matt
/
auditionadmin
1
0
Fork 0
Code Issues 16 Pull Requests Packages Projects Releases Wiki Activity

School policy added

This commit is contained in:
Matt Young 2024-05-28 13:56:52 -05:00
parent f7f82f0d20
commit afcdd34532
3 changed files with 89 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
app/Http/Controllers/SchoolController.php
View File

@ -4,16 +4,20 @@ namespace App\Http\Controllers;
use App\Models\School;
use App\Models\SchoolEmailDomain;
use Illuminate\Auth\Access\Gate;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use function abort;
use function dd;
use function redirect;
use function request;
class SchoolController extends Controller
{
public function store()
public function store(Request $request): RedirectResponse
{
if ($request->user()->cannot('create', School::class)) abort(403);
request()->validate([
'name' => ['required', 'min:3', 'max:30'],
'address' => ['required'],
@ -47,24 +51,28 @@ class SchoolController extends Controller
return redirect('/schools/' . $school->id);
}
public function show(School $school)
public function show(Request $request, School $school)
{
if ($request->user()->cannot('view',$school)) abort(403);
return view('schools.show', ['school' => $school]);
}
public function create()
public function create(Request $request)
{
if ($request->user()->cannot('create', School::class)) abort(403);
return view('schools.create');
}
public function edit(School $school)
public function edit(Request $request, School $school)
{
// TODO Restrict the editing of schools to directors or admin
if ($request->user()->cannot('update',$school)) abort(403);
return view('schools.edit', ['school' => $school]);
}
public function update(School $school)
{
if ($request->user()->cannot('update',$school)) abort(403);
request()->validate([
'name' => ['required', 'min:3', 'max:30'],
'address' => ['required'],

75
app/Policies/SchoolPolicy.php Normal file
View File

@ -0,0 +1,75 @@
<?php
namespace App\Policies;
use App\Models\School;
use App\Models\User;
use Illuminate\Auth\Access\Response;
use function is_null;
class SchoolPolicy
{
/**
* Grand admin users access to all functions
*/
public function before(User $user, string $ability): bool|null
{
if($user->is_admin) return true;
return null;
}
/**
* Determine whether the user can view any models.
*/
public function viewAny(User $user): bool
{
return false;
}
/**
* Determine whether the user can view the model.
*/
public function view(User $user, School $school): bool
{
return $school->id == $user->school_id;
}
/**
* Determine whether the user can create models.
*/
public function create(User $user): bool
{
return is_null($user->school_id);
}
/**
* Determine whether the user can update the model.
*/
public function update(User $user, School $school): bool
{
return $school->id == $user->school_id;
}
/**
* Determine whether the user can delete the model.
*/
public function delete(User $user, School $school): bool
{
return false;
}
/**
* Determine whether the user can restore the model.
*/
public function restore(User $user, School $school): bool
{
return false;
}
/**
* Determine whether the user can permanently delete the model.
*/
public function forceDelete(User $user, School $school): bool
{
return false;
}
}

1
database/factories/UserFactory.php
View File

@ -30,6 +30,7 @@ class UserFactory extends Factory
'email' => fake()->unique()->safeEmail(),
'judging_preference' => fake()->randomElement($judingPrefPossibilities),
'cell_phone' => fake()->phoneNumber(),
'profile_image_url' => 'https://picsum.photos/200',
'email_verified_at' => now(),
'password' => static::$password ??= Hash::make('password'),
'remember_token' => Str::random(10),