Add helper funcs, verify admin access, add some API routes

2024-11-08 11:12:30 +01:00 · 2015-12-12 12:26:25 -05:00 · 2015-12-12 12:26:25 -05:00 · c48bcc491d
commit c48bcc491d
parent ba57778c80
9 changed files with 60 additions and 12 deletions
--- a/app/Http/Controllers/AdminController.php
+++ b/app/Http/Controllers/AdminController.php
@ -11,12 +11,17 @@ class AdminController extends Controller {
     * @return Response
     */
    public function displayAdminPage(Request $request) {
-        $role = session('role');
+        if (!$this->isLoggedIn()) {
+            return view('errors.404');
+        }
+
        $username = session('username');
+        $role = session('role');

        $admin_users = null;
        $admin_links = null;
-        if ($role == 'admin') {
+
+        if ($this->currIsAdmin()) {
            $admin_users = User::paginate(15);
            $admin_links = Link::paginate(15);
        }
--- a/app/Http/Controllers/AjaxController.php
+++ b/app/Http/Controllers/AjaxController.php
@ -5,7 +5,7 @@ use App\Helpers\LinkHelper;

 class AjaxController extends Controller {
    /**
-     * Process non-admin AJAX requests.
+     * Process AJAX requests.
     *
     * @return Response
     */
@ -24,4 +24,10 @@ class AjaxController extends Controller {
            return "available";
        }
    }
+
+    public function toggleAPIActive(Request $request) {
+        if (!$this->currIsAdmin()) {
+            abort(401, 'User not admin.');
+        }
+    }
 }
--- a/app/Http/Controllers/Controller.php
+++ b/app/Http/Controllers/Controller.php
@ -8,5 +8,23 @@ use App\Http\Controllers\Controller;


 class Controller extends BaseController {
-    //
+    protected function currIsAdmin() {
+        $role = session('role');
+        if ($role == 'admin') {
+            return true;
+        }
+        else {
+            return false;
+        }
+    }
+
+    protected function isLoggedIn() {
+        $username = session('username');
+        if (!isset($username)) {
+            return false;
+        }
+        else {
+            return true;
+        }
+    }
 }
--- a/app/Http/routes.php
+++ b/app/Http/routes.php
@ -36,3 +36,4 @@ $app->post('/shorten', ['as' => 'shorten', 'uses' => 'LinkController@performShor

 /* API endpoints */
 $app->post('/api/v2/link_avail_check', ['as' => 'link_check', 'uses' => 'AjaxController@checkLinkAvailability']);
+$app->post('/api/v2/admin/toggle_api_active', ['as' => 'link_check', 'uses' => 'AjaxController@toggleAPIActive']);
--- a/public/js/admin.js
+++ b/public/js/admin.js
@ -35,6 +35,7 @@ $(function () {
        var api_key = te.data('api-key');
        var api_active = te.data('api-active');
        var api_quota = te.data('api-quota');
+        var user_id = te.data('user-id');

        var markup = `
            <div>
@ -45,7 +46,7 @@ $(function () {
                    {{else}}
                        False
                    {{/if}}
-                    - <a href='#' class='btn btn-xs btn-success'>Active (click to toggle)</a>
+                    - <a href='#' data-user-id='{{user_id}}' class='toggle-api-active' class='btn btn-xs btn-success'>Active (click to toggle)</a>
                </p>
                <p>
                    <span>API Key: <code>{{api_key}}</code></span>
@ -74,4 +75,11 @@ $(function () {
        // activate modal
    });

+    $('.toggle-api-active').click(function () {
+        var toggle_user_id = $(this).data('user-id');
+        apiCall('admin/toggle_api_active', {
+            'user_id': toggle_user_id,
+        });
+    });
+
 });
--- a/public/js/api.js
+++ b/public/js/api.js
@ -0,0 +1,10 @@
+function apiCall(path, data) {
+    var base_api_path = '/api/v2/';
+    var api_path = base_api_path + path;
+    $.ajax({
+        url: api_path,
+        data: data
+    }).done(function(res) {
+        return res;
+    });
+}
--- a/resources/views/admin.blade.php
+++ b/resources/views/admin.blade.php
@ -72,5 +72,6 @@

 {{-- Include extra JS --}}
 <script src='/js/handlebars-v4.0.5.min.js'></script>
+<script src='/js/api.js'></script>
 <script src='/js/admin.js'></script>
@endsection
--- a/resources/views/snippets/navbar.blade.php
+++ b/resources/views/snippets/navbar.blade.php
@ -40,9 +40,9 @@
                <li class='dropdown'>
                <a class="dropdown-toggle login-name" href="#" data-toggle="dropdown">{{session('username')}} <strong class="caret"></strong></a>
                    <ul class="dropdown-menu pull-right" role="menu" aria-labelledby="dropdownMenu">
-                        <li><a tabindex="-1" href="admin">Dashboard</a></li>
-                        <li><a tabindex="-1" href="admin#settings">Settings</a></li>
-                        <li><a tabindex="-1" href="logout">Logout</a></li>
+                        <li><a tabindex="-1" href="{{route('admin')}}">Dashboard</a></li>
+                        <li><a tabindex="-1" href="{{route('admin')}}#settings">Settings</a></li>
+                        <li><a tabindex="-1" href="{{route('logout')}}">Logout</a></li>
                    </ul>
                </li>
            </div>
--- a/resources/views/snippets/user_table.blade.php
+++ b/resources/views/snippets/user_table.blade.php
@ -15,20 +15,19 @@
        <td>{{$user->active}}</td>
        {{-- <td>Active: {{$user->api_active}}</td> --}}
        <td>
-            <a href='#'
-                class='activate-api-modal btn btn-sm btn-info'
+            <a  class='activate-api-modal btn btn-sm btn-info'

                data-api-active='{{$user->api_active}}'
                data-api-key='{{$user->api_key}}'
                data-api-quota='{{$user->api_quota}}'
+                data-user-id='{{$user->id}}'
                data-username='{{$user->username}}'>
                API info
            </a>
        </td>

        <td>
-            <a href='#'
-                class='activate-edit-modal btn btn-sm btn-success'
+            <a  class='activate-edit-modal btn btn-sm btn-success'

                data-username='{{$user->username}}'>
                Edit