Pilots cannot use the dashboard or flights without admin rights (#481)
* Use auth middleware instead of specific groups for logged in state * Auth check for admin access * Check user admin access for updates * Formatting
This commit is contained in:
Nabeel S
@@ -42,7 +42,6 @@ class Kernel extends ConsoleKernel
|
||||
*/
|
||||
protected function commands(): void
|
||||
{
|
||||
require app_path('Http/Routes/console.php');
|
||||
$this->load(__DIR__.'/Commands');
|
||||
$this->load(__DIR__.'/Cron');
|
||||
}
|
||||
|
||||
@@ -21,10 +21,10 @@ users:
|
||||
updated_at: now
|
||||
- id: 2
|
||||
pilot_id: 2
|
||||
name: Carla Walters
|
||||
email: carla.walters68@example.com
|
||||
password: admin
|
||||
api_key: testuserapikey1
|
||||
name: Test User
|
||||
email: test@phpvms.net
|
||||
password: test
|
||||
api_key: testuserapikey
|
||||
airline_id: 1
|
||||
rank_id: 1
|
||||
home_airport_id: KJFK
|
||||
@@ -34,7 +34,7 @@ users:
|
||||
transfer_time: 360
|
||||
created_at: now
|
||||
updated_at: now
|
||||
state: 0
|
||||
state: 1
|
||||
opt_in: 1
|
||||
toc_accepted: 1
|
||||
- id: 3
|
||||
|
||||
@@ -17,9 +17,6 @@ use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Hash;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
|
||||
/**
|
||||
* Class RegisterController
|
||||
*/
|
||||
class RegisterController extends Controller
|
||||
{
|
||||
use RegistersUsers;
|
||||
@@ -58,7 +55,7 @@ class RegisterController extends Controller
|
||||
/**
|
||||
* @throws \Exception
|
||||
*
|
||||
* @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
|
||||
* @return mixed
|
||||
*/
|
||||
public function showRegistrationForm()
|
||||
{
|
||||
|
||||
@@ -10,7 +10,6 @@ use App\Http\Middleware\RedirectIfAuthenticated;
|
||||
use App\Http\Middleware\UpdatePending;
|
||||
use App\Http\Middleware\VerifyCsrfToken;
|
||||
use Illuminate\Auth\Middleware\Authenticate;
|
||||
use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
|
||||
use Illuminate\Auth\Middleware\Authorize;
|
||||
use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
|
||||
use Illuminate\Foundation\Http\Kernel as HttpKernel;
|
||||
@@ -44,14 +43,12 @@ class Kernel extends HttpKernel
|
||||
ShareErrorsFromSession::class,
|
||||
VerifyCsrfToken::class,
|
||||
SubstituteBindings::class,
|
||||
//\Spatie\Pjax\Middleware\FilterIfPjax::class,
|
||||
],
|
||||
];
|
||||
|
||||
protected $routeMiddleware = [
|
||||
'api.auth' => ApiAuth::class,
|
||||
'auth' => Authenticate::class,
|
||||
'auth.basic' => AuthenticateWithBasicAuth::class,
|
||||
'bindings' => SubstituteBindings::class,
|
||||
'can' => Authorize::class,
|
||||
'guest' => RedirectIfAuthenticated::class,
|
||||
|
||||
@@ -2,101 +2,183 @@
|
||||
/**
|
||||
* Admin Routes
|
||||
*/
|
||||
Route::group([
|
||||
'namespace' => 'Admin', 'prefix' => 'admin', 'as' => 'admin.',
|
||||
'middleware' => ['ability:admin,admin-access'],
|
||||
], static function () {
|
||||
// CRUD for airlines
|
||||
Route::resource('airlines', 'AirlinesController');
|
||||
use Illuminate\Support\Facades\Route;
|
||||
|
||||
// CRUD for roles
|
||||
Route::resource('roles', 'RolesController');
|
||||
Route::group(
|
||||
[
|
||||
'namespace' => 'Admin',
|
||||
'prefix' => 'admin',
|
||||
'as' => 'admin.',
|
||||
'middleware' => ['auth', 'ability:admin,admin-access'],
|
||||
],
|
||||
static function () {
|
||||
// CRUD for airlines
|
||||
Route::resource('airlines', 'AirlinesController');
|
||||
|
||||
Route::get('airports/export', 'AirportController@export')->name('airports.export');
|
||||
Route::match(['get', 'post', 'put'], 'airports/fuel', 'AirportController@fuel');
|
||||
Route::match(['get', 'post'], 'airports/import', 'AirportController@import')->name('airports.import');
|
||||
Route::match(['get', 'post', 'put', 'delete'], 'airports/{id}/expenses', 'AirportController@expenses');
|
||||
Route::resource('airports', 'AirportController');
|
||||
// CRUD for roles
