Skip to content

Commit c317139

Browse files
dbarzindbarzin
authored
Merge pull request #577 from dbarzin/dev
Dev
2 parents 96c194a + 162b0e9 commit c317139

File tree

10 files changed

+128
-100
lines changed

10 files changed

+128
-100
lines changed

app/Http/Controllers/API/AuditLogController.php

Lines changed: 3 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -21,11 +21,7 @@ public function index()
2121

2222
public function store(Request $request)
2323
{
24-
abort_if(!Auth::User()->isAPI(), Response::HTTP_FORBIDDEN, '403 Forbidden');
25-
26-
$auditLog = AuditLog::query()->create($request->all());
27-
28-
return response()->json($auditLog, 201);
24+
abort(Response::HTTP_FORBIDDEN, '403 Forbidden');
2925
}
3026

3127
public function show(AuditLog $log)
@@ -37,19 +33,11 @@ public function show(AuditLog $log)
3733

3834
public function update(Request $request, AuditLog $log)
3935
{
40-
abort_if(!Auth::User()->isAPI(), Response::HTTP_FORBIDDEN, '403 Forbidden');
41-
42-
$log->update($request->all());
43-
44-
return response()->json();
36+
abort(Response::HTTP_UNAUTHORIZED, '401 Unauthorized');
4537
}
4638

4739
public function destroy(AuditLog $log)
4840
{
49-
abort_if(!Auth::User()->isAPI(), Response::HTTP_FORBIDDEN, '403 Forbidden');
50-
51-
$log->delete();
52-
53-
return response()->json();
41+
abort(Response::HTTP_UNAUTHORIZED, '401 Unauthorized');
5442
}
5543
}

app/Http/Controllers/API/DocumentController.php

Lines changed: 7 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ class DocumentController extends Controller
1212
{
1313
public function index()
1414
{
15-
abort_if(Auth::User()->role !== 4, Response::HTTP_FORBIDDEN, '403 Forbidden');
15+
abort_if(!Auth::User()->isAPI(), Response::HTTP_FORBIDDEN, '403 Forbidden');
1616

1717
$documents = Document::all();
1818

@@ -21,32 +21,27 @@ public function index()
2121

2222
public function store(Request $request)
2323
{
24-
abort_if(Auth::User()->role !== 4, Response::HTTP_FORBIDDEN, '403 Forbidden');
24+
abort_if(!Auth::User()->isAPI(), Response::HTTP_FORBIDDEN, '403 Forbidden');
2525

26-
$document = Document::create($request->all());
27-
28-
return response()->json($document, 201);
26+
abort(Response::HTTP_NOT_IMPLEMENTED, '501 Not Implemented');
2927
}
30-
3128
public function show(Document $document)
3229
{
33-
abort_if(Auth::User()->role !== 4, Response::HTTP_FORBIDDEN, '403 Forbidden');
30+
abort_if(!Auth::User()->isAPI(), Response::HTTP_FORBIDDEN, '403 Forbidden');
3431

3532
return response()->json($document);
3633
}
3734

3835
public function update(Request $request, Document $document)
3936
{
40-
abort_if(Auth::User()->role !== 4, Response::HTTP_FORBIDDEN, '403 Forbidden');
37+
abort_if(!Auth::User()->isAPI(), Response::HTTP_FORBIDDEN, '403 Forbidden');
4138

42-
$document->update($request->all());
43-
44-
return response()->json();
39+
abort(500, 'Not implemented');
4540
}
4641

4742
public function destroy(Document $document)
4843
{
49-
abort_if(Auth::User()->role !== 4, Response::HTTP_FORBIDDEN, '403 Forbidden');
44+
abort_if(!Auth::User()->isAPI(), Response::HTTP_FORBIDDEN, '403 Forbidden');
5045

5146
$document->delete();
5247

app/Http/Controllers/API/UserController.php

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ class UserController extends Controller
1212
{
1313
public function index()
1414
{
15-
abort_if(Auth::User()->role !== 4, Response::HTTP_FORBIDDEN, '403 Forbidden');
15+
abort_if(!Auth::User()->isAPI(), Response::HTTP_FORBIDDEN, '403 Forbidden');
1616

1717
$users = User::all();
1818

@@ -21,7 +21,7 @@ public function index()
2121

2222
public function store(Request $request)
2323
{
24-
abort_if(Auth::User()->role !== 4, Response::HTTP_FORBIDDEN, '403 Forbidden');
24+
abort_if(!Auth::User()->isAPI(), Response::HTTP_FORBIDDEN, '403 Forbidden');
2525

2626
$user = User::create($request->all());
2727

@@ -30,14 +30,14 @@ public function store(Request $request)
3030

3131
public function show(User $user)
3232
{
33-
abort_if(Auth::User()->role !== 4, Response::HTTP_FORBIDDEN, '403 Forbidden');
33+
abort_if(!Auth::User()->isAPI(), Response::HTTP_FORBIDDEN, '403 Forbidden');
3434

