From 495bdde1d5f7aba46ddb71c8a04158d59b0ba923 Mon Sep 17 00:00:00 2001 From: Zeeshan Ahmed Date: Wed, 5 Apr 2017 16:57:48 +0500 Subject: [PATCH] Fix #63 Fix #62 fix user permission bug --- app/Http/Controllers/InviteController.php | 25 --- app/Http/Controllers/TeamController.php | 7 +- app/Http/Middleware/CheckPermission.php | 4 +- app/Models/User.php | 4 +- public/js/app.js | 235 +++++++++++----------- resources/views/errors/403.blade.php | 34 ++++ routes/web.php | 2 +- 7 files changed, 162 insertions(+), 149 deletions(-) create mode 100644 resources/views/errors/403.blade.php diff --git a/app/Http/Controllers/InviteController.php b/app/Http/Controllers/InviteController.php index c8389a14..3bf15b3f 100644 --- a/app/Http/Controllers/InviteController.php +++ b/app/Http/Controllers/InviteController.php @@ -19,16 +19,6 @@ public function __construct(Request $request, Invite $invite) $this->invite = $invite; } - public function index() - { - - } - - public function create() - { - - } - public function store(Team $team) { $this->validate($this->request, Invite::INVITE_RULES, [ @@ -57,21 +47,6 @@ public function sendInvitationEmail($invitation, $team) return true; } - public function show($id) - { - - } - - public function edit($id) - { - - } - - public function update(Request $request, $id) - { - - } - public function destroy(Team $team, $invitationCode) { $this->invite->where('code', $invitationCode)->where('team_id', $team->id)->delete(); diff --git a/app/Http/Controllers/TeamController.php b/app/Http/Controllers/TeamController.php index c61b20c6..27284696 100644 --- a/app/Http/Controllers/TeamController.php +++ b/app/Http/Controllers/TeamController.php @@ -55,11 +55,6 @@ public function isContentTypeJson() return $this->request->header('content-type') == 'application/json'; } - public function edit($id) - { - - } - public function update(Team $team) { if($team->name === $this->request->get('team_name')) { @@ -111,7 +106,7 @@ public function postJoin(Team $team, $hash) $invitation = (new Invite)->getInvitation($team->id, $hash); - DB::table('users_roles')->update([ + DB::table('users_roles')->insert([ 'role_id' => $invitation->role_id, 'user_id' => $user->id, 'team_id' => $team->id, diff --git a/app/Http/Middleware/CheckPermission.php b/app/Http/Middleware/CheckPermission.php index 4feaf8ee..ea0715d7 100644 --- a/app/Http/Middleware/CheckPermission.php +++ b/app/Http/Middleware/CheckPermission.php @@ -22,8 +22,6 @@ public function handle($request, Closure $next, $permissions = null) } } - return response()->json([ - 'Unauthorized.' - ], 401); + abort(403); } } diff --git a/app/Models/User.php b/app/Models/User.php index 206af1de..8c8c57ca 100644 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -77,7 +77,7 @@ public function watchWikis() */ public function roles() { - return $this->hasMany(Role::class, 'user_id', 'id')->with('permissions'); + return $this->belongsToMany(Role::class, 'users_roles', 'user_id', 'role_id')->with('permissions'); } /** @@ -293,7 +293,7 @@ public function hasPermission($routePermissions) { $routePermissions = explode('|', $routePermissions); - $roles = $this->with('roles')->findOrFail(Auth::user()->id)->roles; + $roles = Auth::user()->roles; foreach ($roles as $role) { foreach ($role->permissions as $permission) { diff --git a/public/js/app.js b/public/js/app.js index 20759223..9a2b3e06 100644 --- a/public/js/app.js +++ b/public/js/app.js @@ -1,5 +1,5 @@ var App = { - init: function(params = null) { + init: function (params = null) { this.params = params; this.bindUI(); this.initJcrop(); @@ -57,7 +57,9 @@ var App = { }, cache: true }, - escapeMarkup: function (markup) { return markup; }, + escapeMarkup: function (markup) { + return markup; + }, minimumInputLength: 1, templateResult: formatMember, templateSelection: formatMemberSelection, @@ -65,19 +67,19 @@ var App = { function formatMember(member) { if (member.loading) return member.text; - let profile_image = '/img/no-image.png'; + let profile_image = '/img/no-image.png'; - if(member.profile_image.length) { - profile_image = '/img/avatars/'+member.profile_image; + if (member.profile_image !== null) { + profile_image = '/img/avatars/' + member.profile_image; } return `
- Image + Image
-

