From 7410190b02461d9fe0c6b58cefadf02ae5b2df75 Mon Sep 17 00:00:00 2001
From: Matt Young <matt@mattyoung.us>
Date: Tue, 16 Jul 2024 12:35:35 -0500
Subject: [PATCH] auditionadmin-24 After a user modifies their profile, it
 gives a 404

Issue corrected using Fortify routes. Also implemented change password form.

Closes #24
---
 app/Http/Controllers/UserController.php     | 17 +++++++++++------
 resources/views/dashboard/profile.blade.php | 21 ++++++++++++++++++---
 routes/user.php                             |  2 +-
 3 files changed, 30 insertions(+), 10 deletions(-)

diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
index d109f38..5a30496 100644
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@@ -4,6 +4,8 @@ namespace App\Http\Controllers;
 
 use App\Models\User;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+
 use function abort;
 use function redirect;
 
@@ -54,7 +56,10 @@ class UserController extends Controller
      */
     public function update(Request $request, User $user)
     {
-        //
+        if ($user->id !== Auth::user()->id) {
+            return redirect()->route('dashboard')->with('error', 'You can only modify your own profile');
+        }
+        dd($request->all());
     }
 
     /**
@@ -67,19 +72,19 @@ class UserController extends Controller
 
     public function set_school(Request $request, User $user)
     {
-        if ($request->user()->cannot('set_school',$user)) abort(403);
+        if ($request->user()->cannot('set_school', $user)) {
+            abort(403);
+        }
 
         request()->validate([
-           'school_id' => ['required','integer','exists:schools,id']
+            'school_id' => ['required', 'integer', 'exists:schools,id'],
         ]);
 
         $user->update([
-            'school_id' => request('school_id')
+            'school_id' => request('school_id'),
         ]);
 
         // TODO we probably don't want to go here if done from an admin page
         return redirect('/my_school');
     }
 }
-
-
diff --git a/resources/views/dashboard/profile.blade.php b/resources/views/dashboard/profile.blade.php
index 3d6b6d2..ea3c843 100644
--- a/resources/views/dashboard/profile.blade.php
+++ b/resources/views/dashboard/profile.blade.php
@@ -4,8 +4,11 @@
     <x-layout.page-section-container>
         <x-layout.page-section first>
             <x-slot:section_name>User Information</x-slot:section_name>
-            <x-slot:section_description>Use a permanent address where you receive mail</x-slot:section_description>
-            <x-form.form method="PATCH" action="/user/{{ Auth::user()->id }}" class="mt-4 mb-5">
+            <x-slot:section_description>
+                <p class="mb-6">Use a permanent address where you receive mail</p>
+                <p>Changing your email address will require verification</p>
+            </x-slot:section_description>
+            <x-form.form method="PUT" action="user/profile-information" class="mt-4 mb-5">
                 <x-form.body-grid columns="6" class="!max-w-full">
                     <x-form.field name="first_name" label_text="First Name" value="{{ Auth::user()->first_name }}" colspan="3" required />
                     <x-form.field name="last_name" label_text="Last Name" value="{{ Auth::user()->last_name }}" colspan="3" required />
@@ -13,7 +16,19 @@
                     <x-form.field name="cell_phone" label_text="Cell Phone" type="text" value="{{ Auth::user()->cell_phone }}" colspan="3" required />
                     <x-form.field name="judging_preference" label_text="Judging Preference" type="text" value="{{ Auth::user()->judging_preference }}" colspan="6" required />
                 </x-form.body-grid>
-                <x-form.footer submit-button-text="Modify User"/>
+                <x-form.footer submit-button-text="Update Profile"/>
+            </x-form.form>
+        </x-layout.page-section>
+
+        <x-layout.page-section>
+            <x-slot:section_name>Change Password</x-slot:section_name>
+            <x-form.form method="PUT" action="user/password" class="mt-4 mb-5">
+                <x-form.body-grid columns="12" class="!max-w-full">
+                    <x-form.field colspan="4" name="current_password" type="password" label_text="Current Password" requried />
+                    <x-form.field colspan="4" name="password" type="password" label_text="New Password" requried />
+                    <x-form.field colspan="4" name="password_confirmation" type="password" label_text="Conform New Password" requried />
+                </x-form.body-grid>
+                <x-form.footer submit-button-text="Change Password" />
             </x-form.form>
         </x-layout.page-section>
     </x-layout.page-section-container>
diff --git a/routes/user.php b/routes/user.php
index ffeace0..95bd5b1 100644
--- a/routes/user.php
+++ b/routes/user.php
@@ -28,7 +28,7 @@ Route::middleware(['auth', 'verified', 'can:create,App\Models\Entry'])->controll
 // User Related Routes
 Route::middleware(['auth', 'verified'])->controller(UserController::class)->group(function () {
     Route::patch('/users/{user}/set_school', 'set_school')->name('users.set_school');
-    Route::patch('/users/{$user}', 'update')->name('users.update');
+    Route::patch('/user_profile/{$user}', 'update')->name('users.update');
 });
 
 // Student Related Routes
-- 
2.39.5