3535
return response()->json($user);
3636
}
3737

3838
public function update(Request $request, User $user)
3939
{
40-
abort_if(Auth::User()->role !== 4, Response::HTTP_FORBIDDEN, '403 Forbidden');
40+
abort_if(!Auth::User()->isAPI(), Response::HTTP_FORBIDDEN, '403 Forbidden');
4141

4242
$user->update($request->all());
4343

@@ -46,7 +46,7 @@ public function update(Request $request, User $user)
4646

4747
public function destroy(User $user)
4848
{
49-
abort_if(Auth::User()->role !== 4, Response::HTTP_FORBIDDEN, '403 Forbidden');
49+
abort_if(!Auth::User()->isAPI(), Response::HTTP_FORBIDDEN, '403 Forbidden');
5050

5151
$user->delete();
5252

app/Http/Controllers/ActionController.php

Lines changed: 0 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -249,8 +249,6 @@ public function show(int $id)
249249
'403 Forbidden'
250250
);
251251

252-
// TODO : check for user
253-
254252
// Get the action
255253
$action = Action::find($id);
256254

@@ -279,8 +277,6 @@ public function edit(int $id)
279277
'403 Forbidden'
280278
);
281279

282-
// TODO : check for user
283-
284280
// Get the action
285281
$action = Action::find($id);
286282

@@ -428,8 +424,6 @@ public function close(int $id)
428424
'403 Forbidden'
429425
);
430426

431-
// TODO : check for user
432-
433427
// Get the action
434428
$action = Action::find($id);
435429

@@ -458,8 +452,6 @@ public function doClose(Request $request)
458452
'403 Forbidden'
459453
);
460454

461-
// TODO : check for user
462-
463455
// Get the action
464456
$id = request('id');
465457
$action = Action::find($id);

app/Http/Controllers/ControlController.php

Lines changed: 17 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -437,14 +437,14 @@ public function show(int $id)
437437
{
438438
// Not API
439439
abort_if(
440-
Auth::User()->role === 4,
440+
Auth::User()->isAPI(),
441441
Response::HTTP_FORBIDDEN,
442442
'403 Forbidden'
443443
);
444444

445445
// for aditee only if he is assigne to that control
446446
abort_if(
447-
Auth::User()->role === 5 &&
447+
Auth::User()->isAuditee() &&
448448
! (DB::table('control_user')
449449
->where('control_id', $id)
450450
->where('user_id', Auth::User()->id)
@@ -509,7 +509,7 @@ public function edit(int $id)
509509
{
510510
// Only for administrator role
511511
abort_if(
512-
Auth::User()->role !== 1,
512+
! Auth::User()->isAdmin(),
513513
Response::HTTP_FORBIDDEN,
514514
'403 Forbidden'
515515
);
@@ -607,9 +607,9 @@ public function edit(int $id)
607607
*/
608608
public function clone(Request $request)
609609
{
610-
// Only for admin and users
610+
// For administrators, users only
611611
abort_if(
612-
(Auth::User()->role !== 1) && (Auth::User()->role !== 2),
612+
!Auth::User()->isAdmin() && !Auth::User()->isUser(),
613613
Response::HTTP_FORBIDDEN,
614614
'403 Forbidden'
615615
);
@@ -992,6 +992,13 @@ public function domains(Request $request)
992992

993993
public function measures(Request $request)
994994
{
995+
// For administrators, users only
996+
abort_if(
997+
!Auth::User()->isAdmin() && !Auth::User()->isUser(),
998+
Response::HTTP_FORBIDDEN,
999+
'403 Forbidden'
1000+
);
1001+
9951002
// get all active domains
9961003
$domains = DB::table('domains')
9971004
->select(
@@ -1067,9 +1074,9 @@ public function measures(Request $request)
10671074

10681075
public function attributes()
10691076
{
1070-
// Not API and auditee
1077+
// For administrators, users only
10711078
abort_if(
1072-
Auth::User()->role === 4 || Auth::User()->role === 5,
1079+
!Auth::User()->isAdmin() && !Auth::User()->isUser(),
10731080
Response::HTTP_FORBIDDEN,
10741081
'403 Forbidden'
10751082
);
@@ -1129,9 +1136,9 @@ public function attributes()
11291136
*/
11301137
public function plan(int $id)
11311138
{
1132-
// For administrators and users only
1139+
// For administrators, users only
11331140
abort_if(
1134-
Auth::User()->role !== 1 && Auth::User()->role !== 2,
1141+
!Auth::User()->isAdmin() && !Auth::User()->isUser(),
11351142
Response::HTTP_FORBIDDEN,
11361143
'403 Forbidden'
11371144
);
@@ -1216,7 +1223,7 @@ public function unplan(Request $request)
12161223
{
12171224
// For administrators and users only
12181225
abort_if(
1219-
Auth::User()->role !== 1 && Auth::User()->role !== 2,
1226+
!Auth::User()->isAdmin() && !Auth::User()->isUser(),
12201227
Response::HTTP_FORBIDDEN,
12211228
'403 Forbidden'
12221229
);

0 commit comments

Comments
 (0)