actcur/Recipes
4
0
Fork 0
forked from acearo/base-laravel
Code Issues 2 Pull requests Projects Releases Wiki Activity

Configured page permissions

Browse source
This commit is contained in:
Beth Parker 2022-02-12 22:54:39 -06:00
parent feb8b6d0d9
commit a4c706f99f
4 changed files with 41 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
app/Http/Controllers/RecipeController.php
View file

@ -15,9 +15,6 @@ class RecipeController extends Controller
*/ */
public function __construct(){ public function __construct(){
$this->middleware('auth', ['except' => ['index','show']]); $this->middleware('auth', ['except' => ['index','show']]);
$this->middleware(['permissions:CreateUser.EditUser.DeleteUser.AssignRole'], ['only' => ['index','show']]);
$this->middleware(['permissions:DeleteUser'], ['only' => ['destroy']]);
} }
/** /**
* Display a listing of the resource. * Display a listing of the resource.
@ -38,7 +35,12 @@ class RecipeController extends Controller
} }
public function edit($id){ public function edit($id){
//verify user has permission to access page
$recipe=Recipe::with('user')->with('categories')->with('ingredients')->findOrFail($id); $recipe=Recipe::with('user')->with('categories')->with('ingredients')->findOrFail($id);
if(!(\Auth::user()->hasPerm('EditRecipe') || \Auth::user()->id == $recipe->user_id)){
return redirect()->route('recipes.index')->with('message','You don\'t have permission to access this page');
}
$lists['ingredients']=array_values(RecipeIngredient::get()->sortby('name')->pluck('name')->unique()->toArray()); $lists['ingredients']=array_values(RecipeIngredient::get()->sortby('name')->pluck('name')->unique()->toArray());
$lists['measurements']=array_values(RecipeIngredient::get()->sortby('measurement')->pluck('measurement')->unique()->toArray()); $lists['measurements']=array_values(RecipeIngredient::get()->sortby('measurement')->pluck('measurement')->unique()->toArray());
$lists['categories']=array_values(RecipeCategory::get()->sortby('name')->pluck('name')->unique()->toArray()); $lists['categories']=array_values(RecipeCategory::get()->sortby('name')->pluck('name')->unique()->toArray());
@ -49,7 +51,11 @@ class RecipeController extends Controller
public function update(Request $request, $id) public function update(Request $request, $id)
{ {
//verify user has permission to access page
$recipe = Recipe::with('ingredients')->with('categories')->findOrFail($id); $recipe = Recipe::with('ingredients')->with('categories')->findOrFail($id);
if(!(\Auth::user()->hasPerm('EditRecipe') || \Auth::user()->id == $recipe->user_id)){
return redirect()->route('recipes.index')->with('message','You don\'t have permission to access this page');
}
$this->validate($request, [ $this->validate($request, [
'name'=>'required|max:500', 'name'=>'required|max:500',
@ -235,4 +241,24 @@ class RecipeController extends Controller
} }
return redirect()->route('recipes.index')->with('message','Recipe successfully edited.'); return redirect()->route('recipes.index')->with('message','Recipe successfully edited.');
} }
/**
* Remove the specified resource from storage.
*
* @param int $id
* @return \Illuminate\Http\Response
*/
public function destroy($id)
{
//Find and remove user
$recipe = Recipe::with('categories')->with("ingredients")->findOrFail($id);
if(!(\Auth::user()->hasPerm('DeleteRecipe') || \Auth::user()->id == $recipe->user_id)){
return redirect()->route('recipes.index')->with('message','You don\'t have permission to access this page');
}
foreach($recipe->categories as $c) $c->delete();
foreach($recipe->ingredients as $i) $i->delete();
$recipe->delete();
return redirect()->route('recipes.index')->with('message','Recipe successfully deleted.');
}
} }

3
database/seeders/PermissionSeeder.php
View file

@ -23,6 +23,9 @@ class PermissionSeeder extends Seeder
['name'=>'Create Role', 'category'=>'Roles', 'details'=>'Create New Roles'], ['name'=>'Create Role', 'category'=>'Roles', 'details'=>'Create New Roles'],
['name'=>'Edit Role', 'category'=>'Roles', 'details'=>'Edit Existing Roles'], ['name'=>'Edit Role', 'category'=>'Roles', 'details'=>'Edit Existing Roles'],
['name'=>'Delete Role', 'category'=>'Roles', 'details'=>'Delete Existing Roles'], ['name'=>'Delete Role', 'category'=>'Roles', 'details'=>'Delete Existing Roles'],
['name'=>'Edit Recipe', 'category'=>'Recipes', 'details'=>'Edit Recipes from other Users'],
['name'=>'Delete Recipe', 'category'=>'Recipes', 'details'=>'Delete Recipes from other Users'],
]; ];
foreach ($permissions as $key => $value) { foreach ($permissions as $key => $value) {
Permission::updateOrCreate($value); Permission::updateOrCreate($value);

4
resources/views/layouts/segments/logout.blade.php
View file

@ -1,4 +1,4 @@
<li> <li class="test">
<a href="{{ route('logout') }}" onclick="event.preventDefault(); document.getElementById('logout-form').submit();">Logout</a> <a href="{{ route('logout') }}" class="test" onclick="event.preventDefault(); document.getElementById('logout-form').submit();"><span>Logout</span></a>
<form id="logout-form" action="{{ route('logout') }}" method="POST" style="display: none;">{{ csrf_field() }}</form> <form id="logout-form" action="{{ route('logout') }}" method="POST" style="display: none;">{{ csrf_field() }}</form>
</li> </li>

8
resources/views/recipes/show.blade.php
View file

@ -2,7 +2,13 @@
@extends('content_wrappers.md-10') @extends('content_wrappers.md-10')
@section('title', ' | '.$recipe->name) @section('title', ' | '.$recipe->name)
@section('heading', $recipe->name) @section('heading')
@if(Auth::user() && (in_array('EditRecipe',$allperms) || $recipe->user_id == Auth::user()->id))
<a href="{{ route('recipes.edit', $recipe->id) }}">{{$recipe->name}}</a>
@else
{{$recipe->name }}
@endif
@endsection
@section('content') @section('content')
<div class="panel-body"> <div class="panel-body">