forked from projects/thebadspace
ro
31f45c4af5
admin functions are not shown to member with incorrect roles, but added a bit more padding in the controller itself to check if the role is correct before running an admin action for a little extra security
70 lines
1.9 KiB
PHP
70 lines
1.9 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Controllers;
|
|
|
|
use Illuminate\Http\Request;
|
|
use App\Services\UpdateService;
|
|
use App\Repositories\LocationRepository;
|
|
use Illuminate\Support\Facades\Auth;
|
|
|
|
class LocationController extends Controller
|
|
{
|
|
protected $update;
|
|
|
|
public function __construct(
|
|
UpdateService $updateService,
|
|
LocationRepository $locationRepository
|
|
) {
|
|
$this->update = $updateService;
|
|
$this->location = $locationRepository;
|
|
}
|
|
|
|
//actions
|
|
public function updateLocations()
|
|
{
|
|
//role check
|
|
$member = Auth::user();
|
|
if ($member->role == 0) {
|
|
$result = $this->update->data();
|
|
return back()->with(
|
|
'message',
|
|
$result
|
|
);
|
|
} else {
|
|
return back()->withErrors('message', 'Nah, you don\'t have permission to do this');
|
|
}
|
|
}
|
|
|
|
public function compileLocations()
|
|
{
|
|
//role check
|
|
$member = Auth::user();
|
|
if ($member->role == 0) {
|
|
$result = $this->update->list();
|
|
return back()->with(
|
|
'message',
|
|
$result
|
|
);
|
|
} else {
|
|
return back()->withErrors('message', 'Nah, you don\'t have permission to do this');
|
|
}
|
|
}
|
|
|
|
public function editLocation(Request $request)
|
|
{
|
|
$token = csrf_token();
|
|
//role check
|
|
$member = Auth::user();
|
|
if ($member->role == 0 || $member->role == 1) {
|
|
$response = $this->location->editLocation($request);
|
|
if ($response['status']) {
|
|
return back()->with('message', $response['message']);
|
|
} else {
|
|
return back()->withErrors('message', $response['message']);
|
|
}
|
|
} else {
|
|
return back()->withErrors('message', 'Nah, you don\'t have permission to do this');
|
|
}
|
|
}
|
|
}
|