Skip to content

Commit

Permalink
work on auditee
Browse files Browse the repository at this point in the history
  • Loading branch information
@dbarzin
dbarzin committed Nov 21, 2023
1 parent a279a67 commit 3183b2d
Show file tree
Hide file tree
Showing 4 changed files with 151 additions and 62 deletions.
54 changes: 39 additions & 15 deletions app/Http/Controllers/ControlController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -724,8 +724,11 @@ public function doPlan(Request $request)

public function make(Request $request)
{
// Not for aditor
abort_if(Auth::User()->role === 3, Response::HTTP_FORBIDDEN, '403 Forbidden');
// Not for auditor and API
abort_if(
(Auth::User()->role === 3)||
(Auth::User()->role === 4),
Response::HTTP_FORBIDDEN, '403 Forbidden');

$id = (int) request('id');

Expand All @@ -734,8 +737,8 @@ public function make(Request $request)
(
(Auth::User()->role === 5)&&
!DB::table('control_user')
->where('user_id',$id)
->where('control_id',Auth::User()->id)
->where('user_id', Auth::User()->id)
->where('control_id', $id)
->exists()
), Response::HTTP_FORBIDDEN, '403 Forbidden');

Expand Down Expand Up @@ -784,8 +787,7 @@ public function doMake()
{
// Not API and auditee
abort_if(
(Auth::User()->role === 4)||
(Auth::User()->role === 5),
(Auth::User()->role === 4),
Response::HTTP_FORBIDDEN, '403 Forbidden');

$id = (int) request('id');
Expand All @@ -795,8 +797,8 @@ public function doMake()
(
(Auth::User()->role === 5)&&
!DB::table('control_user')
->where('user_id',$id)
->where('control_id',Auth::User()->id)
->where('user_id',Auth::User()->id)
->where('control_id',$id)
->exists()
), Response::HTTP_FORBIDDEN, '403 Forbidden');

Expand All @@ -822,13 +824,13 @@ public function doMake()
$control->observations = request('observations');
$control->note = request('note');
$control->score = request('score');
// only admin and user can update the plan_date, realisation_date and action_plan
$control->realisation_date = request('realisation_date');
// only admin and user can update the plan_date and action_plan
if (
(Auth::User()->role === 1)||
(Auth::User()->role === 2)
) {
$control->plan_date = request('plan_date');
$control->realisation_date = request('realisation_date');
$control->action_plan = request('action_plan');
}
else {
Expand Down Expand Up @@ -914,27 +916,42 @@ public function save(Request $request)
*/
public function draft(Request $request)
{
// Not API and auditee
// Not for API and Auditor
abort_if(
(Auth::User()->role === 4)||
(Auth::User()->role === 5),
(Auth::User()->role === 3)||
(Auth::User()->role === 4),
Response::HTTP_FORBIDDEN, '403 Forbidden');

$id = (int) $request->get('id');

// for aditee only if he is assigned to that control
abort_if(
(
(Auth::User()->role === 5)&&
!DB::table('control_user')
->where('user_id', Auth::User()->id)
->where('control_id', $id)
->exists()
), Response::HTTP_FORBIDDEN, '403 Forbidden');

// Get the control
$control = Control::find($id);

// Control not found
abort_if($control === null, Response::HTTP_NOT_FOUND, '404 Not Found');

$control->observations = request('observations');
$control->note = request('note');
$control->score = request('score');

// only admin and user can update the plan_date, realisation_date and action_plan
// only admin and user can update the plan_date and action_plan
if (
(Auth::User()->role === 1)||
(Auth::User()->role === 2)
) {
$control->plan_date = request('plan_date');
$control->action_plan = request('action_plan');
// do not save the realisation date as it is in draft
}
$control->save();

Expand All @@ -952,13 +969,20 @@ public function export()
public function template()
{
// For administrators and users only
abort_if((Auth::User()->role !== 1) && (Auth::User()->rol !== 2), Response::HTTP_FORBIDDEN, '403 Forbidden');
abort_if(
(Auth::User()->role !== 1) &&
(Auth::User()->rol !== 2) &&
(Auth::User()->role !== 5),
Response::HTTP_FORBIDDEN, '403 Forbidden');

$id = (int) request('id');

// find associate measurement
$control = Control::find($id);