`+member.slug+` `+member.name +`

+

` + member.slug + ` ` + member.name + `

`; @@ -87,19 +89,19 @@ var App = { if (member.selected === true) { return member.text; } - return member.name; + return member.first_name + ' ' + member.last_name; } - var fixAffixWidth = function() { - $('[data-spy="affix"]').each(function() { - $(this).width( $(this).parent().width() ); + var fixAffixWidth = function () { + $('[data-spy="affix"]').each(function () { + $(this).width($(this).parent().width()); }); } fixAffixWidth(); $(window).resize(fixAffixWidth); }, setCategoryItemBgColor() { - $('#categories-list #categories-list-item').each(function(index, el) { + $('#categories-list #categories-list-item').each(function (index, el) { let categoryName = $(el).data('name'); let colorHash = new ColorHash(); let categoryBgColor = colorHash.hex(categoryName); @@ -114,8 +116,8 @@ var App = { let currentSpace = $('.wikis-list').data('space'); // Match the current space with opened space and set background color wikis space icons. - if($(el).data('name') === currentSpace) { - $('.wikis-list .wikis-list-item').each(function(index, el) { + if ($(el).data('name') === currentSpace) { + $('.wikis-list .wikis-list-item').each(function (index, el) { $(el).find('.item-category-label').css({ 'background-color': categoryBgColor, 'color': '#ffffff', @@ -125,11 +127,11 @@ var App = { }); }, initCKEditor() { - if($('#wiki-description').length) { + if ($('#wiki-description').length) { CKEDITOR.replace('wiki-description', { width: "100%", - contentsCss: "/css/ckeditor-custom.css" , + contentsCss: "/css/ckeditor-custom.css", height: $('#wiki-description').data('height'), enableTabKeyTools: true, removePlugins: 'elementspath', @@ -138,14 +140,20 @@ var App = { resize_enabled: false, uiColor: '#eeeeee', toolbar: [ - { name: 'justify3', items: ['Format'] }, - { name: 'clipboard', items: ['Cut', 'Copy', 'Paste', 'PasteText', 'PasteFromWord', '-', 'Bold', 'Italic', 'Underline', 'Strike'] }, - { name: 'colors', items: ['TextColor', 'BGColor', 'RemoveFormat', 'SelectAll', '-', 'NumberedList', 'BulletedList'] }, - { name: 'justify', items: ['JustifyLeft', 'JustifyCenter', 'JustifyRight', 'JustifyBlock'] }, - { name: 'insert', items: ['Table', 'HorizontalRule', 'PageBreak', '-', 'Link', 'Iframe'] }, - { name: 'editing', items: ['SpellCheck', '-', 'Find', 'Replace', ] }, - { name: 'paragraph', items: ['-', 'Outdent', 'Indent'] }, - { name: 'justify2', items: ['CodeSnippet', 'Source', 'Maximize', '-', 'Undo', 'Redo'] }, + {name: 'justify3', items: ['Format']}, + { + name: 'clipboard', + items: ['Cut', 'Copy', 'Paste', 'PasteText', 'PasteFromWord', '-', 'Bold', 'Italic', 'Underline', 'Strike'] + }, + { + name: 'colors', + items: ['TextColor', 'BGColor', 'RemoveFormat', 'SelectAll', '-', 'NumberedList', 'BulletedList'] + }, + {name: 'justify', items: ['JustifyLeft', 'JustifyCenter', 'JustifyRight', 'JustifyBlock']}, + {name: 'insert', items: ['Table', 'HorizontalRule', 'PageBreak', '-', 'Link', 'Iframe']}, + {name: 'editing', items: ['SpellCheck', '-', 'Find', 'Replace',]}, + {name: 'paragraph', items: ['-', 'Outdent', 'Indent']}, + {name: 'justify2', items: ['CodeSnippet', 'Source', 'Maximize', '-', 'Undo', 'Redo']}, ] }); } @@ -157,14 +165,14 @@ var App = { }, getTeamMembers() { let that = this; - $.getJSON("/api/team/members", function(data) { + $.getJSON("/api/team/members", function (data) { var members = []; - $.each(data, function(index, val) { - members.push({ - 'id' : val.id, - 'name' : val.slug, - 'full_name' : val.name, - 'profile_image' : val.profile_image === null ? '/img/no-image.png' : '/img/avatars/' + val.profile_image, + $.each(data, function (index, val) { + members.push({ + 'id': val.id, + 'name': val.slug, + 'full_name': val.first_name + ' ' + val.last_name, + 'profile_image': val.profile_image === null ? '/img/no-image.png' : '/img/avatars/' + val.profile_image, }) }); that.members = members; @@ -194,7 +202,9 @@ var App = { "womans_hat", "womens", "x", "yellow_heart", "zap", "zzz", ]; - var emojis = $.map(emojis, function(value, i) {return {key: value, name:value}}); + var emojis = $.map(emojis, function (value, i) { + return {key: value, name: value} + }); $('#comment-input-textarea').atwho({ at: "@", @@ -217,16 +227,16 @@ var App = { var $group = $('.CarouselGroup'); var $group2 = $group.clone().appendTo($carousel); - var animate = function() { - $group.css({marginLeft: 0}).animate({marginLeft: -$group.width()}, 70000, 'linear').promise().done(function() { - animate(); - }); + var animate = function () { + $group.css({marginLeft: 0}).animate({marginLeft: -$group.width()}, 70000, 'linear').promise().done(function () { + animate(); + }); }; animate(); } }, - initJcrop: function() { + initJcrop: function () { var that = this; $('#cropimage').Jcrop({ onSelect: that.updateCropCoords, @@ -238,7 +248,7 @@ var App = { setSelect: [160, 160, 160, 160], }); }, - updateCropCoords: