klllst/CourseWork
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Task-8 (Authorization) #10

Merged
klllst merged 2 commits from feature/task-8 into develop 2024-06-23 00:06:36 +04:00
Conversation 0 Commits 2 Files Changed 18 +462 -16
18 changed files with 462 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
app/Http/Controllers/GradeController.php
View File

@ -4,7 +4,6 @@ namespace App\Http\Controllers;
use App\Http\Requests\GradePostRequest;
use App\Models\Grade;
use App\Services\ServiceInterface;
use Illuminate\Http\RedirectResponse;
use Illuminate\View\View;
@ -15,6 +14,10 @@ class GradeController extends Controller
*/
public function index(): View
{
if(request()->user()->cannot('viewAny', Grade::class)) {
abort(403);
}
return view('grades.index', [
'grades' => Grade::filter()->paginate(5)->withQueryString(),
]);
@ -25,6 +28,10 @@ class GradeController extends Controller
*/
public function create(): View
{
if(request()->user()->cannot('create', Grade::class)) {
abort(403);
}
return view('grades.create');
}
@ -33,6 +40,10 @@ class GradeController extends Controller
*/
public function store(GradePostRequest $request): RedirectResponse
{
if(request()->user()->cannot('create', Grade::class)) {
abort(403);
}
return redirect()->route('grades.show', Grade::create($request->validated()));
}
@ -41,6 +52,10 @@ class GradeController extends Controller
*/
public function show(Grade $grade): View
{
if(request()->user()->cannot('view', $grade)) {
abort(403);
}
return view('grades.show', [
'grade' => $grade,
'subjects' => $grade->subjects,
@ -52,6 +67,10 @@ class GradeController extends Controller
*/
public function edit(Grade $grade): View
{
if(request()->user()->cannot('update', Grade::class)) {
abort(403);
}
return view('grades.edit', [
'grade' => $grade,
]);
@ -62,6 +81,10 @@ class GradeController extends Controller
*/
public function update(GradePostRequest $request, Grade $grade): RedirectResponse
{
if(request()->user()->cannot('update', Grade::class)) {
abort(403);
}
return redirect()->route('grades.show', $grade->update($request->validated()));
}
@ -70,6 +93,10 @@ class GradeController extends Controller
*/
public function destroy(Grade $grade): RedirectResponse
{
if(request()->user()->cannot('delete', Grade::class)) {
abort(403);
}
$grade->delete();
return redirect()->route('grades.index');

1
app/Http/Controllers/GradeSubjectController.php
View File

@ -5,7 +5,6 @@ namespace App\Http\Controllers;
use App\Http\Requests\GradeSubjectPostRequest;
use App\Models\Grade;
use App\Models\Subject;
use App\Services\ServiceInterface;
use Illuminate\Http\RedirectResponse;
use Illuminate\View\View;

1
app/Http/Controllers/GradeTeacherController.php
View File

@ -6,7 +6,6 @@ use App\Http\Requests\GradeTeacherPostRequest;
use App\Models\Grade;
use App\Models\Subject;
use App\Models\Teacher;
use App\Services\ServiceInterface;
use Illuminate\Http\RedirectResponse;
use Illuminate\View\View;

