Pilots cannot use the dashboard or flights without admin rights (#481)

* Use auth middleware instead of specific groups for logged in state

* Auth check for admin access

* Check user admin access for updates

* Formatting
This commit is contained in:
Nabeel S
2019-12-25 13:31:09 +05:00
committed by GitHub
parent 66a1192739
commit 17637c32d4
9 changed files with 173 additions and 112 deletions

View File

@@ -42,7 +42,6 @@ class Kernel extends ConsoleKernel
*/
protected function commands(): void
{
require app_path('Http/Routes/console.php');
$this->load(__DIR__.'/Commands');
$this->load(__DIR__.'/Cron');
}

View File

@@ -21,10 +21,10 @@ users:
updated_at: now
- id: 2
pilot_id: 2
name: Carla Walters
email: carla.walters68@example.com
password: admin
api_key: testuserapikey1
name: Test User
email: test@phpvms.net
password: test
api_key: testuserapikey
airline_id: 1
rank_id: 1
home_airport_id: KJFK
@@ -34,7 +34,7 @@ users:
transfer_time: 360
created_at: now
updated_at: now
state: 0
state: 1
opt_in: 1
toc_accepted: 1
- id: 3

View File

@@ -17,9 +17,6 @@ use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Log;
/**
* Class RegisterController
*/
class RegisterController extends Controller
{
use RegistersUsers;
@@ -58,7 +55,7 @@ class RegisterController extends Controller
/**
* @throws \Exception
*
* @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
* @return mixed
*/
public function showRegistrationForm()
{

View File

@@ -10,7 +10,6 @@ use App\Http\Middleware\RedirectIfAuthenticated;
use App\Http\Middleware\UpdatePending;
use App\Http\Middleware\VerifyCsrfToken;
use Illuminate\Auth\Middleware\Authenticate;
use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
use Illuminate\Auth\Middleware\Authorize;
use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
@@ -44,14 +43,12 @@ class Kernel extends HttpKernel
ShareErrorsFromSession::class,
VerifyCsrfToken::class,
SubstituteBindings::class,
//\Spatie\Pjax\Middleware\FilterIfPjax::class,
],
];
protected $routeMiddleware = [
'api.auth' => ApiAuth::class,
'auth' => Authenticate::class,
'auth.basic' => AuthenticateWithBasicAuth::class,
'bindings' => SubstituteBindings::class,
'can' => Authorize::class,
'guest' => RedirectIfAuthenticated::class,

