Remove user action authorization by role

8 years ago · 69b9e6af5a
14 changed files with 150 additions and 145 deletions
--- a/app/Entities/BaseRepository.php
+++ b/app/Entities/BaseRepository.php
@ -25,7 +25,7 @@ abstract class BaseRepository extends EloquentRepository
    public function getWorkersList()
    {
        return User::orderBy('name')->hasRoles(['worker'])->pluck('name', 'id');
        return User::orderBy('name')->pluck('name', 'id');
    }
    public function getVendorsList()
--- a/app/Http/Requests/Projects/CreateRequest.php
+++ b/app/Http/Requests/Projects/CreateRequest.php
@ -2,44 +2,46 @@
 namespace App\Http\Requests\Projects;
 use App\Entities\Projects\Project;
 use App\Http\Requests\Request;
 class CreateRequest extends Request {
 class CreateRequest extends Request
 {
 	/**
 	 * Determine if the user is authorized to make this request.
 	 *
 	 * @return bool
 	 */
 	public function authorize()
 	{
 		return auth()->user()->can('add_project');
 	}
    /**
     * Determine if the user is authorized to make this request.
     *
     * @return bool
     */
    public function authorize()
    {
        return auth()->user()->can('create', new Project);
    }
 	/**
 	 * Get the validation rules that apply to the request.
 	 *
 	 * @return array
 	 */
 	public function rules()
 	{
 		return [
 			'name'           => 'required|max:50',
 			'proposal_date'  => 'nullable|date|date_format:Y-m-d',
 			'proposal_value' => 'nullable|numeric',
 			'customer_id'    => 'nullable|numeric',
 			'customer_name'  => 'nullable|required_without:customer_id|max:60',
 			'customer_email' => 'nullable|required_without:customer_id|email|unique:users,email',
 			'description'    => 'nullable|max:255',
 		];
 	}
    /**
     * Get the validation rules that apply to the request.
     *
     * @return array
     */
    public function rules()
    {
        return [
            'name'           => 'required|max:50',
            'proposal_date'  => 'nullable|date|date_format:Y-m-d',
            'proposal_value' => 'nullable|numeric',
            'customer_id'    => 'nullable|numeric',
            'customer_name'  => 'nullable|required_without:customer_id|max:60',
            'customer_email' => 'nullable|required_without:customer_id|email|unique:users,email',
            'description'    => 'nullable|max:255',
        ];
    }
 	public function messages()
 	{
 	    return [
 	    	'customer_name.required_without' => 'Nama Customer Wajib diisi.',
 	    	'customer_email.required_without' => 'Email Customer Wajib diisi.',
 	    ];
 	}
    public function messages()
    {
        return [
            'customer_name.required_without'  => 'Nama Customer Wajib diisi.',
            'customer_email.required_without' => 'Email Customer Wajib diisi.',
        ];
    }
 }
--- a/app/Http/Requests/Projects/DeleteRequest.php
+++ b/app/Http/Requests/Projects/DeleteRequest.php
@ -5,29 +5,30 @@ namespace App\Http\Requests\Projects;
 use App\Entities\Projects\Project;
 use App\Http\Requests\Request;
 class DeleteRequest extends Request {
 class DeleteRequest extends Request
 {
 	/**
 	 * Determine if the user is authorized to make this request.
 	 *
 	 * @return bool
 	 */
 	public function authorize()
 	{
 		$project = Project::findOrFail($this->segment(2));
 		return auth()->user()->can('manage_project', $project);
 	}
    /**
     * Determine if the user is authorized to make this request.
     *
     * @return bool
     */
    public function authorize()
    {
        $project = Project::findOrFail($this->segment(2));
        return auth()->user()->can('update', $project);
    }
 	/**
 	 * Get the validation rules that apply to the request.
 	 *
 	 * @return array
 	 */
 	public function rules()
 	{
 		return [
 			'project_id' => 'required'
 		];
 	}
    /**
     * Get the validation rules that apply to the request.
