diff --git a/.gitignore b/.gitignore index ca7858438..66a7c0f9b 100644 --- a/.gitignore +++ b/.gitignore @@ -9,7 +9,6 @@ Homestead.yaml /public/js /public/uploads /public/bower -/public/build /storage/images _ide_helper.php /storage/debugbar \ No newline at end of file diff --git a/app/Http/Controllers/Controller.php b/app/Http/Controllers/Controller.php index 5dc79eb02..ca022f7ca 100644 --- a/app/Http/Controllers/Controller.php +++ b/app/Http/Controllers/Controller.php @@ -42,6 +42,15 @@ abstract class Controller extends BaseController $this->signedIn = auth()->check(); } + /** + * Stops the application and shows a permission error if + * the application is in demo mode. + */ + protected function preventAccessForDemoUsers() + { + if (env('APP_ENV', 'production') === 'demo') $this->showPermissionError(); + } + /** * Adds the page title into the view. * @param $title @@ -51,6 +60,18 @@ abstract class Controller extends BaseController view()->share('pageTitle', $title); } + /** + * On a permission error redirect to home and display + * the error as a notification. + */ + protected function showPermissionError() + { + Session::flash('error', trans('errors.permission')); + throw new HttpResponseException( + redirect('/') + ); + } + /** * Checks for a permission. * @@ -60,15 +81,18 @@ abstract class Controller extends BaseController protected function checkPermission($permissionName) { if (!$this->currentUser || !$this->currentUser->can($permissionName)) { - Session::flash('error', trans('errors.permission')); - throw new HttpResponseException( - redirect('/') - ); + $this->showPermissionError(); } return true; } + /** + * Check if a user has a permission or bypass if the callback is true. + * @param $permissionName + * @param $callback + * @return bool + */ protected function checkPermissionOr($permissionName, $callback) { $callbackResult = $callback(); diff --git a/app/Http/Controllers/SettingController.php b/app/Http/Controllers/SettingController.php index bca48807f..1739e0b53 100644 --- a/app/Http/Controllers/SettingController.php +++ b/app/Http/Controllers/SettingController.php @@ -31,13 +31,16 @@ class SettingController extends Controller */ public function update(Request $request) { + $this->preventAccessForDemoUsers(); $this->checkPermission('settings-update'); + // Cycles through posted settings and update them foreach($request->all() as $name => $value) { if(strpos($name, 'setting-') !== 0) continue; $key = str_replace('setting-', '', trim($name)); Setting::put($key, $value); } + session()->flash('success', 'Settings Saved'); return redirect('/settings'); } diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php index 3f41b2d0e..fe25c44ae 100644 --- a/app/Http/Controllers/UserController.php +++ b/app/Http/Controllers/UserController.php @@ -108,9 +108,11 @@ class UserController extends Controller */ public function update(Request $request, $id) { + $this->preventAccessForDemoUsers(); $this->checkPermissionOr('user-update', function () use ($id) { return $this->currentUser->id == $id; }); + $this->validate($request, [ 'name' => 'required', 'email' => 'required|email|unique:users,email,' . $id, @@ -144,6 +146,7 @@ class UserController extends Controller $this->checkPermissionOr('user-delete', function () use ($id) { return $this->currentUser->id == $id; }); + $user = $this->user->findOrFail($id); $this->setPageTitle('Delete User ' . $user->name); return view('users/delete', ['user' => $user]); @@ -156,6 +159,7 @@ class UserController extends Controller */ public function destroy($id) { + $this->preventAccessForDemoUsers(); $this->checkPermissionOr('user-delete', function () use ($id) { return $this->currentUser->id == $id; }); diff --git a/public/build/.gitignore b/public/build/.gitignore new file mode 100644 index 000000000..d6b7ef32c --- /dev/null +++ b/public/build/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore