Skip to content

Commit

Permalink
work on user role
Browse files Browse the repository at this point in the history
  • Loading branch information
@dbarzin
dbarzin committed Nov 20, 2023
1 parent 1c74947 commit e2b2543
Show file tree
Hide file tree
Showing 13 changed files with 277 additions and 78 deletions.
8 changes: 5 additions & 3 deletions app/Console/Commands/SendNotifications.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
use Carbon\Carbon;
use Illuminate\Console\Command;
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\App;

class SendNotifications extends Command
{
Expand Down Expand Up @@ -66,10 +67,11 @@ public function handle()
->orderBy('plan_date')
->get();
if ($controls->count() > 0) {
$txt = htmlentities('Liste des contrôles à réaliser') . '<br><br>';
App::setlocale($user->language);
$txt = htmlentities(trans('cruds.notification.subject')) . '<br><br>';
foreach ($controls as $control) {
// Date
$txt .= '<a href="' . url('/control/show/'. $control->id) . '">';
$txt .= '<a href="' . url('/bob/show/'. $control->id) . '">';
$txt .= '<b>';
if (strtotime($control->plan_date) > strtotime('now')) {
$txt .= "<font color='green'>" . $control->plan_date .' </font>';
Expand All @@ -81,7 +83,7 @@ public function handle()
// Space
$txt .= ' &nbsp; - &nbsp; ';
// Clause
$txt .= '<a href="' . url('/measures/' . $control->measure_id) . '">'. htmlentities($control->clause) . '</a>';
$txt .= '<a href="' . url('/alice/' . $control->measure_id) . '">'. htmlentities($control->clause) . '</a>';
// Space
$txt .= ' &nbsp; - &nbsp; ';
// Name
Expand Down
153 changes: 136 additions & 17 deletions app/Http/Controllers/ControlController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,9 @@ class ControlController extends Controller
*/
public function index(Request $request)
{
// Not for API
abort_if(Auth::User()->role === 4, Response::HTTP_FORBIDDEN, '403 Forbidden');

// get all domains
$domains = Domain::All();

Expand Down Expand Up @@ -56,7 +59,12 @@ public function index(Request $request)
$scopes = DB::table('controls')
->select('scope')
->whereNotNull('scope')
->where('scope', '<>', '')
->where('scope', '<>', '');
if (Auth::User()->role === 5)
$scopes = $scopes
->leftjoin('control_user', 'controls.id', '=', 'control_user.control_id')
->where('control_user.user_id','=',Auth::User()->id);
$scopes = $scopes
->whereNull('realisation_date')
->distinct()
->orderBy('scope')
Expand Down Expand Up @@ -142,6 +150,12 @@ public function index(Request $request)
->leftjoin('controls as c2', 'c1.next_id', '=', 'c2.id')
->leftjoin('domains', 'c1.domain_id', '=', 'domains.id');

// filter on auditee controls
if (Auth::User()->role === 5)
$controls = $controls
->leftjoin('control_user', 'c1.id', '=', 'control_user.control_id')
->where('control_user.user_id','=',Auth::User()->id);

// Filter on domain
if (($domain !== null) && ($domain !== 0)) {
$controls = $controls->where('c1.domain_id', '=', $domain);
Expand Down Expand Up @@ -198,7 +212,7 @@ public function index(Request $request)
'domains.title',
]
)
->orderBy('c1.id')->get();
->orderBy('c1.id')->get();

// return view
return view('controls.index')
Expand Down Expand Up @@ -241,6 +255,20 @@ public function store()
*/
public function show(int $id)
{
// Not API
abort_if(Auth::User()->role === 4, Response::HTTP_FORBIDDEN, '403 Forbidden');

// for aditee only if he is assigne to that control
abort_if(
(
(Auth::User()->role === 5)&&
!DB::table('control_user')
->where('user_id',$id)
->where('control_id',Auth::User()->id)
->exists()
), Response::HTTP_FORBIDDEN, '403 Forbidden');

// Get control
$control = Control::find($id);