     *
     * @return array
     */
    public function rules()
    {
        return [
            'project_id' => 'required',
        ];
    }
 }
--- a/app/Http/Requests/Projects/UpdateRequest.php
+++ b/app/Http/Requests/Projects/UpdateRequest.php
@ -5,36 +5,37 @@ namespace App\Http\Requests\Projects;
 use App\Entities\Projects\Project;
 use App\Http\Requests\Request;
 class UpdateRequest extends Request {
 class UpdateRequest extends Request
 {
 	/**
 	 * Determine if the user is authorized to make this request.
 	 *
 	 * @return bool
 	 */
 	public function authorize()
 	{
 		$project = Project::findOrFail($this->segment(2));
 		return auth()->user()->can('manage_project', $project);
 	}
    /**
     * Determine if the user is authorized to make this request.
     *
     * @return bool
     */
    public function authorize()
    {
        $project = Project::findOrFail($this->segment(2));
        return auth()->user()->can('update', $project);
    }
 	/**
 	 * Get the validation rules that apply to the request.
 	 *
 	 * @return array
 	 */
 	public function rules()
 	{
 		return [
 			'name' => 'required|max:50',
 			'description' => 'nullable|max:255',
 			'proposal_date' => 'nullable|date|date_format:Y-m-d',
 			'proposal_value' => 'nullable|numeric',
 			'start_date' => 'nullable|date|date_format:Y-m-d',
 			'end_date' => 'nullable|date|date_format:Y-m-d',
 			'project_value' => 'nullable|numeric',
 			'customer_id' => 'nullable|numeric',
 		];
 	}
    /**
     * Get the validation rules that apply to the request.
     *
     * @return array
     */
    public function rules()
    {
        return [
            'name'           => 'required|max:50',
            'description'    => 'nullable|max:255',
            'proposal_date'  => 'nullable|date|date_format:Y-m-d',
            'proposal_value' => 'nullable|numeric',
            'start_date'     => 'nullable|date|date_format:Y-m-d',
            'end_date'       => 'nullable|date|date_format:Y-m-d',
            'project_value'  => 'nullable|numeric',
            'customer_id'    => 'nullable|numeric',
        ];
    }
 }
--- a/app/Providers/AuthServiceProvider.php
+++ b/app/Providers/AuthServiceProvider.php
@ -31,7 +31,7 @@ class AuthServiceProvider extends ServiceProvider
        // Dynamically register permissions with Laravel's Gate.
        foreach ($this->getPermissions() as $permission) {
            Gate::define($permission, function ($user) {
                return $user->hasRole('admin');
                return  ! is_null($user->agency);
            });
        }
--- a/routes/web/invoices.php
+++ b/routes/web/invoices.php
@ -1,6 +1,6 @@
 <?php
 Route::group(['middleware' => ['web','role:admin']], function() {
 Route::group(['middleware' => ['web', 'auth']], function () {
    /*
     * Invoice Draft Routes
     */
--- a/routes/web/payments.php
+++ b/routes/web/payments.php
@ -1,10 +1,10 @@
 <?php
 Route::group(['middleware' => ['web','role:admin']], function() {
 Route::group(['middleware' => ['web', 'auth']], function () {
    /**
     * Payments Routes
     */
    Route::get('payments/{payment}/pdf', ['as'=>'payments.pdf', 'uses'=>'PaymentsController@pdf']);
    Route::get('payments/{payment}/delete', ['as'=>'payments.delete', 'uses'=>'PaymentsController@delete']);
    Route::resource('payments','PaymentsController');
    Route::get('payments/{payment}/pdf', ['as' => 'payments.pdf', 'uses' => 'PaymentsController@pdf']);
    Route::get('payments/{payment}/delete', ['as' => 'payments.delete', 'uses' => 'PaymentsController@delete']);
    Route::resource('payments', 'PaymentsController');
 });
--- a/routes/web/projects.php
+++ b/routes/web/projects.php
@ -1,41 +1,41 @@
 <?php