29
app/Http/Controllers/LessonController.php
View File

@ -7,7 +7,6 @@ use App\Enums\TypeLesson;
use App\Http\Requests\LessonPostRequest;
use App\Models\Grade;
use App\Models\Lesson;
use App\Services\ServiceInterface;
use Illuminate\Http\RedirectResponse;
use Illuminate\View\View;
@ -25,6 +24,10 @@ class LessonController extends Controller
*/
public function index(Grade $grade): View
{
if(request()->user()->cannot('viewAny', $grade)) {
abort(403);
}
return view('grade-lesson.index', [
'lessons' => $grade->lessons()->filter()->get(),
'grade' => $grade,
@ -37,6 +40,10 @@ class LessonController extends Controller
*/
public function create(Grade $grade): View
{
if(request()->user()->cannot('create', Lesson::class)) {
abort(403);
}
return view('grade-lesson.create', [
'types' => TypeLesson::cases(),
'grade' => $grade,
@ -48,6 +55,10 @@ class LessonController extends Controller
*/
public function store(LessonPostRequest $request, Grade $grade): RedirectResponse
{
if(request()->user()->cannot('create', [Lesson::class, $grade])) {
abort(403);
}
$lesson = Lesson::create($request->validated());
$lesson
->students()
@ -66,6 +77,10 @@ class LessonController extends Controller
*/
public function show(Grade $grade, Lesson $lesson): View
{
if(request()->user()->cannot('view', $lesson)) {
abort(403);
}
return view('grade-lesson.show', [
'lesson' => $lesson,
'grade' => $grade,
@ -77,6 +92,10 @@ class LessonController extends Controller
*/
public function edit(Grade $grade, Lesson $lesson): View
{
if(request()->user()->cannot('update', $lesson)) {
abort(403);
}
return view('grade-lesson.edit', [
'lesson' => $lesson,
'grade' => $grade,
@ -89,6 +108,10 @@ class LessonController extends Controller
*/
public function update(LessonPostRequest $request, Grade $grade, Lesson $lesson): RedirectResponse
{
if(request()->user()->cannot('update', $lesson)) {
abort(403);
}
return redirect()->route(
'grades.lessons.show',[
$grade,
@ -102,6 +125,10 @@ class LessonController extends Controller
*/
public function destroy(Grade $grade, Lesson $lesson): RedirectResponse
{
if(request()->user()->cannot('update', $lesson)) {
abort(403);
}
$lesson->delete();
return redirect()->route('grades.lessons.index', $grade);

1
app/Http/Controllers/ScoreController.php
View File

@ -5,7 +5,6 @@ namespace App\Http\Controllers;
use App\Enums\ScoreEnum;
use App\Models\Lesson;
use App\Services\ScoreService;
use App\Services\ServiceInterface;
use Illuminate\Http\Request;
class ScoreController extends Controller

29
app/Http/Controllers/StudentController.php
View File

@ -5,7 +5,6 @@ namespace App\Http\Controllers;
use App\Http\Requests\StudentPostRequest;
use App\Models\Grade;
use App\Models\Student;
use App\Services\ServiceInterface;
use App\Services\StudentService;
use Illuminate\Http\RedirectResponse;
use Illuminate\View\View;
@ -22,6 +21,10 @@ class StudentController extends Controller
*/
public function index(): View
{
if(request()->user()->cannot('viewAny', Student::class)) {
abort(403);
}
return view('students.index', [
'students' => Student::filter()->paginate(5)->withQueryString(),
]);
@ -32,6 +35,10 @@ class StudentController extends Controller
*/
public function create(): View
{
if(request()->user()->cannot('create', Student::class)) {
abort(403);
}
return view('students.create', [
'grades' => Grade::all(),
]);
@ -42,6 +49,10 @@ class StudentController extends Controller
*/
public function store(StudentPostRequest $request): RedirectResponse
{
if(request()->user()->cannot('create', Student::class)) {
abort(403);
}
return redirect()->route(
'students.show',
$this->service->create($request->validated())
@ -53,6 +64,10 @@ class StudentController extends Controller
*/
public function show(Student $student): View
{
if(request()->user()->cannot('view', $student)) {
abort(403);
}
return view('students.show', [
'student' => $student,
'grades' => Grade::all(),
@ -64,6 +79,10 @@ class StudentController extends Controller
*/
public function edit(Student $student): View
{
if(request()->user()->cannot('update', $student)) {
abort(403);
}
return view('students.edit', [
'student' => $student,
'grades' => Grade::all(),
@ -75,6 +94,10 @@ class StudentController extends Controller
*/
public function update(StudentPostRequest $request, Student $student): RedirectResponse
{
if(request()->user()->cannot('update', $student)) {
abort(403);
}
return redirect()->route(
'students.show',
$this->service->update($student, $request->validated())
@ -86,6 +109,10 @@ class StudentController extends Controller
*/
public function destroy(Student $student): RedirectResponse
{
if(request()->user()->cannot('delete', $student)) {
abort(403);
}
$student->user()->delete();
$student->delete();