// Control not found
Expand Down Expand Up @@ -370,6 +398,12 @@ public function destroy(int $id)

public function history()
{
// Not API and auditee
abort_if(
(Auth::User()->role === 4)||
(Auth::User()->role === 5),
Response::HTTP_FORBIDDEN, '403 Forbidden');

// Get all controls
$controls = DB::table('controls')
->select('id', 'clause', 'score', 'realisation_date', 'plan_date')
Expand All @@ -382,6 +416,12 @@ public function history()

public function domains(Request $request)
{
// Not API and auditee
abort_if(
(Auth::User()->role === 4)||
(Auth::User()->role === 5),
Response::HTTP_FORBIDDEN, '403 Forbidden');

// get all active domains
$domains = DB::table('domains')
->select(DB::raw('distinct domains.id, domains.title'))
Expand Down Expand Up @@ -506,7 +546,6 @@ public function measures(Request $request)
$controls = $controls->where('c1.scope', '=', $cur_scope);
}
$controls = $controls
// ->where('c1.realisation_date', '<=', $cur_date)
->orderBy('clause')
->orderBy('scope')
->get();
Expand All @@ -521,6 +560,12 @@ public function measures(Request $request)

public function attributes(Request $request)
{
// Not API and auditee
abort_if(
(Auth::User()->role === 4)||
(Auth::User()->role === 5),
Response::HTTP_FORBIDDEN, '403 Forbidden');

// get all attributes
$attributes = DB::table('attributes')
->orderBy('name')
Expand Down Expand Up @@ -560,6 +605,9 @@ public function attributes(Request $request)
*/
public function plan(int $id)
{
// For administrators and users only
abort_if((Auth::User()->role !== 1) && (Auth::User()->role !== 2), Response::HTTP_FORBIDDEN, '403 Forbidden');

// does not exists in that way
$control = Control::find($id);

Expand Down Expand Up @@ -607,8 +655,8 @@ public function plan(int $id)
*/
public function unplan(Request $request)
{
// Not for Auditor
abort_if(Auth::User()->role === 3, Response::HTTP_FORBIDDEN, '403 Forbidden');
// For administrators and users only
abort_if((Auth::User()->role !== 1) && (Auth::User()->rol !== 2), Response::HTTP_FORBIDDEN, '403 Forbidden');

$control = Control
::whereNull('realisation_date')
Expand Down Expand Up @@ -681,6 +729,17 @@ public function make(Request $request)

$id = (int) request('id');

// for aditee only if he is assigne to that control
abort_if(
(
(Auth::User()->role === 5)&&
!DB::table('control_user')
->where('user_id',$id)
->where('control_id',Auth::User()->id)
->exists()
), Response::HTTP_FORBIDDEN, '403 Forbidden');

// Get control
$control = Control::find($id);

// Control not found
Expand All @@ -697,10 +756,21 @@ public function make(Request $request)
// save control_id in session for document upload
$request->session()->put('control', $id);

// compute next control date
$next_date=date('Y-m-d', strtotime($control->periodicity." months", strtotime($control->plan_date)));

// compute next control date
$next_date = $control->next_date==null ?
\Carbon\Carbon::createFromFormat('Y-m-d',$control->plan_date)
->addMonths($control->periodicity)
->format('Y-m-d')
: $control->next_date->format('Y-m-d');

// return view
return view('controls.make')
->with('control', $control)
->with('documents', $documents);
->with('documents', $documents)
->with('next_date', $next_date);
}

/**
Expand All @@ -712,10 +782,23 @@ public function make(Request $request)
*/
public function doMake()
{
// Log::Alert("doMake START");
// Not API and auditee
abort_if(
(Auth::User()->role === 4)||
(Auth::User()->role === 5),
Response::HTTP_FORBIDDEN, '403 Forbidden');

$id = (int) request('id');
// Log::Alert("doMake id=".$id);
// dd($request);