 Route::group(['middleware' => ['web','role:admin'], 'namespace' => 'Projects'], function () {
 Route::group(['middleware' => ['web', 'auth'], 'namespace' => 'Projects'], function () {
    /**
     * Projects Routes
     */
    Route::get('projects/{id}/delete', ['as'=>'projects.delete', 'uses'=>'ProjectsController@delete']);
    Route::get('projects/{id}/features', ['as'=>'projects.features', 'uses'=>'ProjectsController@features']);
    Route::get('projects/{id}/features-export/{type?}', ['as'=>'projects.features-export', 'uses'=>'ProjectsController@featuresExport']);
    Route::get('projects/{id}/payments', ['as'=>'projects.payments', 'uses'=>'ProjectsController@payments']);
    Route::get('projects/{id}/subscriptions', ['as'=>'projects.subscriptions', 'uses'=>'ProjectsController@subscriptions']);
    Route::post('projects/{id}/features-reorder', ['as'=>'projects.features-reorder', 'uses'=>'ProjectsController@featuresReorder']);
    Route::patch('projects/{id}/status-update', ['as'=>'projects.status-update', 'uses'=>'ProjectsController@statusUpdate']);
    Route::get('projects/{id}/delete', ['as' => 'projects.delete', 'uses' => 'ProjectsController@delete']);
    Route::get('projects/{id}/features', ['as' => 'projects.features', 'uses' => 'ProjectsController@features']);
    Route::get('projects/{id}/features-export/{type?}', ['as' => 'projects.features-export', 'uses' => 'ProjectsController@featuresExport']);
    Route::get('projects/{id}/payments', ['as' => 'projects.payments', 'uses' => 'ProjectsController@payments']);
    Route::get('projects/{id}/subscriptions', ['as' => 'projects.subscriptions', 'uses' => 'ProjectsController@subscriptions']);
    Route::post('projects/{id}/features-reorder', ['as' => 'projects.features-reorder', 'uses' => 'ProjectsController@featuresReorder']);
    Route::patch('projects/{id}/status-update', ['as' => 'projects.status-update', 'uses' => 'ProjectsController@statusUpdate']);
    Route::resource('projects', 'ProjectsController');
    /**
     * Project Invoices Routes
     */
    Route::get('projects/{project}/invoices', ['as'=>'projects.invoices', 'uses'=>'InvoicesController@index']);
    Route::get('projects/{project}/invoices', ['as' => 'projects.invoices', 'uses' => 'InvoicesController@index']);
    /**
     * Features Routes
     */
    Route::get('projects/{id}/features/create', ['as'=>'features.create', 'uses'=>'FeaturesController@create']);
    Route::get('projects/{id}/features/add-from-other-project', ['as'=>'features.add-from-other-project', 'uses'=>'FeaturesController@addFromOtherProject']);
    Route::post('features/{id}/tasks-reorder', ['as'=>'features.tasks-reorder', 'uses'=>'FeaturesController@tasksReorder']);
    Route::post('projects/{id}/features', ['as'=>'features.store', 'uses'=>'FeaturesController@store']);
    Route::post('projects/{id}/features/store-from-other-project', ['as'=>'features.store-from-other-project', 'uses'=>'FeaturesController@storeFromOtherProject']);
    Route::get('features/{id}/delete', ['as'=>'features.delete', 'uses'=>'FeaturesController@delete']);
    Route::resource('features', 'FeaturesController', ['except' => ['create','store']]);
    Route::get('projects/{id}/features/create', ['as' => 'features.create', 'uses' => 'FeaturesController@create']);
    Route::get('projects/{id}/features/add-from-other-project', ['as' => 'features.add-from-other-project', 'uses' => 'FeaturesController@addFromOtherProject']);
    Route::post('features/{id}/tasks-reorder', ['as' => 'features.tasks-reorder', 'uses' => 'FeaturesController@tasksReorder']);
    Route::post('projects/{id}/features', ['as' => 'features.store', 'uses' => 'FeaturesController@store']);