function(c) { + updateCropCoords: function (c) { $('#x').val(c.x); $('#y').val(c.y); $('#w').val(c.w); @@ -257,12 +267,12 @@ var App = { success(data) { $(element).find('#spinner').hide(); $(element).find('#like-page, #like-wiki').show(); - if(data.like === true) { + if (data.like === true) { $(element).find('img[data-toggle="tooltip"], i[data-toggle="tooltip"]').attr('title', 'Unlike').tooltip('fixTitle'); - $(element).find('#likes-counter').text(parseInt($(element).find('#likes-counter').text())+1); - } else { + $(element).find('#likes-counter').text(parseInt($(element).find('#likes-counter').text()) + 1); + } else { $(element).find('img[data-toggle="tooltip"], i[data-toggle="tooltip"]').attr('title', 'Like').tooltip('fixTitle'); - $(element).find('#likes-counter').text(parseInt($(element).find('#likes-counter').text())-1); + $(element).find('#likes-counter').text(parseInt($(element).find('#likes-counter').text()) - 1); } } }); @@ -276,17 +286,17 @@ var App = { _method: 'delete', commentId: commentId }, - success: function(data) { - if(data.deleted === true) { - $('#total-subject-comments').text(parseInt($('#total-subject-comments').text())-1); + success: function (data) { + if (data.deleted === true) { + $('#total-subject-comments').text(parseInt($('#total-subject-comments').text()) - 1); $(element).closest('.comment').animate({ - 'opacity' : '0.5' - }, 100).slideUp(100, function() { + 'opacity': '0.5' + }, 100).slideUp(100, function () { $(element).closest('.comment').remove(); }); } }, - error: function(error) { + error: function (error) { console.log(error); } }); @@ -298,18 +308,18 @@ var App = { type: 'POST', dataType: 'json', data: { - subject : comment, - subjectType : 'comment' + subject: comment, + subjectType: 'comment' }, success(data) { $(element).closest('li').find('#spinner').hide(); $(element).show(); - if(data.like === true) { + if (data.like === true) { $(element).html(' Unlike'); - $(element).closest('li').find('#comment-like-counter').text(parseInt($(element).closest('li').find('#comment-like-counter').text())+1); - } else { + $(element).closest('li').find('#comment-like-counter').text(parseInt($(element).closest('li').find('#comment-like-counter').text()) + 1); + } else { $(element).html(' Like'); - $(element).closest('li').find('#comment-like-counter').text(parseInt($(element).closest('li').find('#comment-like-counter').text())-1); + $(element).closest('li').find('#comment-like-counter').text(parseInt($(element).closest('li').find('#comment-like-counter').text()) - 1); } } }); @@ -333,7 +343,7 @@ var App = { }, error(error) { var errors = JSON.parse(error.responseText); - if(errors.comment) { + if (errors.comment) { toastr.error(errors.comment[0]); } } @@ -370,9 +380,9 @@ var App = { bindUI: function () { var that = this; - $('.overall-search-input').on('keydown', function() { + $('.overall-search-input').on('keydown', function () { let input = this; - setTimeout(function() { + setTimeout(function () { let q = $(input).val(); $.ajax({ @@ -385,7 +395,7 @@ var App = { success(data) { let html = ''; - $.each(data, function(index, val) { + $.each(data, function (index, val) { if (index === 'wikis' && data.wikis.length > 0) { html += `
  • - `+item.text+` + ` + item.text + `
  • `; }); @@ -431,13 +441,13 @@ var App = { }, 500); }); - if($('#categories-list #categories-list-item').length) { + if ($('#categories-list #categories-list-item').length) { new List('categories-list', { valueNames: ['item-name'] }); } - $("#team_logo, #profile_image").change(function(){ + $("#team_logo, #profile_image").change(function () { that.readURL(this); }); @@ -446,7 +456,7 @@ var App = { JcropAPI.destroy(); }); - $(document).on('click', '#like-comment', function(e) { + $(document).on('click', '#like-comment', function (e) { e.preventDefault(); let comment = $(this).data('comment-id'); @@ -456,27 +466,27 @@ var App = { that.likeComment(comment, this); }); - $(document).on('click', '#close-comment-update', function(e) { + $(document).on('click', '#close-comment-update', function (e) { e.preventDefault(); $(this).closest('.comment').find('.comment-body-inner').show(); $(this).closest('.comment').find('.comment-body-con').find('#update-comment-form').remove(); }); - $(document).on('click', '#update-comment-btn', function(e) { + $(document).on('click', '#update-comment-btn', function (e) { e.preventDefault(); let commentId = $(this).closest('#update-comment-form').find('#comment-input-textarea').data('comment-id'); let oldComment = $(this).closest('.comment').find('.comment-content').data('comment-content'); let comment = $(this).closest('#update-comment-form').find('#comment-input-textarea').val(); - if(oldComment == comment) { + if (oldComment == comment) { return $(this).closest('.comment').find('#close-comment-update').trigger('click'); } that.updateComment(commentId, comment, this); }); - $(document).on('click', '#edit-comment', function(e) { + $(document).on('click', '#edit-comment', function (e) { e.preventDefault(); let comment = $(this).closest('.comment').find('.comment-content').data('comment-content'); let commentId = $(this).closest('.comment').data('comment-id'); @@ -484,7 +494,7 @@ var App = { var form = `
    - +
    Cancel Save Changes @@ -497,16 +507,16 @@ var App = { that.intiCommentMention(); }); - $(document).on('click', '#delete-comment', function(e) { + $(document).on('click', '#delete-comment', function (e) { e.preventDefault(); - if(confirm('Are you sure?')) { + if (confirm('Are you sure?')) { event.preventDefault(); var commentId = $(this).data('comment-id'); that.deleteComment(commentId, this); } }); - $(document).on('click', '#like-wiki', function(e) { + $(document).on('click', '#like-wiki', function (e) { e.preventDefault(); let wiki = $(this).data('wiki'); $(this).hide(); @@ -514,7 +524,7 @@ var App = { that.likeSubject(wiki, 'wiki', '.wiki-like-con'); }); - $(document).on('click', '#like-page', function(e) { + $(document).on('click', '#like-page', function (e) { e.preventDefault(); let page = $(this).data('page'); $(this).hide(); @@ -522,53 +532,53 @@ var App = { that.likeSubject(page, 'page', '.page-like-con'); }); - if(document.getElementById('timezone')) { - if($('#timezone').data('selected').length) { + if (document.getElementById('timezone')) { + if ($('#timezone').data('selected').length) { $('#timezone').val($('#timezone').data('selected')); } else { $('#timezone').val(Intl.DateTimeFormat().resolvedOptions().timeZone); } } - $('#update-image-size').on('click', function(event) { + $('#update-image-size').on('click', function (event) { event.preventDefault(); $.ajax({ - url: '/organizations/'+Cookies.get('organization_slug')+'/users/avatar/crop', + url: '/organizations/' + Cookies.get('organization_slug') + '/users/avatar/crop', type: 'POST', dataType: 'json', data: { - 'image' : $('#crop-image-form').find('#profile-image-name').val(), - 'x' : $('#crop-image-form').find('#x').val(), - 'y' : $('#crop-image-form').find('#y').val(), - 'w' : $('#crop-image-form').find('#w').val(), - 'h' : $('#crop-image-form').find('#h').val(), + 'image': $('#crop-image-form').find('#profile-image-name').val(), + 'x': $('#crop-image-form').find('#x').val(), + 'y': $('#crop-image-form').find('#y').val(), + 'w': $('#crop-image-form').find('#w').val(), + 'h': $('#crop-image-form').find('#h').val(), }, - success: function(data) { + success: function (data) { $("#profile-pic-cropper").modal('hide'); window.location.reload(); }, - error: function(error) { + error: function (error) { console.log(error); } }); }); - $('#profile_image[type="file"]').on('change', function() { + $('#profile_image[type="file"]').on('change', function () { var formData = new FormData($("#avatar-upload-form")[0]); $.ajax({ - url: '/organizations/'+Cookies.get('organization_slug')+'/users/avatar/store', + url: '/organizations/' + Cookies.get('organization_slug') + '/users/avatar/store', type: 'POST', - cache:false, + cache: false, processData: false, contentType: false, data: formData, - success: function(data) { + success: function (data) { console.log(data); $("#profile-pic-cropper #cropimage").attr('src', '/images/profile-pics/' + data.image); $("#profile-pic-cropper").modal('show'); $("#profile-pic-cropper").find('#profile-image-name').val(data.image); }, - error: function(error) { + error: function (error) { console.log(error); } }); @@ -576,75 +586,76 @@ var App = { }, }; -$(document).ready(function() { +$(document).ready(function () { App.init(); }); -$(function() { - if($('#wiki-page-tree').length > 0 ) { +$(function () { + if ($('#wiki-page-tree').length > 0) { let wiki = $('#wiki-page-tree').data('wiki'); $('#wiki-page-tree').jstree({ core: { - "check_callback" : true, + "check_callback": true, "check_while_dragging": true, - "animation" : 250, - "themes" : { + "animation": 250, + "themes": { 'icons': false, - 'dots' : false, + 'dots': false, 'responsive': true, 'variant': "large", }, - 'data' : { + 'data': { url: function (node) { return '/api/wikis/pages'; }, type: 'POST', - data: function(node) { + data: function (node) { // Open Tree to a node - if($('#page-open').length > 0) { + if ($('#page-open').length > 0) { var page = $('#page-open').data('page'); $('#page-open').remove(); return { - 'page' : page, - 'wiki' : wiki, + 'page': page, + 'wiki': wiki, 'explore': true, } } // Get root nodes - if(node.id === '#') { + if (node.id === '#') { return { - 'wiki' : wiki, + 'wiki': wiki, } } // Get the child nodes of a page return { - 'page' : node.data.slug, + 'page': node.data.slug, } } } }, - plugins: [ "wholerow", "dnd" ] + plugins: ["wholerow", "dnd"] }).on("select_node.jstree", function (e, data) { document.location = data.node.a_attr.href; - }).on("ready.jstree", function(e, data) { - if(data.instance._cnt == 0) { + }).on("ready.jstree", function (e, data) { + if (data.instance._cnt == 0) { var html = `