|
||||
Route::resource('roles', 'RolesController');
|
||||
|
||||
// Awards
|
||||
Route::resource('awards', 'AwardController');
|
||||
Route::get('airports/export', 'AirportController@export')->name('airports.export');
|
||||
Route::match(['get', 'post', 'put'], 'airports/fuel', 'AirportController@fuel');
|
||||
|
||||
// aircraft and fare associations
|
||||
Route::get('aircraft/export', 'AircraftController@export')->name('aircraft.export');
|
||||
Route::match(['get', 'post'], 'aircraft/import', 'AircraftController@import')->name('aircraft.import');
|
||||
Route::match(['get', 'post', 'put', 'delete'], 'aircraft/{id}/expenses', 'AircraftController@expenses');
|
||||
Route::resource('aircraft', 'AircraftController');
|
||||
Route::match(['get', 'post'], 'airports/import', 'AirportController@import')->name(
|
||||
'airports.import'
|
||||
);
|
||||
|
||||
// expenses
|
||||
Route::get('expenses/export', 'ExpenseController@export')->name('expenses.export');
|
||||
Route::match(['get', 'post'], 'expenses/import', 'ExpenseController@import')->name('expenses.import');
|
||||
Route::resource('expenses', 'ExpenseController');
|
||||
Route::match(
|
||||
['get', 'post', 'put', 'delete'],
|
||||
'airports/{id}/expenses',
|
||||
'AirportController@expenses'
|
||||
);
|
||||
|
||||
// fares
|
||||
Route::get('fares/export', 'FareController@export')->name('fares.export');
|
||||
Route::match(['get', 'post'], 'fares/import', 'FareController@import')->name('fares.import');
|
||||
Route::resource('fares', 'FareController');
|
||||
Route::resource('airports', 'AirportController');
|
||||
|
||||
// files
|
||||
Route::post('files', 'FileController@store')->name('files.store');
|
||||
Route::delete('files/{id}', 'FileController@destroy')->name('files.delete');
|
||||
// Awards
|
||||
Route::resource('awards', 'AwardController');
|
||||
|
||||
// finances
|
||||
Route::resource('finances', 'FinanceController');
|
||||
// aircraft and fare associations
|
||||
Route::get('aircraft/export', 'AircraftController@export')->name('aircraft.export');
|
||||
|
||||
// flights and aircraft associations
|
||||
Route::get('flights/export', 'FlightController@export')->name('flights.export');
|
||||
Route::match(['get', 'post'], 'flights/import', 'FlightController@import')->name('flights.import');
|
||||
Route::match(['get', 'post', 'put', 'delete'], 'flights/{id}/fares', 'FlightController@fares');
|
||||
Route::match(['get', 'post', 'put', 'delete'], 'flights/{id}/fields', 'FlightController@field_values');
|
||||
Route::match(['get', 'post', 'put', 'delete'], 'flights/{id}/subfleets', 'FlightController@subfleets');
|
||||
Route::resource('flights', 'FlightController');
|
||||
Route::match(['get', 'post'], 'aircraft/import', 'AircraftController@import')->name(
|
||||
'aircraft.import'
|
||||
);
|
||||
|
||||
Route::resource('flightfields', 'FlightFieldController');
|
||||
Route::match(
|
||||
['get', 'post', 'put', 'delete'],
|
||||
'aircraft/{id}/expenses',
|
||||
'AircraftController@expenses'
|
||||
);
|
||||
|
||||
// pirep related routes
|
||||
Route::get('pireps/fares', 'PirepController@fares');
|
||||
Route::get('pireps/pending', 'PirepController@pending');
|
||||
Route::resource('pireps', 'PirepController');
|
||||
Route::match(['get', 'post', 'delete'], 'pireps/{id}/comments', 'PirepController@comments');
|
||||
Route::match(['post', 'put'], 'pireps/{id}/status', 'PirepController@status')->name('pirep.status');
|
||||
Route::resource('aircraft', 'AircraftController');
|
||||
|
||||
Route::resource('pirepfields', 'PirepFieldController');
|
||||
// expenses
|
||||
Route::get('expenses/export', 'ExpenseController@export')->name('expenses.export');
|
||||
|
||||
// rankings
|
||||
Route::resource('ranks', 'RankController');
|
||||
Route::match(['get', 'post', 'put', 'delete'], 'ranks/{id}/subfleets', 'RankController@subfleets');
|
||||
Route::match(['get', 'post'], 'expenses/import', 'ExpenseController@import')->name(