    Route::post('projects/{id}/features/store-from-other-project', ['as' => 'features.store-from-other-project', 'uses' => 'FeaturesController@storeFromOtherProject']);
    Route::get('features/{id}/delete', ['as' => 'features.delete', 'uses' => 'FeaturesController@delete']);
    Route::resource('features', 'FeaturesController', ['except' => ['create', 'store']]);
    /**
     * Tasks Routes
     */
    Route::get('features/{id}/tasks/create', ['as'=>'tasks.create', 'uses'=>'TasksController@create']);
    Route::post('features/{id}/tasks', ['as'=>'tasks.store', 'uses'=>'TasksController@store']);
    Route::patch('task/{id}', ['as'=>'tasks.update', 'uses'=>'TasksController@update']);
    Route::delete('task/{id}', ['as'=>'tasks.destroy', 'uses'=>'TasksController@destroy']);
    Route::get('features/{id}/tasks/create', ['as' => 'tasks.create', 'uses' => 'TasksController@create']);
    Route::post('features/{id}/tasks', ['as' => 'tasks.store', 'uses' => 'TasksController@store']);
    Route::patch('task/{id}', ['as' => 'tasks.update', 'uses' => 'TasksController@update']);
    Route::delete('task/{id}', ['as' => 'tasks.destroy', 'uses' => 'TasksController@destroy']);
    /**
     * Files Routes
--- a/routes/web/references.php
+++ b/routes/web/references.php
@ -1,6 +1,6 @@
 <?php
 Route::group(['namespace' => 'References', 'middleware' => ['web', 'role:admin']], function () {
 Route::group(['namespace' => 'References', 'middleware' => ['web', 'auth']], function () {
    /**
     * Options Routes
     */
--- a/routes/web/reports.php
+++ b/routes/web/reports.php
@ -1,39 +1,42 @@
 <?php
 Route::group(['middleware' => ['web','role:admin'],'prefix' => 'reports'], function() {
 Route::group(['middleware' => ['web', 'auth'], 'prefix' => 'reports'], function () {
    /**
     * Reports Routes
     */
    Route::get('payments', ['as'=>'reports.payments.index', 'uses' => 'ReportsController@monthly']);
    Route::get('payments/daily', ['as'=>'reports.payments.daily', 'uses' => 'ReportsController@daily']);
    Route::get('payments/monthly', ['as'=>'reports.payments.monthly', 'uses' => 'ReportsController@monthly']);
    Route::get('payments/yearly', ['as'=>'reports.payments.yearly', 'uses' => 'ReportsController@yearly']);
    Route::get('current-credits', ['as'=>'reports.current-credits', 'uses' => 'ReportsController@currentCredits']);
    Route::get('payments', ['as' => 'reports.payments.index', 'uses' => 'ReportsController@monthly']);
    Route::get('payments/daily', ['as' => 'reports.payments.daily', 'uses' => 'ReportsController@daily']);
    Route::get('payments/monthly', ['as' => 'reports.payments.monthly', 'uses' => 'ReportsController@monthly']);
    Route::get('payments/yearly', ['as' => 'reports.payments.yearly', 'uses' => 'ReportsController@yearly']);
    Route::get('current-credits', ['as' => 'reports.current-credits', 'uses' => 'ReportsController@currentCredits']);
    Route::get('log-files', ['as' => 'log-files.index', 'uses' => function() {
            if (!file_exists(storage_path('logs')))
                return [];
    Route::get('log-files', ['as' => 'log-files.index', 'uses' => function () {
        if ( ! file_exists(storage_path('logs'))) {
            return [];
        }
            $logFiles = \File::allFiles(storage_path('logs'));
        $logFiles = \File::allFiles(storage_path('logs'));
            // Sort files by modified time DESC
            usort($logFiles, function($a, $b) {
                return -1 * strcmp($a->getMTime(), $b->getMTime());
            });
        // Sort files by modified time DESC
        usort($logFiles, function ($a, $b) {
            return -1 * strcmp($a->getMTime(), $b->getMTime());
        });