    No pages yet

    `; $('#wiki-page-tree').replaceWith(html); - }; + } + ; data.instance._open_to($('#wiki-page-tree').data('page')); // Sorting Tree - $("#wiki-page-tree>ul").each(function(){ - $(this).html($(this).children('li').sort(function(a, b){ + $("#wiki-page-tree>ul").each(function () { + $(this).html($(this).children('li').sort(function (a, b) { return ($(b).data('position')) < ($(a).data('position')) ? 1 : -1; })); }); - }).on('move_node.jstree', function(e, data) { + }).on('move_node.jstree', function (e, data) { $.ajax({ url: '/api/pages/reorder', type: 'POST', @@ -654,10 +665,10 @@ $(function() { 'parent': data.parent, 'position': data.position, }, - success: function() { + success: function () { return true; }, - error: function(error) { + error: function (error) { var response = JSON.parse(error.responseText); console.log(response); } diff --git a/resources/views/errors/403.blade.php b/resources/views/errors/403.blade.php new file mode 100644 index 00000000..9b58241b --- /dev/null +++ b/resources/views/errors/403.blade.php @@ -0,0 +1,34 @@ + + + + + 404 - Not Found + + + + + + +
    +

    Oops!

    +
    +

    403 Access denied

    +
    + Sorry, an error has occured, You do not have permission to view this page!
    +
    +
    + +
    + + \ No newline at end of file diff --git a/routes/web.php b/routes/web.php index ffa65fad..d2c17481 100644 --- a/routes/web.php +++ b/routes/web.php @@ -100,7 +100,7 @@ Route::group(['prefix' => '{team_slug}/wikis'], function () { Route::post('', 'WikiController@store')->name('wikis.store'); - Route::get('create', 'WikiController@create')->name('wikis.create')->middleware('acl:admin|add_page|view_page'); + Route::get('create', 'WikiController@create')->name('wikis.create')->middleware('acl:admin|add_page'); Route::get('', 'WikiController@getWikis')->name('teams.wikis'); });