View File

@@ -2,101 +2,183 @@
/**
* Admin Routes
*/
Route::group([
'namespace' => 'Admin', 'prefix' => 'admin', 'as' => 'admin.',
'middleware' => ['ability:admin,admin-access'],
], static function () {
// CRUD for airlines
Route::resource('airlines', 'AirlinesController');
use Illuminate\Support\Facades\Route;
// CRUD for roles
Route::resource('roles', 'RolesController');
Route::group(
[
'namespace' => 'Admin',
'prefix' => 'admin',
'as' => 'admin.',
'middleware' => ['auth', 'ability:admin,admin-access'],
],
static function () {
// CRUD for airlines
Route::resource('airlines', 'AirlinesController');
Route::get('airports/export', 'AirportController@export')->name('airports.export');
Route::match(['get', 'post', 'put'], 'airports/fuel', 'AirportController@fuel');
Route::match(['get', 'post'], 'airports/import', 'AirportController@import')->name('airports.import');
Route::match(['get', 'post', 'put', 'delete'], 'airports/{id}/expenses', 'AirportController@expenses');
Route::resource('airports', 'AirportController');
// CRUD for roles
Route::resource('roles', 'RolesController');
// Awards
Route::resource('awards', 'AwardController');
Route::get('airports/export', 'AirportController@export')->name('airports.export');
Route::match(['get', 'post', 'put'], 'airports/fuel', 'AirportController@fuel');
// aircraft and fare associations
Route::get('aircraft/export', 'AircraftController@export')->name('aircraft.export');
Route::match(['get', 'post'], 'aircraft/import', 'AircraftController@import')->name('aircraft.import');
Route::match(['get', 'post', 'put', 'delete'], 'aircraft/{id}/expenses', 'AircraftController@expenses');
Route::resource('aircraft', 'AircraftController');
Route::match(['get', 'post'], 'airports/import', 'AirportController@import')->name(
'airports.import'
);
// expenses
Route::get('expenses/export', 'ExpenseController@export')->name('expenses.export');
Route::match(['get', 'post'], 'expenses/import', 'ExpenseController@import')->name('expenses.import');
Route::resource('expenses', 'ExpenseController');
Route::match(
['get', 'post', 'put', 'delete'],
'airports/{id}/expenses',
'AirportController@expenses'
);
// fares
Route::get('fares/export', 'FareController@export')->name('fares.export');
Route::match(['get', 'post'], 'fares/import', 'FareController@import')->name('fares.import');
Route::resource('fares', 'FareController');
Route::resource('airports', 'AirportController');
// files
Route::post('files', 'FileController@store')->name('files.store');
Route::delete('files/{id}', 'FileController@destroy')->name('files.delete');
// Awards
Route::resource('awards', 'AwardController');
// finances
Route::resource('finances', 'FinanceController');
// aircraft and fare associations
Route::get('aircraft/export', 'AircraftController@export')->name('aircraft.export');
// flights and aircraft associations
Route::get('flights/export', 'FlightController@export')->name('flights.export');
Route::match(['get', 'post'], 'flights/import', 'FlightController@import')->name('flights.import');
Route::match(['get', 'post', 'put', 'delete'], 'flights/{id}/fares', 'FlightController@fares');
Route::match(['get', 'post', 'put', 'delete'], 'flights/{id}/fields', 'FlightController@field_values');
Route::match(['get', 'post', 'put', 'delete'], 'flights/{id}/subfleets', 'FlightController@subfleets');
Route::resource('flights', 'FlightController');
Route::match(['get', 'post'], 'aircraft/import', 'AircraftController@import')->name(
'aircraft.import'
);
Route::resource('flightfields', 'FlightFieldController');
Route::match(
['get', 'post', 'put', 'delete'],
'aircraft/{id}/expenses',
'AircraftController@expenses'
);
// pirep related routes
Route::get('pireps/fares', 'PirepController@fares');
Route::get('pireps/pending', 'PirepController@pending');
Route::resource('pireps', 'PirepController');
Route::match(['get', 'post', 'delete'], 'pireps/{id}/comments', 'PirepController@comments');
Route::match(['post', 'put'], 'pireps/{id}/status', 'PirepController@status')->name('pirep.status');
Route::resource('aircraft', 'AircraftController');
Route::resource('pirepfields', 'PirepFieldController');
// expenses
Route::get('expenses/export', 'ExpenseController@export')->name('expenses.export');
// rankings
Route::resource('ranks', 'RankController');
Route::match(['get', 'post', 'put', 'delete'], 'ranks/{id}/subfleets', 'RankController@subfleets');
Route::match(['get', 'post'], 'expenses/import', 'ExpenseController@import')->name(
'expenses.import'
);
// settings
Route::match(['get'], 'settings', 'SettingsController@index');
Route::match(['post', 'put'], 'settings', 'SettingsController@update')->name('settings.update');
Route::resource('expenses', 'ExpenseController');
// maintenance
Route::match(['get'], 'maintenance', 'MaintenanceController@index')->name('maintenance.index');
Route::match(['post'], 'maintenance', 'MaintenanceController@cache')->name('maintenance.cache');
// fares
Route::get('fares/export', 'FareController@export')->name('fares.export');
// subfleet
Route::get('subfleets/export', 'SubfleetController@export')->name('subfleets.export');
Route::match(['get', 'post'], 'subfleets/import', 'SubfleetController@import')->name('subfleets.import');
Route::match(['get', 'post', 'put', 'delete'], 'subfleets/{id}/expenses', 'SubfleetController@expenses');
Route::match(['get', 'post', 'put', 'delete'], 'subfleets/{id}/fares', 'SubfleetController@fares');
Route::match(['get', 'post', 'put', 'delete'], 'subfleets/{id}/ranks', 'SubfleetController@ranks');
Route::resource('subfleets', 'SubfleetController');
Route::match(['get', 'post'], 'fares/import', 'FareController@import')->name(
'fares.import'
);
Route::resource('users', 'UserController');
Route::get(
'users/{id}/regen_apikey',
'UserController@regen_apikey'
)->name('users.regen_apikey');
Route::resource('fares', 'FareController');
// defaults
Route::get('', ['uses' => 'DashboardController@index'])->middleware('update_pending');
Route::get('/', ['uses' => 'DashboardController@index'])->middleware('update_pending');
// files
Route::post('files', 'FileController@store')->name('files.store');
Route::delete('files/{id}', 'FileController@destroy')->name('files.delete');
Route::get('dashboard', ['uses' => 'DashboardController@index', 'name' => 'dashboard']);
Route::match(
['get', 'post', 'delete'],
'dashboard/news',
['uses' => 'DashboardController@news']
)->name('dashboard.news');
});
// finances
Route::resource('finances', 'FinanceController');
// flights and aircraft associations
Route::get('flights/export', 'FlightController@export')->name('flights.export');
Route::match(['get', 'post'], 'flights/import', 'FlightController@import')->name(
'flights.import'
);
Route::match(
['get', 'post', 'put', 'delete'],
'flights/{id}/fares',
'FlightController@fares'
);
Route::match(
['get', 'post', 'put', 'delete'],
'flights/{id}/fields',
'FlightController@field_values'
);
Route::match(
['get', 'post', 'put', 'delete'],
'flights/{id}/subfleets',
'FlightController@subfleets'
);
Route::resource('flights', 'FlightController');
Route::resource('flightfields', 'FlightFieldController');
// pirep related routes
Route::get('pireps/fares', 'PirepController@fares');
Route::get('pireps/pending', 'PirepController@pending');
Route::resource('pireps', 'PirepController');
Route::match(['get', 'post', 'delete'], 'pireps/{id}/comments', 'PirepController@comments');
Route::match(['post', 'put'], 'pireps/{id}/status', 'PirepController@status')->name(
'pirep.status'
);
Route::resource('pirepfields', 'PirepFieldController');
// rankings
Route::resource('ranks', 'RankController');
Route::match(
['get', 'post', 'put', 'delete'],
'ranks/{id}/subfleets',
'RankController@subfleets'
);
// settings
Route::match(['get'], 'settings', 'SettingsController@index');
Route::match(['post', 'put'], 'settings', 'SettingsController@update')->name(
'settings.update'
);
// maintenance
Route::match(['get'], 'maintenance', 'MaintenanceController@index')->name(
'maintenance.index'
);
Route::match(['post'], 'maintenance', 'MaintenanceController@cache')->name(
'maintenance.cache'
);
// subfleet
Route::get('subfleets/export', 'SubfleetController@export')->name('subfleets.export');
Route::match(['get', 'post'], 'subfleets/import', 'SubfleetController@import')->name(
'subfleets.import'
);
Route::match(
['get', 'post', 'put', 'delete'],
'subfleets/{id}/expenses',
'SubfleetController@expenses'
);
Route::match(
['get', 'post', 'put', 'delete'],
'subfleets/{id}/fares',
'SubfleetController@fares'
);
Route::match(
['get', 'post', 'put', 'delete'],
'subfleets/{id}/ranks',
'SubfleetController@ranks'
);
Route::resource('subfleets', 'SubfleetController');
Route::resource('users', 'UserController');
Route::get(
'users/{id}/regen_apikey',
'UserController@regen_apikey'
)->name('users.regen_apikey');
// defaults
Route::get('', ['uses' => 'DashboardController@index'])->middleware('update_pending');
Route::get('/', ['uses' => 'DashboardController@index'])->middleware('update_pending');
Route::get('dashboard', ['uses' => 'DashboardController@index', 'name' => 'dashboard']);
Route::match(
['get', 'post', 'delete'],
'dashboard/news',
['uses' => 'DashboardController@news']
)->name('dashboard.news');
}
);