            return view('reports.log-files',compact('logFiles'));
        return view('reports.log-files', compact('logFiles'));
    }]);
    Route::get('log-files/{filename}', ['as' => 'log-files.show', 'uses' => function($fileName) {
        if (file_exists(storage_path('logs/' . $fileName)))
            return response()->file(storage_path('logs/' . $fileName), ['content-type' => 'text/plain']);
    Route::get('log-files/{filename}', ['as' => 'log-files.show', 'uses' => function ($fileName) {
        if (file_exists(storage_path('logs/'.$fileName))) {
            return response()->file(storage_path('logs/'.$fileName), ['content-type' => 'text/plain']);
        }
        return 'Invalid file name.';
    }]);
    Route::get('log-files/{filename}/download', ['as' => 'log-files.download', 'uses' => function($fileName) {
        if (file_exists(storage_path('logs/' . $fileName)))
            return response()->download(storage_path('logs/' . $fileName), env('APP_ENV') . '.' . $fileName);
    Route::get('log-files/{filename}/download', ['as' => 'log-files.download', 'uses' => function ($fileName) {
        if (file_exists(storage_path('logs/'.$fileName))) {
            return response()->download(storage_path('logs/'.$fileName), env('APP_ENV').'.'.$fileName);
        }
        return 'Invalid file name.';
    }]);
--- a/routes/web/subscriptions.php
+++ b/routes/web/subscriptions.php
@ -1,9 +1,9 @@
 <?php
 Route::group(['middleware' => ['web','role:admin']], function() {
 Route::group(['middleware' => ['web', 'auth']], function () {
    /**
     * Subscriptions Routes
     */
    Route::get('subscriptions/{id}/delete', ['as'=>'subscriptions.delete', 'uses'=>'SubscriptionsController@delete']);
    Route::resource('subscriptions','SubscriptionsController');
    Route::get('subscriptions/{id}/delete', ['as' => 'subscriptions.delete', 'uses' => 'SubscriptionsController@delete']);
    Route::resource('subscriptions', 'SubscriptionsController');
 });
--- a/routes/web/users.php
+++ b/routes/web/users.php
@ -1,14 +1,14 @@
 <?php
 Route::group(['middleware' => ['web','role:admin'], 'namespace' => 'Users'], function() {
 Route::group(['middleware' => ['web', 'auth'], 'namespace' => 'Users'], function () {
    /**
     * Users Routes
     */
    Route::get('users/{id}/delete', ['as'=>'users.delete', 'uses'=>'UsersController@delete']);
    Route::resource('users','UsersController');
    Route::get('users/{id}/delete', ['as' => 'users.delete', 'uses' => 'UsersController@delete']);
    Route::resource('users', 'UsersController');
    /**
     * Roles Routes
     */
    Route::resource('roles','RolesController');
    Route::resource('roles', 'RolesController');
 });
--- a/tests/Feature/ManageSubscriptionsTest.php
+++ b/tests/Feature/ManageSubscriptionsTest.php
@ -34,8 +34,8 @@ class ManageSubscriptionsTest extends TestCase
        $this->type('', 'remark');
        $this->press(trans('subscription.create'));
        $this->seePageIs(route('subscriptions.index'));
        $this->see(trans('subscription.created'));
        $this->seePageIs(route('subscriptions.index'));
        $this->seeInDatabase('subscriptions', [
            'project_id'   => $project->id,
--- a/tests/TestCase.php
+++ b/tests/TestCase.php
@ -32,7 +32,7 @@ abstract class TestCase extends BaseTestCase
    protected function userSigningIn()
    {
        $user = factory(User::class)->create();
        $user = $this->createUser();
        $this->actingAs($user);
        return $user;
@ -41,8 +41,6 @@ abstract class TestCase extends BaseTestCase
    protected function createUser($role = 'admin')
    {
        $user = factory(User::class)->create();
        $user->assignRole($role);
        return $user;
    }