27
app/Http/Controllers/SubjectController.php
View File

@ -4,8 +4,9 @@ namespace App\Http\Controllers;
use App\Http\Requests\SubjectPostRequest;
use App\Models\Subject;
use App\Services\SubjectService;
use App\Services\FileService;
use App\Services\ServiceInterface;
use Illuminate\Http\RedirectResponse;
use Illuminate\View\View;
@ -14,10 +15,10 @@ class SubjectController extends Controller
/**
* Display a listing of the resource.
*/
public function index(): View
public function index(SubjectService $service): View
{
return view('subjects.index', [
'subjects' => Subject::filter()->paginate(5)->withQueryString(),
'subjects' => $service->getSubjects(),
]);
}
@ -26,6 +27,10 @@ class SubjectController extends Controller
*/
public function create(): View
{
if(request()->user()->cannot('create', Subject::class)) {
abort(403);
}
return view('subjects.create');
}
@ -34,6 +39,10 @@ class SubjectController extends Controller
*/
public function store(SubjectPostRequest $request): RedirectResponse
{
if(request()->user()->cannot('create', Subject::class)) {
abort(403);
}
return redirect()->route(
'subjects.show',
Subject::create($request->validated()),
@ -55,6 +64,10 @@ class SubjectController extends Controller
*/
public function edit(Subject $subject): View
{
if(request()->user()->cannot('update', $subject)) {
abort(403);
}
return view('subjects.edit', [
'subject' => $subject,
]);
@ -65,6 +78,10 @@ class SubjectController extends Controller
*/
public function update(SubjectPostRequest $request, Subject $subject): RedirectResponse
{
if(request()->user()->cannot('update', $subject)) {
abort(403);
}
return redirect()->route(
'subjects.show',
$subject->update($request->validated())
@ -76,6 +93,10 @@ class SubjectController extends Controller
*/
public function destroy(Subject $subject): RedirectResponse
{
if(request()->user()->cannot('delete', $subject)) {
abort(403);
}
$subject->delete();
return redirect()->route('subjects.index');

1
app/Http/Controllers/SubjectTeacherController.php
View File

@ -5,7 +5,6 @@ namespace App\Http\Controllers;
use App\Http\Requests\SubjectTeacherPostRequest;
use App\Models\Subject;
use App\Models\Teacher;
use App\Services\ServiceInterface;
use Illuminate\Http\RedirectResponse;
use Illuminate\View\View;

29
app/Http/Controllers/TeacherController.php
View File

@ -4,7 +4,6 @@ namespace App\Http\Controllers;
use App\Http\Requests\TeacherPostRequest;
use App\Models\Teacher;
use App\Services\ServiceInterface;
use App\Services\TeacherService;
use Illuminate\Http\RedirectResponse;
use Illuminate\View\View;
@ -21,6 +20,10 @@ class TeacherController extends Controller
*/
public function index(): View
{
if(request()->user()->cannot('viewAny', Teacher::class)) {
abort(403);
}
return view('teachers.index', [
'teachers' => Teacher::filter()->paginate(5)->withQueryString(),
]);
@ -31,6 +34,10 @@ class TeacherController extends Controller
*/
public function create(): View
{
if(request()->user()->cannot('create', Teacher::class)) {
abort(403);
}
return view('teachers.create');
}
@ -39,6 +46,10 @@ class TeacherController extends Controller
*/
public function store(TeacherPostRequest $request): RedirectResponse
{
if(request()->user()->cannot('create', Teacher::class)) {
abort(403);
}
return redirect()->route(
'teachers.show',
$this->service->create($request->validated())
@ -50,6 +61,10 @@ class TeacherController extends Controller
*/
public function show(Teacher $teacher): View
{
if(request()->user()->cannot('view', $teacher)) {
abort(403);
}
return view('teachers.show', [
'teacher' => $teacher,
'subjects' => $teacher->subjects,
@ -61,6 +76,10 @@ class TeacherController extends Controller
*/
public function edit(Teacher $teacher): View
{
if(request()->user()->cannot('update', $teacher)) {
abort(403);
}
return view('teachers.edit', [
'teacher' => $teacher,
]);
@ -71,6 +90,10 @@ class TeacherController extends Controller
*/
public function update(TeacherPostRequest $request, Teacher $teacher): RedirectResponse
{
if(request()->user()->cannot('update', $teacher)) {
abort(403);
}
return redirect()->route(
'teachers.show',
$this->service->update($teacher, $request->validated())
@ -82,6 +105,10 @@ class TeacherController extends Controller
*/
public function destroy(Teacher $teacher): RedirectResponse
{
if(request()->user()->cannot('update', $teacher)) {
abort(403);
}
$teacher->user()->delete();
$teacher->delete();

