odon
/
free-pmo
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Update authorization checks for task actions

pull/6/head
Nafies Luthfi 8 years ago
parent
dd93db2269
commit
a84b9009d9
8 changed files with 28 additions and 17 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      app/Entities/Projects/Task.php
  2. 4
      app/Http/Controllers/Projects/FeesController.php
  3. 4
      app/Http/Controllers/Projects/ProjectsController.php
  4. 15
      app/Policies/Projects/TaskPolicy.php
  5. 13
      resources/views/jobs/partials/job-tasks-operation.blade.php
  6. 4
      resources/views/jobs/partials/job-tasks.blade.php
  7. 2
      resources/views/jobs/show.blade.php
  8. 1
      tests/Unit/Policies/TaskPolicyTest.php

2
app/Entities/Projects/Task.php
View File

@ -14,6 +14,6 @@ class Task extends Model
public function job() public function job()
{ {
return $this->belongsTo(Job::class, 'project_id');
return $this->belongsTo(Job::class, 'job_id');
} }
} }

4
app/Http/Controllers/Projects/FeesController.php
View File

@ -16,7 +16,7 @@ class FeesController extends Controller
{ {
public function create(Project $project) public function create(Project $project)
{ {
$this->authorize('create', new Payment);
$this->authorize('create', new Payment());
$partners = User::pluck('name', 'id')->all(); $partners = User::pluck('name', 'id')->all();
@ -25,7 +25,7 @@ class FeesController extends Controller
public function store(Project $project) public function store(Project $project)
{ {
$this->authorize('create', new Payment);
$this->authorize('create', new Payment());
$newPaymentData = request()->validate([ $newPaymentData = request()->validate([
'type_id' => 'required|numeric', 'type_id' => 'required|numeric',

4
app/Http/Controllers/Projects/ProjectsController.php
View File

@ -38,7 +38,7 @@ class ProjectsController extends Controller
public function create() public function create()
{ {
$this->authorize('create', new Project);
$this->authorize('create', new Project());
$customers = $this->repo->getCustomersList(); $customers = $this->repo->getCustomersList();
@ -47,7 +47,7 @@ class ProjectsController extends Controller
public function store(CreateRequest $request) public function store(CreateRequest $request)
{ {
$this->authorize('create', new Project);
$this->authorize('create', new Project());
$project = $this->repo->create($request->except('_token')); $project = $this->repo->create($request->except('_token'));
flash()->success(trans('project.created')); flash()->success(trans('project.created'));

15
app/Policies/Projects/TaskPolicy.php
View File

@ -13,8 +13,9 @@ class TaskPolicy
/** /**
* Determine whether the user can create tasks. * Determine whether the user can create tasks.
* *
* @param \App\Entities\Users\User $user
* @param \App\Entities\Projects\Task $task
* @param \App\Entities\Users\User $user
* @param \App\Entities\Projects\Task $task
*
* @return mixed * @return mixed
*/ */
public function create(User $user, Task $task) public function create(User $user, Task $task)
@ -25,8 +26,9 @@ class TaskPolicy
/** /**
* Determine whether the user can update the task. * Determine whether the user can update the task.
* *
* @param \App\Entities\Users\User $user
* @param \App\Entities\Projects\Task $task
* @param \App\Entities\Users\User $user
* @param \App\Entities\Projects\Task $task
*
* @return mixed * @return mixed
*/ */
public function update(User $user, Task $task) public function update(User $user, Task $task)
@ -38,8 +40,9 @@ class TaskPolicy
/** /**
* Determine whether the user can delete the task. * Determine whether the user can delete the task.
* *
* @param \App\Entities\Users\User $user
* @param \App\Entities\Projects\Task $task
* @param \App\Entities\Users\User $user
* @param \App\Entities\Projects\Task $task
*
* @return mixed * @return mixed
*/ */
public function delete(User $user, Task $task) public function delete(User $user, Task $task)