|
||||
'expenses.import'
|
||||
);
|
||||
|
||||
// settings
|
||||
Route::match(['get'], 'settings', 'SettingsController@index');
|
||||
Route::match(['post', 'put'], 'settings', 'SettingsController@update')->name('settings.update');
|
||||
Route::resource('expenses', 'ExpenseController');
|
||||
|
||||
// maintenance
|
||||
Route::match(['get'], 'maintenance', 'MaintenanceController@index')->name('maintenance.index');
|
||||
Route::match(['post'], 'maintenance', 'MaintenanceController@cache')->name('maintenance.cache');
|
||||
// fares
|
||||
Route::get('fares/export', 'FareController@export')->name('fares.export');
|
||||
|
||||
// subfleet
|
||||
Route::get('subfleets/export', 'SubfleetController@export')->name('subfleets.export');
|
||||
Route::match(['get', 'post'], 'subfleets/import', 'SubfleetController@import')->name('subfleets.import');
|
||||
Route::match(['get', 'post', 'put', 'delete'], 'subfleets/{id}/expenses', 'SubfleetController@expenses');
|
||||
Route::match(['get', 'post', 'put', 'delete'], 'subfleets/{id}/fares', 'SubfleetController@fares');
|
||||
Route::match(['get', 'post', 'put', 'delete'], 'subfleets/{id}/ranks', 'SubfleetController@ranks');
|
||||
Route::resource('subfleets', 'SubfleetController');
|
||||
Route::match(['get', 'post'], 'fares/import', 'FareController@import')->name(
|
||||
'fares.import'
|
||||
);
|
||||
|
||||
Route::resource('users', 'UserController');
|
||||
Route::get(
|
||||
'users/{id}/regen_apikey',
|
||||
'UserController@regen_apikey'
|
||||
)->name('users.regen_apikey');
|
||||
Route::resource('fares', 'FareController');
|
||||
|
||||
// defaults
|
||||
Route::get('', ['uses' => 'DashboardController@index'])->middleware('update_pending');
|
||||
Route::get('/', ['uses' => 'DashboardController@index'])->middleware('update_pending');
|
||||
// files
|
||||
Route::post('files', 'FileController@store')->name('files.store');
|
||||
Route::delete('files/{id}', 'FileController@destroy')->name('files.delete');
|
||||
|
||||
Route::get('dashboard', ['uses' => 'DashboardController@index', 'name' => 'dashboard']);
|
||||
Route::match(
|
||||
['get', 'post', 'delete'],
|
||||
'dashboard/news',
|
||||
['uses' => 'DashboardController@news']
|
||||
)->name('dashboard.news');
|
||||
});
|
||||
// finances
|
||||
Route::resource('finances', 'FinanceController');
|
||||
|
||||
// flights and aircraft associations
|
||||
Route::get('flights/export', 'FlightController@export')->name('flights.export');
|
||||
|
||||
Route::match(['get', 'post'], 'flights/import', 'FlightController@import')->name(
|
||||
'flights.import'
|
||||
);
|
||||
|
||||
Route::match(
|
||||
['get', 'post', 'put', 'delete'],
|
||||
'flights/{id}/fares',
|
||||
'FlightController@fares'
|
||||
);
|
||||
|
||||
Route::match(
|
||||
['get', 'post', 'put', 'delete'],
|
||||
'flights/{id}/fields',
|
||||
'FlightController@field_values'
|
||||
);
|
||||
|
||||
Route::match(
|
||||
['get', 'post', 'put', 'delete'],
|
||||
'flights/{id}/subfleets',
|
||||
'FlightController@subfleets'
|
||||
);
|
||||
|
||||
Route::resource('flights', 'FlightController');
|
||||
|
||||
Route::resource('flightfields', 'FlightFieldController');
|
||||
|
||||
// pirep related routes
|
||||
Route::get('pireps/fares', 'PirepController@fares');
|
||||
Route::get('pireps/pending', 'PirepController@pending');
|
||||
Route::resource('pireps', 'PirepController');
|
||||
Route::match(['get', 'post', 'delete'], 'pireps/{id}/comments', 'PirepController@comments');
|
||||
Route::match(['post', 'put'], 'pireps/{id}/status', 'PirepController@status')->name(
|
||||
'pirep.status'
|
||||
);
|
||||
|
||||
Route::resource('pirepfields', 'PirepFieldController');
|
||||
|
||||
// rankings
|
||||
Route::resource('ranks', 'RankController');
|
||||
Route::match(
|
||||
['get', 'post', 'put', 'delete'],
|
||||
'ranks/{id}/subfleets',
|
||||
'RankController@subfleets'