26
app/Http/Middleware/AdminAction.php Normal file
View File

@ -0,0 +1,26 @@
<?php
namespace App\Http\Middleware;
use App\Models\Admin;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Symfony\Component\HttpFoundation\Response;
class AdminAction
{
/**
* Handle an incoming request.
*
* @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next
*/
public function handle(Request $request, Closure $next): Response
{
if (Auth::user()->userable_type != Admin::class) {
abort(403);
}
return $next($request);
}
}

26
app/Http/Middleware/TeacherAction.php Normal file
View File

@ -0,0 +1,26 @@
<?php
namespace App\Http\Middleware;
use App\Models\Student;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Symfony\Component\HttpFoundation\Response;
class TeacherAction
{
/**
* Handle an incoming request.
*
* @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next
*/
public function handle(Request $request, Closure $next): Response
{
if (Auth::user()->userable_type != Student::class) {
abort(403);
}
return $next($request);
}
}

51
app/Policies/GradePolicy.php Normal file
View File

@ -0,0 +1,51 @@
<?php
namespace App\Policies;
use App\Models\Admin;
use App\Models\Grade;
use App\Models\Student;
use App\Models\User;
class GradePolicy
{
/**
* Determine whether the user can view any models.
*/
public function viewAny(User $user): bool
{
return $user->userable_type != Student::class;
}
/**
* Determine whether the user can view the model.
*/
public function view(User $user, Grade $grade): bool
{
return $user->userable_type != Student::class;
}
/**
* Determine whether the user can create models.
*/
public function create(User $user): bool
{
return $user->userable_type == Admin::class;
}
/**
* Determine whether the user can update the model.
*/
public function update(User $user, Grade $grade): bool
{
return $user->userable_type == Admin::class;
}
/**
* Determine whether the user can delete the model.
*/
public function delete(User $user, Grade $grade): bool
{
return $user->userable_type == Admin::class;
}
}

52
app/Policies/LessonPolicy.php Normal file
View File

@ -0,0 +1,52 @@
<?php
namespace App\Policies;
use App\Models\Admin;
use App\Models\Grade;
use App\Models\Lesson;
use App\Models\Student;
use App\Models\User;
class LessonPolicy
{
/**
* Determine whether the user can view any models.
*/
public function viewAny(User $user, Grade $grade): bool
{
return $user->userable_type != Student::class || $user->userable->grade_id == $grade->id;
}
/**
* Determine whether the user can view the model.
*/
public function view(User $user, Lesson $lesson): bool
{
return $user->userable_type != Student::class || $user->userable->grade_id == $lesson->grade_id;
}
/**
* Determine whether the user can create models.
*/
public function create(User $user): bool
{
return $user->userable_type == Admin::class;
}
/**
* Determine whether the user can update the model.
*/
public function update(User $user, Lesson $lesson): bool
{
return $user->userable_type == Admin::class;
}
/**
* Determine whether the user can delete the model.
*/
public function delete(User $user, Lesson $lesson): bool
{
return $user->userable_type == Admin::class;
}
}

50
app/Policies/StudentPolicy.php Normal file
View File

@ -0,0 +1,50 @@
<?php
namespace App\Policies;
use App\Models\Admin;
use App\Models\Student;
use App\Models\User;
class StudentPolicy
{
/**
* Determine whether the user can view any models.
*/
public function viewAny(User $user): bool
{
return $user->userable_type != Student::class;
}
/**
* Determine whether the user can view the model.
*/
public function view(User $user, Student $student): bool
{
return $user->userable_type != Student::class;
}
/**
* Determine whether the user can create models.
*/
public function create(User $user): bool
{
return $user->userable_type != Admin::class;
}
/**
* Determine whether the user can update the model.
*/
public function update(User $user, Student $student): bool
{
return $user->userable_type != Admin::class;
}
/**
* Determine whether the user can delete the model.
*/
public function delete(User $user, Student $student): bool
{
return $user->userable_type != Admin::class;
}
}