13
resources/views/jobs/partials/job-tasks-operation.blade.php
View File

@ -1,4 +1,5 @@
@if (Request::has('action') == false) @if (Request::has('action') == false)
@can('create', new App\Entities\Projects\Task)
{!! Form::open(['route' => ['tasks.store', $job->id]])!!} {!! Form::open(['route' => ['tasks.store', $job->id]])!!}
<div class="panel panel-default"> <div class="panel panel-default">
<div class="panel-heading"><h3 class="panel-title">{{ trans('task.create') }}</h3></div> <div class="panel-heading"><h3 class="panel-title">{{ trans('task.create') }}</h3></div>
@ -7,11 +8,8 @@
<div class="col-sm-6">{!! FormField::text('name', ['label' => trans('task.name')]) !!}</div> <div class="col-sm-6">{!! FormField::text('name', ['label' => trans('task.name')]) !!}</div>
<div class="col-md-4"> <div class="col-md-4">
{!! Form::label('progress', trans('task.progress'), ['class' => 'control-label']) !!} {!! Form::label('progress', trans('task.progress'), ['class' => 'control-label']) !!}
{!! Form::input('range', 'progress', 0, [ {!! Form::input('range', 'progress', 0, [
'min' => '0',
'max' => '100',
'step' => '10',
'min' => '0', 'max' => '100', 'step' => '10',
]) !!} ]) !!}
</div> </div>
<div class="col-md-2" style="font-size: 28px; margin-top: 15px;"> <div class="col-md-2" style="font-size: 28px; margin-top: 15px;">
@ -23,8 +21,11 @@
{!! Form::close() !!} {!! Form::close() !!}
</div> </div>
</div> </div>
@endcan
@endif @endif
@if (Request::get('action') == 'task_edit' && $editableTask) @if (Request::get('action') == 'task_edit' && $editableTask)
@can('update', $editableTask)
{!! Form::model($editableTask, ['route' => ['tasks.update', $editableTask->id],'method' => 'patch'])!!} {!! Form::model($editableTask, ['route' => ['tasks.update', $editableTask->id],'method' => 'patch'])!!}
<div class="panel panel-default"> <div class="panel panel-default">
<div class="panel-heading"><h3 class="panel-title">{{ trans('task.edit') }}</h3></div> <div class="panel-heading"><h3 class="panel-title">{{ trans('task.edit') }}</h3></div>
@ -55,8 +56,11 @@
{!! Form::close() !!} {!! Form::close() !!}
</div> </div>
</div> </div>
@endcan
@endif @endif
@if (Request::get('action') == 'task_delete' && $editableTask) @if (Request::get('action') == 'task_delete' && $editableTask)
@can('delete', $editableTask)
<div class="panel panel-default"> <div class="panel panel-default">
<div class="panel-heading"><h3 class="panel-title">{{ trans('task.delete') }}</h3></div> <div class="panel-heading"><h3 class="panel-title">{{ trans('task.delete') }}</h3></div>
<div class="panel-body"> <div class="panel-body">
@ -78,4 +82,5 @@
</div> </div>
</div> </div>
</div> </div>
@endcan
@endif @endif

4
resources/views/jobs/partials/job-tasks.blade.php
View File

@ -24,6 +24,7 @@
</td> </td>
<td class="text-center">{{ $task->progress }} %</td> <td class="text-center">{{ $task->progress }} %</td>
<td class="text-center"> <td class="text-center">
@can('update', $task)
{!! html_link_to_route('jobs.show', '', [ {!! html_link_to_route('jobs.show', '', [
$job->id, $job->id,
'action' => 'task_edit', 'action' => 'task_edit',
@ -34,6 +35,8 @@
'id' => $task->id . '-tasks-edit', 'id' => $task->id . '-tasks-edit',
'icon' => 'edit' 'icon' => 'edit'
]) !!} ]) !!}
@endcan
@can('delete', $task)
{!! html_link_to_route('jobs.show', '', [ {!! html_link_to_route('jobs.show', '', [
$job->id, $job->id,
'action' => 'task_delete', 'action' => 'task_delete',
@ -44,6 +47,7 @@
'id' => $task->id . '-tasks-delete', 'id' => $task->id . '-tasks-delete',
'icon' => 'close' 'icon' => 'close'
]) !!} ]) !!}
@endcan
</td> </td>
</tr> </tr>
@empty @empty

2
resources/views/jobs/show.blade.php
View File

@ -7,7 +7,7 @@
<h1 class="page-header"> <h1 class="page-header">
<div class="pull-right"> <div class="pull-right">
@can('create', $job)
@can('create', new App\Entities\Projects\Job)
{!! html_link_to_route('projects.jobs.create', trans('job.create'), [$job->project_id], ['class' => 'btn btn-success','icon' => 'plus']) !!} {!! html_link_to_route('projects.jobs.create', trans('job.create'), [$job->project_id], ['class' => 'btn btn-success','icon' => 'plus']) !!}
@endcan @endcan
@can('update', $job) @can('update', $job)

1
tests/Unit/Policies/TaskPolicyTest.php
View File

@ -58,6 +58,5 @@ class TaskPolicyTest extends TestCase
$task = factory(Task::class)->create(['job_id' => $job->id]); $task = factory(Task::class)->create(['job_id' => $job->id]);
$this->assertFalse($worker->can('delete', $task)); $this->assertFalse($worker->can('delete', $task));
} }
} }
Write Preview
Loading…
Cancel
Save