ForRo/app/Http/Controllers/MemberController.php
ro 31f45c4af5 add role checks for admin function
admin functions are not shown to member with incorrect roles, but added
a bit more padding in the controller itself to check if the role is
correct before running an admin action for a little extra security
2024-09-29 15:55:55 -06:00

123 lines
3.7 KiB
PHP

<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use App\Repositories\MemberRepository;
class MemberController extends Controller
{
protected $member;
public function __construct(
MemberRepository $memberRepo
) {
$this->member = $memberRepo;
}
public function index(Request $request)
{
$member = Auth::user();
return view('back.member', [
'handle' => $member->handle,
'members' => $this->member->getAll(),
'mode' => 'index',
'title' => "Manage Members"]);
}
public function profile(Request $request)
{
$member = Auth::user();
$avi = '';
if ($member->avatar == 'default-member-avatar') {
$avi = '/assets/images/global/default-avi.png';
} else {
$avi = $member->avatar;
}
return view('back.profile', [
'title' => "Hey, it's you!",
'handle' => $member->handle,
'email' => $member->email,
'avatar' => $avi,
'pronouns' => $member->pronoun,
'uuid' => $member->uuid,
'role' => $member->role
]);
}
public function editMember(Request $request, $uuid = 0)
{
$member = $this->member->get($uuid);
$avi = '';
if ($member->avatar == 'default-member-avatar') {
$avi = '/assets/images/global/default-avi.png';
} else {
$avi = $member->avatar;
}
return view('back.member', [
'member' => $member,
'avatar' => $avi,
'mode' => 'member-edit',
'title' => "Edit Member Info"]);
}
public function createMember(Request $Request)
{
return view('back.member', [
'mode' => 'member-create',
'title' => "Make a new friend"]);
}
//actions
public function profileEdit(Request $request)
{
$token = csrf_token();
//check if logged in member id matches profile request id
$member = Auth::user();
if ($member->uuid == $request->id) {
$response = $this->member->editProfile($request);
if ($response['status'] == true) {
return back()->with('message', $response['message']);
} else {
return back()->withErrors([$response['message']]);
}
} else {
return back()->withErrors(['This is not your profile to edit.']);
}
}
public function memberEdit(Request $request)
{
$token = csrf_token();
//role check
$member = Auth::user();
if ($member->role == 0 || $member->role == 1) {
$response = $this->member->edit($request);
if ($response['status'] == true) {
return back()->with('message', $response['message']);
} else {
return back()->withErrors([$response['message']]);
}
} else {
return back()->withErrors(['Nah, you can\'t do this. Wrong permissions.']);
}
}
public function memberCreate(Request $request)
{
$token = csrf_token();
$member = Auth::user();
if ($member->role == 0 || $member->role == 1) {
$response = $this->member->add($request);
if ($response['status'] == true) {
return redirect('/den/member')->with('message', $response['message']);
} else {
return back()->withErrors([$response['message']]);
}
} else {
return back()->withErrors(['Nah, you can\'t do this. Wrong permissions.']);
}
}
}