34
app/Policies/SubjectPolicy.php Normal file
View File

@ -0,0 +1,34 @@
<?php
namespace App\Policies;
use App\Models\Admin;
use App\Models\Subject;
use App\Models\User;
class SubjectPolicy
{
/**
* Determine whether the user can create models.
*/
public function create(User $user): bool
{
return $user->userable_type == Admin::class;
}
/**
* Determine whether the user can update the model.
*/
public function update(User $user, Subject $subject): bool
{
return $user->userable_type == Admin::class;
}
/**
* Determine whether the user can delete the model.
*/
public function delete(User $user, Subject $subject): bool
{
return $user->userable_type == Admin::class;
}
}

51
app/Policies/TeacherPolicy.php Normal file
View File

@ -0,0 +1,51 @@
<?php
namespace App\Policies;
use App\Models\Admin;
use App\Models\Student;
use App\Models\Teacher;
use App\Models\User;
class TeacherPolicy
{
/**
* Determine whether the user can view any models.
*/
public function viewAny(User $user): bool
{
return $user->userable_type != Student::class;
}
/**
* Determine whether the user can view the model.
*/
public function view(User $user, Teacher $teacher): bool
{
return $user->userable_type == Teacher::class;
}
/**
* Determine whether the user can create models.
*/
public function create(User $user): bool
{
return $user->userable_type == Admin::class;
}
/**
* Determine whether the user can update the model.
*/
public function update(User $user, Teacher $teacher): bool
{
return $user->userable_type == Admin::class;
}
/**
* Determine whether the user can delete the model.
*/
public function delete(User $user, Teacher $teacher): bool
{
return $user->userable_type == Admin::class;
}
}

24
app/Services/SubjectService.php Normal file
View File

@ -0,0 +1,24 @@
<?php
namespace App\Services;
use App\Models\Student;
use App\Models\Subject;
use Illuminate\Support\Facades\Auth;
class SubjectService
{
public function getSubjects()
{
if(Auth::user()->userable_type == Student::class) {
$student = Auth::user()->userable;
return Subject::whereIn('id', $student->grade->subjects->pluck('id'))
->filter()
->paginate(5)
->withQueryString();
}
return Subject::filter()->paginate(5)->withQueryString();
}
}

17
routes/web.php
View File

@ -1,6 +1,8 @@
<?php
use App\Http\Controllers\ProfileController;
use App\Http\Middleware\AdminAction;
use App\Http\Middleware\TeacherAction;
use Illuminate\Support\Facades\Route;
use App\Http\Controllers\GradeController;
use App\Http\Controllers\GradeSubjectController;
@ -33,11 +35,16 @@ Route::middleware('auth')->group(function () {
'grades.lessons' => LessonController::class,
]);
Route::resource('teachers.subjects', SubjectTeacherController::class)->except('index');
Route::resource('teachers.subjects.grades', GradeTeacherController::class)->except('index', 'show');
Route::resource('grades.subjects', GradeSubjectController::class)->except('index', 'show');
Route::get('lessons/{lesson}/scores', [ScoreController::class, 'show'])->name('lessons.scores.show');
Route::put('lessons/{lesson}/scores', [ScoreController::class, 'update'])->name('lessons.scores.update');
Route::middleware([AdminAction::class])->group(function () {
Route::resource('teachers.subjects', SubjectTeacherController::class)->except('index');
Route::resource('teachers.subjects.grades', GradeTeacherController::class)->except('index', 'show');
Route::resource('grades.subjects', GradeSubjectController::class)->except('index', 'show');
});
Route::middleware([TeacherAction::class])->group(function () {
Route::get('lessons/{lesson}/scores', [ScoreController::class, 'show'])->name('lessons.scores.show');
Route::put('lessons/{lesson}/scores', [ScoreController::class, 'update'])->name('lessons.scores.update');
});
Route::get('export-pdf', [SubjectController::class, 'exportToPDF'])->name('export-pdf');
});