Skip to content
Permalink
Browse files
Patch csrf issue for admin activate/deactivation
  • Loading branch information
changeweb committed Aug 11, 2021
1 parent d2f5786 commit a6497ac3c28fffd3147c6df6264c58b3d945386a
Showing with 22 additions and 10 deletions.
  1. +6 −6 app/Http/Controllers/UserController.php
  2. +14 −2 resources/views/school/admin-list.blade.php
  3. +2 −2 routes/web.php
@@ -373,12 +373,12 @@ public function update(UpdateUserRequest $request)

/**
* Activate admin
* @param $id
* @param Request $request
* @return \Illuminate\Http\RedirectResponse
*/
public function activateAdmin($id)
public function activateAdmin(Request $request)
{
$admin = $this->user->find($id);
$admin = $this->user->find($request->id);

if ($admin->active !== 0) {
$admin->active = 0;
@@ -393,12 +393,12 @@ public function activateAdmin($id)

/**
* Deactivate admin
* @param $id
* @param Request $request
* @return \Illuminate\Http\RedirectResponse
*/
public function deactivateAdmin($id)
public function deactivateAdmin(Request $request)
{
$admin = $this->user->find($id);
$admin = $this->user->find($request->id);

if ($admin->active !== 1) {
$admin->active = 1;
@@ -37,15 +37,27 @@
<tr>
<td>
@if($admin->active == 0)
<a href="{{url('master/activate-admin/'.$admin->id)}}" class="btn btn-xs btn-success"
<a href="{{ route('master.activate.admin') }}" onclick="event.preventDefault();
document.getElementById('activate-admin-'+{{$admin->id}}).submit();" class="btn btn-xs btn-success"
role="button"><i class="material-icons">
done
</i>@lang('Activate')</a>

<form id="activate-admin-{{$admin->id}}" action="{{ route('master.activate.admin') }}" method="POST" style="display: none;">
{{ csrf_field() }}
<input type="hidden" name="id" value="{{$admin->id}}">
</form>
@else
<a href="{{url('master/deactivate-admin/'.$admin->id)}}" class="btn btn-xs btn-danger"
<a href="{{ route('master.deactivate.admin') }}" onclick="event.preventDefault();
document.getElementById('deactivate-admin-'+{{$admin->id}}).submit();" class="btn btn-xs btn-danger"
role="button"><i class="material-icons">
clear
</i>@lang('Deactivate')</a>

<form id="deactivate-admin-{{$admin->id}}" action="{{ route('master.deactivate.admin') }}" method="POST" style="display: none;">
{{ csrf_field() }}
<input type="hidden" name="id" value="{{$admin->id}}">
</form>
@endif
</td>
<td>
@@ -173,8 +173,8 @@
return redirect()->route('register');
});
Route::post('register/admin', 'UserController@storeAdmin');
Route::get('master/activate-admin/{id}', 'UserController@activateAdmin');
Route::get('master/deactivate-admin/{id}', 'UserController@deactivateAdmin');
Route::post('master/activate-admin', 'UserController@activateAdmin')->name('master.activate.admin');
Route::post('master/deactivate-admin', 'UserController@deactivateAdmin')->name('master.deactivate.admin');
Route::get('school/admin-list/{school_id}', 'SchoolController@show');
});

0 comments on commit a6497ac

Please sign in to comment.