302); + $response->assertStatus(403); } /**