ForRo/app/Http/Controllers/LocationController.php
ro 31f45c4af5 add role checks for admin function
admin functions are not shown to member with incorrect roles, but added
a bit more padding in the controller itself to check if the role is
correct before running an admin action for a little extra security
2024-09-29 15:55:55 -06:00

70 lines
1.9 KiB
PHP

<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Services\UpdateService;
use App\Repositories\LocationRepository;
use Illuminate\Support\Facades\Auth;
class LocationController extends Controller
{
protected $update;
public function __construct(
UpdateService $updateService,
LocationRepository $locationRepository
) {
$this->update = $updateService;
$this->location = $locationRepository;
}
//actions
public function updateLocations()
{
//role check
$member = Auth::user();
if ($member->role == 0) {
$result = $this->update->data();
return back()->with(
'message',
$result
);
} else {
return back()->withErrors('message', 'Nah, you don\'t have permission to do this');
}
}
public function compileLocations()
{
//role check
$member = Auth::user();
if ($member->role == 0) {
$result = $this->update->list();
return back()->with(
'message',
$result
);
} else {
return back()->withErrors('message', 'Nah, you don\'t have permission to do this');
}
}
public function editLocation(Request $request)
{
$token = csrf_token();
//role check
$member = Auth::user();
if ($member->role == 0 || $member->role == 1) {
$response = $this->location->editLocation($request);
if ($response['status']) {
return back()->with('message', $response['message']);
} else {
return back()->withErrors('message', $response['message']);
}
} else {
return back()->withErrors('message', 'Nah, you don\'t have permission to do this');
}
}
}