|
||||
);
|
||||
|
||||
// settings
|
||||
Route::match(['get'], 'settings', 'SettingsController@index');
|
||||
Route::match(['post', 'put'], 'settings', 'SettingsController@update')->name(
|
||||
'settings.update'
|
||||
);
|
||||
|
||||
// maintenance
|
||||
Route::match(['get'], 'maintenance', 'MaintenanceController@index')->name(
|
||||
'maintenance.index'
|
||||
);
|
||||
Route::match(['post'], 'maintenance', 'MaintenanceController@cache')->name(
|
||||
'maintenance.cache'
|
||||
);
|
||||
|
||||
// subfleet
|
||||
Route::get('subfleets/export', 'SubfleetController@export')->name('subfleets.export');
|
||||
Route::match(['get', 'post'], 'subfleets/import', 'SubfleetController@import')->name(
|
||||
'subfleets.import'
|
||||
);
|
||||
|
||||
Route::match(
|
||||
['get', 'post', 'put', 'delete'],
|
||||
'subfleets/{id}/expenses',
|
||||
'SubfleetController@expenses'
|
||||
);
|
||||
|
||||
Route::match(
|
||||
['get', 'post', 'put', 'delete'],
|
||||
'subfleets/{id}/fares',
|
||||
'SubfleetController@fares'
|
||||
);
|
||||
|
||||
Route::match(
|
||||
['get', 'post', 'put', 'delete'],
|
||||
'subfleets/{id}/ranks',
|
||||
'SubfleetController@ranks'
|
||||
);
|
||||
|
||||
Route::resource('subfleets', 'SubfleetController');
|
||||
|
||||
Route::resource('users', 'UserController');
|
||||
Route::get(
|
||||
'users/{id}/regen_apikey',
|
||||
'UserController@regen_apikey'
|
||||
)->name('users.regen_apikey');
|
||||
|
||||
// defaults
|
||||
Route::get('', ['uses' => 'DashboardController@index'])->middleware('update_pending');
|
||||
Route::get('/', ['uses' => 'DashboardController@index'])->middleware('update_pending');
|
||||
|
||||
Route::get('dashboard', ['uses' => 'DashboardController@index', 'name' => 'dashboard']);
|
||||
Route::match(
|
||||
['get', 'post', 'delete'],
|
||||
'dashboard/news',
|
||||
['uses' => 'DashboardController@news']
|
||||
)->name('dashboard.news');
|
||||
}
|
||||
);
|
||||
|
||||
@@ -3,6 +3,8 @@
|
||||
/**
|
||||
* Public routes
|
||||
*/
|
||||
use Illuminate\Support\Facades\Route;
|
||||
|
||||
Route::group([], function () {
|
||||
Route::get('acars', 'AcarsController@live_flights');
|
||||
Route::get('acars/geojson', 'AcarsController@pireps_geojson');
|
||||
|
||||
@@ -1,18 +0,0 @@
|
||||
<?php
|
||||
|
||||
use Illuminate\Foundation\Inspiring;
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Console Routes
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| This file is where you may define all of your Closure based console
|
||||
| commands. Each Closure is bound to a command instance allowing a
|
||||
| simple approach to interacting with each command's IO methods.
|
||||
|
|
||||
*/
|
||||
|
||||
Artisan::command('inspire', function () {
|
||||
$this->comment(Inspiring::quote());
|
||||
});
|
||||
@@ -4,6 +4,8 @@
|
||||
* User doesn't need to be logged in for these
|
||||
*/
|
||||
use App\Http\Middleware\SetActiveTheme;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
use Illuminate\Support\Facades\Route;
|
||||
|
||||
Route::group([
|
||||
'namespace' => 'Frontend', 'prefix' => '', 'as' => 'frontend.',
|
||||
@@ -24,7 +26,7 @@ Route::group([
|
||||
*/
|
||||
Route::group([
|
||||
'namespace' => 'Frontend', 'prefix' => '', 'as' => 'frontend.',
|
||||
'middleware' => ['role:admin|user', SetActiveTheme::class],
|
||||
'middleware' => ['auth', SetActiveTheme::class],
|
||||
], function () {
|
||||
Route::resource('dashboard', 'DashboardController');
|
||||
|
||||
|
||||
@@ -23,7 +23,7 @@ class UpdateServiceProvider extends ServiceProvider
|
||||
Route::group([
|
||||
'as' => 'update.',
|
||||
'prefix' => 'update',
|
||||
'middleware' => ['web'],
|
||||
'middleware' => ['auth', 'ability:admin,admin-access', 'web'],
|
||||
'namespace' => 'Modules\Updater\Http\Controllers',
|
||||
], function () {
|
||||
Route::get('/', 'UpdateController@index')->name('index');
|
||||
|
||||
Reference in New Issue
Block a user