View File

@@ -3,6 +3,8 @@
/**
* Public routes
*/
use Illuminate\Support\Facades\Route;
Route::group([], function () {
Route::get('acars', 'AcarsController@live_flights');
Route::get('acars/geojson', 'AcarsController@pireps_geojson');

View File

@@ -1,18 +0,0 @@
<?php
use Illuminate\Foundation\Inspiring;
/*
|--------------------------------------------------------------------------
| Console Routes
|--------------------------------------------------------------------------
|
| This file is where you may define all of your Closure based console
| commands. Each Closure is bound to a command instance allowing a
| simple approach to interacting with each command's IO methods.
|
*/
Artisan::command('inspire', function () {
$this->comment(Inspiring::quote());
});

View File

@@ -4,6 +4,8 @@
* User doesn't need to be logged in for these
*/
use App\Http\Middleware\SetActiveTheme;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Route;
Route::group([
'namespace' => 'Frontend', 'prefix' => '', 'as' => 'frontend.',
@@ -24,7 +26,7 @@ Route::group([
*/
Route::group([
'namespace' => 'Frontend', 'prefix' => '', 'as' => 'frontend.',
'middleware' => ['role:admin|user', SetActiveTheme::class],
'middleware' => ['auth', SetActiveTheme::class],
], function () {
Route::resource('dashboard', 'DashboardController');

View File

@@ -23,7 +23,7 @@ class UpdateServiceProvider extends ServiceProvider
Route::group([
'as' => 'update.',
'prefix' => 'update',
'middleware' => ['web'],
'middleware' => ['auth', 'ability:admin,admin-access', 'web'],
'namespace' => 'Modules\Updater\Http\Controllers',
], function () {
Route::get('/', 'UpdateController@index')->name('index');