Compare commits

...

3 Commits

Author SHA1 Message Date
aslan df05cd21f4 add middleware auth, optimize abort_if
Tests & Lint & Deploy to Railway / build (20.x, 8.2) (push) Successful in 2m2s Details
Tests & Lint & Deploy to Railway / deploy (8.1) (push) Failing after 1m11s Details
2024-01-25 10:51:39 +03:00
aslan 956681c0b3 add middleware auth, optimize abort_if 2024-01-25 10:51:29 +03:00
aslan 52d2073dee delete menu item 2024-01-25 10:50:37 +03:00
3 changed files with 23 additions and 40 deletions

View File

@ -12,6 +12,10 @@ use Illuminate\Support\Facades\Auth;
class ReceptionScreenController extends Controller class ReceptionScreenController extends Controller
{ {
public function __construct()
{
$this->middleware('auth');
}
public function index(): View|Application|Factory|\Illuminate\Contracts\Foundation\Application public function index(): View|Application|Factory|\Illuminate\Contracts\Foundation\Application
{ {
$receptionScreens = ReceptionScreen::all()->sortBy('position'); $receptionScreens = ReceptionScreen::all()->sortBy('position');
@ -20,9 +24,8 @@ class ReceptionScreenController extends Controller
public function create(): View public function create(): View
{ {
if (Auth::guest()) { abort_if(Auth::guest(), 403);
abort(403);
}
$receptionScreens = ReceptionScreen::all()->sortBy('position'); $receptionScreens = ReceptionScreen::all()->sortBy('position');
return view('admin-reception-screen.create', compact('receptionScreens')); return view('admin-reception-screen.create', compact('receptionScreens'));
} }
@ -39,6 +42,8 @@ class ReceptionScreenController extends Controller
} }
public function edit($id) public function edit($id)
{ {
abort_if(Auth::guest(), 403);
$receptionScreen = new ReceptionScreen(); $receptionScreen = new ReceptionScreen();
$currentReceptionScreen = $receptionScreen->find($id); $currentReceptionScreen = $receptionScreen->find($id);
$receptionScreens = $receptionScreen->all()->sortBy('position'); $receptionScreens = $receptionScreen->all()->sortBy('position');

View File

@ -15,26 +15,22 @@ use Illuminate\Support\Str;
class UserController extends Controller class UserController extends Controller
{ {
public function __construct()
{
$this->middleware('auth');
}
public function index(): View|Application|Factory|\Illuminate\Contracts\Foundation\Application public function index(): View|Application|Factory|\Illuminate\Contracts\Foundation\Application
{ {
if (!Auth::user('admin')) { abort_if(!Auth::user('admin'), 403);
abort(403, 'У вас нет прав доступа');
}
if (Auth::guest()) {
abort(403, 'Вы не авторизованы!');
}
$users = User::all(); $users = User::all();
return view('users.index', compact('users')); return view('users.index', compact('users'));
} }
public function store(UpdateUserRequest $request): RedirectResponse public function store(UpdateUserRequest $request): RedirectResponse
{ {
if (Auth::guest()) { abort_if(!Auth::user('admin'), 403);
abort(403, 'Вы не авторизованы!');
}
if (!Auth::user('admin')) {
abort(403, 'У вас нет прав доступа');
}
$validated = $request->validated(); $validated = $request->validated();
$user = new User(); $user = new User();
@ -48,34 +44,21 @@ class UserController extends Controller
public function create(): View|Application|Factory|\Illuminate\Contracts\Foundation\Application public function create(): View|Application|Factory|\Illuminate\Contracts\Foundation\Application
{ {
if (!Auth::user('admin')) { abort_if(!Auth::user('admin'), 403);
abort(403, 'У вас нет прав доступа');
}
if (Auth::guest()) {
abort(403, 'Вы не авторизованы!');
}
return view('users.create'); return view('users.create');
} }
public function edit(User $user): View|Application|Factory|\Illuminate\Contracts\Foundation\Application public function edit(User $user): View|Application|Factory|\Illuminate\Contracts\Foundation\Application
{ {
if (!Auth::user('admin')) { abort_if(!Auth::user('admin'), 403);
abort(403, 'У вас нет прав доступа');
}
if (Auth::guest()) {
abort(403, 'Вы не авторизованы!');
}
return view('users.edit', compact('user')); return view('users.edit', compact('user'));
} }
public function update(UpdateUserRequest $request, User $user): RedirectResponse public function update(UpdateUserRequest $request, User $user): RedirectResponse
{ {
if (!Auth::user('admin')) { abort_if(!Auth::user('admin'), 403);
abort(403, 'У вас нет прав доступа');
}
if (Auth::guest()) {
abort(403, 'Вы не авторизованы!');
}
$validated = $request->validated(); $validated = $request->validated();
@ -90,12 +73,8 @@ class UserController extends Controller
public function destroy(User $user): RedirectResponse public function destroy(User $user): RedirectResponse
{ {
if (!Auth::user('admin')) { abort_if(!Auth::user('admin'), 403);
abort(403, 'У вас нет прав доступа');
}
if (Auth::guest()) {
abort(403, 'Вы не авторизованы!');
}
$user->delete(); $user->delete();
return redirect()->route('users.index'); return redirect()->route('users.index');

View File

@ -50,7 +50,6 @@
<aside class="list-group col-2"> <aside class="list-group col-2">
<ul> <ul>
<li class="list-group-item"><a href="{{ route('admin-reception-screen.index') }}">Экран Приема</a></li> <li class="list-group-item"><a href="{{ route('admin-reception-screen.index') }}">Экран Приема</a></li>
<li class="list-group-item"><a href="">Дни открытых дверей</a></li>
@if(!is_null(Auth::getUser()) && Auth::getUser()->name === 'admin') @if(!is_null(Auth::getUser()) && Auth::getUser()->name === 'admin')
<li class="list-group-item"></li> <li class="list-group-item"></li>
<li class="list-group-item"><a href="{{ route('users.index') }}">Список администраторов</a></li> <li class="list-group-item"><a href="{{ route('users.index') }}">Список администраторов</a></li>