// for aditee only if he is assigne to that control
abort_if(
(
(Auth::User()->role === 5)&&
!DB::table('control_user')
->where('user_id',$id)
->where('control_id',Auth::User()->id)
->exists()
), Response::HTTP_FORBIDDEN, '403 Forbidden');

// check :
// plan date not in the past
Expand All @@ -737,12 +820,20 @@ public function doMake()
}

$control->observations = request('observations');
$control->plan_date = request('plan_date');
$control->realisation_date = request('realisation_date');
$control->note = request('note');
$control->score = request('score');
$control->action_plan = request('action_plan');

// only admin and user can update the plan_date, realisation_date and action_plan
if (
(Auth::User()->role === 1)||
(Auth::User()->role === 2)
) {
$control->plan_date = request('plan_date');
$control->realisation_date = request('realisation_date');
$control->action_plan = request('action_plan');
}
else {
$control->realisation_date = date("Y-m-d", strtotime('today'));
}
// Log::Alert("doMake realisation_date=".request("realisation_date"));

// if there is no next control
Expand All @@ -753,7 +844,15 @@ public function doMake()
$new_control->realisation_date = null;
$new_control->note = null;
$new_control->score = null;
$new_control->plan_date = request('next_date');
// only admin and user can update the plan_date, realisation_date and action_plan
if (
(Auth::User()->role === 1)||
(Auth::User()->role === 2)
)
$new_control->plan_date = request('next_date');
else
$new_control->plan_date=date('Y-m-d', strtotime($control->periodicity." months", strtotime($control->plan_date)));

$new_control->save();

// Set owners
Expand All @@ -766,7 +865,7 @@ public function doMake()
// update control
$control->update();

return redirect('/');
return redirect('/bob/index');
}

/**
Expand Down Expand Up @@ -815,15 +914,29 @@ public function save(Request $request)
*/
public function draft(Request $request)
{
// Not API and auditee
abort_if(
(Auth::User()->role === 4)||
(Auth::User()->role === 5),
Response::HTTP_FORBIDDEN, '403 Forbidden');

$id = (int) $request->get('id');

$control = Control::find($id);

$control->plan_date = request('plan_date');
$control->observations = request('observations');
$control->note = request('note');
$control->score = request('score');
$control->action_plan = request('action_plan');

// only admin and user can update the plan_date, realisation_date and action_plan
if (
(Auth::User()->role === 1)||
(Auth::User()->role === 2)
) {
$control->plan_date = request('plan_date');
$control->realisation_date = request('realisation_date');
$control->action_plan = request('action_plan');
}

$control->save();

Expand All @@ -832,11 +945,17 @@ public function draft(Request $request)

public function export()
{
// For administrators and users only
abort_if((Auth::User()->role !== 1) && (Auth::User()->rol !== 2), Response::HTTP_FORBIDDEN, '403 Forbidden');

return Excel::download(new ControlsExport(), trans('cruds.control.title') . '-' . now()->format('Y-m-d Hi') . '.xlsx');
}

public function template()
{
// For administrators and users only
abort_if((Auth::User()->role !== 1) && (Auth::User()->rol !== 2), Response::HTTP_FORBIDDEN, '403 Forbidden');

$id = (int) request('id');

// find associate measurement
Expand Down
15 changes: 10 additions & 5 deletions app/Http/Controllers/HomeController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
use Carbon\Carbon;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Auth;

class HomeController extends Controller
{
Expand All @@ -25,6 +26,10 @@ public function __construct()
*/
public function index(Request $request)
{
// redirect user to controls list
if (Auth::User()->role === 5)
return redirect('/bob/index');

// count active domains
$active_domains_count = DB::table('controls')
->select(
Expand Down Expand Up @@ -53,12 +58,12 @@ public function index(Request $request)
// count control never made
$controls_never_made = DB::select(
'
select domain_id
from controls c1
where realisation_date is null and
select domain_id
from controls c1
where realisation_date is null and
not exists (
select *
from controls c2
select *
from controls c2
where c2.next_id=c1.id);'
);

Expand Down
Loading

0 comments on commit e2b2543

Please sign in to comment.