forked from projects/thebadspace
ro
31f45c4af5
admin functions are not shown to member with incorrect roles, but added a bit more padding in the controller itself to check if the role is correct before running an admin action for a little extra security
123 lines
3.7 KiB
PHP
123 lines
3.7 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Controllers;
|
|
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Facades\Auth;
|
|
use App\Repositories\MemberRepository;
|
|
|
|
class MemberController extends Controller
|
|
{
|
|
protected $member;
|
|
|
|
public function __construct(
|
|
MemberRepository $memberRepo
|
|
) {
|
|
$this->member = $memberRepo;
|
|
}
|
|
|
|
public function index(Request $request)
|
|
{
|
|
$member = Auth::user();
|
|
return view('back.member', [
|
|
'handle' => $member->handle,
|
|
'members' => $this->member->getAll(),
|
|
'mode' => 'index',
|
|
'title' => "Manage Members"]);
|
|
}
|
|
|
|
public function profile(Request $request)
|
|
{
|
|
$member = Auth::user();
|
|
$avi = '';
|
|
if ($member->avatar == 'default-member-avatar') {
|
|
$avi = '/assets/images/global/default-avi.png';
|
|
} else {
|
|
$avi = $member->avatar;
|
|
}
|
|
return view('back.profile', [
|
|
'title' => "Hey, it's you!",
|
|
'handle' => $member->handle,
|
|
'email' => $member->email,
|
|
'avatar' => $avi,
|
|
'pronouns' => $member->pronoun,
|
|
'uuid' => $member->uuid,
|
|
'role' => $member->role
|
|
]);
|
|
}
|
|
|
|
public function editMember(Request $request, $uuid = 0)
|
|
{
|
|
$member = $this->member->get($uuid);
|
|
$avi = '';
|
|
if ($member->avatar == 'default-member-avatar') {
|
|
$avi = '/assets/images/global/default-avi.png';
|
|
} else {
|
|
$avi = $member->avatar;
|
|
}
|
|
return view('back.member', [
|
|
'member' => $member,
|
|
'avatar' => $avi,
|
|
'mode' => 'member-edit',
|
|
'title' => "Edit Member Info"]);
|
|
}
|
|
|
|
public function createMember(Request $Request)
|
|
{
|
|
return view('back.member', [
|
|
'mode' => 'member-create',
|
|
'title' => "Make a new friend"]);
|
|
}
|
|
|
|
//actions
|
|
public function profileEdit(Request $request)
|
|
{
|
|
$token = csrf_token();
|
|
//check if logged in member id matches profile request id
|
|
$member = Auth::user();
|
|
if ($member->uuid == $request->id) {
|
|
$response = $this->member->editProfile($request);
|
|
if ($response['status'] == true) {
|
|
return back()->with('message', $response['message']);
|
|
} else {
|
|
return back()->withErrors([$response['message']]);
|
|
}
|
|
} else {
|
|
return back()->withErrors(['This is not your profile to edit.']);
|
|
}
|
|
}
|
|
|
|
public function memberEdit(Request $request)
|
|
{
|
|
$token = csrf_token();
|
|
//role check
|
|
$member = Auth::user();
|
|
if ($member->role == 0 || $member->role == 1) {
|
|
$response = $this->member->edit($request);
|
|
if ($response['status'] == true) {
|
|
return back()->with('message', $response['message']);
|
|
} else {
|
|
return back()->withErrors([$response['message']]);
|
|
}
|
|
} else {
|
|
return back()->withErrors(['Nah, you can\'t do this. Wrong permissions.']);
|
|
}
|
|
}
|
|
|
|
public function memberCreate(Request $request)
|
|
{
|
|
$token = csrf_token();
|
|
$member = Auth::user();
|
|
if ($member->role == 0 || $member->role == 1) {
|
|
$response = $this->member->add($request);
|
|
if ($response['status'] == true) {
|
|
return redirect('/den/member')->with('message', $response['message']);
|
|
} else {
|
|
return back()->withErrors([$response['message']]);
|
|
}
|
|
} else {
|
|
return back()->withErrors(['Nah, you can\'t do this. Wrong permissions.']);
|
|
}
|
|
}
|
|
}
|