// Control not found
abort_if($control === null, Response::HTTP_NOT_FOUND, '404 Not Found');

// Get template file
$template_filename = storage_path('app/models/control_.docx');
if (! file_exists($template_filename)) {
Expand Down
93 changes: 77 additions & 16 deletions app/Http/Controllers/DocumentController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,15 @@

use App\Models\Document;
use Illuminate\Http\Request;
use Illuminate\Http\Response;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\DB;

class DocumentController extends Controller
{
public function getTemplate(Request $request)
{
// nothing to do
// Get document teample id
$id = (int) $request->get('id');

if ($id === 1) {
Expand All @@ -35,6 +38,11 @@ public function getTemplate(Request $request)

public function saveTemplate(Request $request)
{
// Only for administrator
abort_if(
(Auth::User()->role !== 1),
Response::HTTP_FORBIDDEN, '403 Forbidden');

$message = null;

if ($request->has('template1')) {
Expand All @@ -60,7 +68,25 @@ public function saveTemplate(Request $request)

public function get(int $id)
{
// Not for API
abort_if(
(Auth::User()->role === 4),
Response::HTTP_FORBIDDEN, '403 Forbidden');

$document = Document::Find($id);

// Document not found
abort_if($document === null, Response::HTTP_NOT_FOUND, '404 Not Found');

// Auditee may get documents from assigned controls only
abort_if(
(Auth::User()->role === 5) &&
!DB::table('control_user')
->where('user_id',Auth::User()->id)
->where('control_id',$document->control_id)
->exists(),
Response::HTTP_FORBIDDEN, '403 Forbidden');

$path = storage_path('docs/' . $id);
$file_contents = file_get_contents($path);

Expand All @@ -75,29 +101,40 @@ public function get(int $id)

public function store(Request $request)
{
//Log::Alert("store called");
// Not for API and Auditor
abort_if(
(Auth::User()->role === 3)||
(Auth::User()->role === 4),
Response::HTTP_FORBIDDEN, '403 Forbidden');

// Get file
$file = $request->file('file');

// Get Control
$control_id = $request->get('control');

// Log::Alert($control_id);
// Auditee may save document to assigned control only
abort_if(
(Auth::User()->role === 5) &&
!DB::table('control_user')
->where('user_id', Auth::User()->id)
->where('control_id', $control_id)
->exists(),
Response::HTTP_FORBIDDEN, '403 Forbidden');

// Save document
$doc = new Document();
$doc->control_id = $control_id;
$doc->filename = $file->getClientOriginalName();
// Log::Alert("store filenale ".$file->getClientOriginalName());
$doc->mimetype = $file->getClientMimeType();
// Log::Alert("store mimetype ".$file->getClientMimeType());
$doc->size = $file->getSize();
// Log::Alert("store size ".$file->getSize());
// Log::Alert("store path ".$file->path());
$doc->hash = hash_file('sha256', $file->path());
$doc->save();

// Log::Alert("store Doc saved");

// Move file to storage folder
$file->move(storage_path('docs'), $doc->id);

// Log::Alert("store Done.");

// response
return response()->json(
['success' => $doc->filename,
'id' => $doc->id,
Expand All @@ -107,28 +144,47 @@ public function store(Request $request)

public function delete(int $id)
{
// Log::Alert("delete called");
// Not for API and Auditor
abort_if(
(Auth::User()->role === 3)||
(Auth::User()->role === 4),
Response::HTTP_FORBIDDEN, '403 Forbidden');

// Find the document
$document = Document::Find($id);

if ($document === null) {
return redirect('image/list')
return response()
->with('errorMessage', 'File not found !');
}

// Auditee may delete documents from assigned controls only
// and check if control has not been made ???
abort_if(
(Auth::User()->role === 5) &&
!DB::table('control_user')
->where('user_id', Auth::User()->id)
->where('control_id', $document->control_id)
->exists(),
Response::HTTP_FORBIDDEN, '403 Forbidden');

$path = storage_path('docs/'.$document->id);
// Log::Alert($path);

// Log::Alert("delete file ".$path);
if (file_exists($path)) {
unlink($path);
}
$document->delete();

// Log::Alert("delete done");
return null;
}

public function index()
{
// Only for administrator
abort_if(
(Auth::User()->role !== 1),
Response::HTTP_FORBIDDEN, '403 Forbidden');

$count = Document::count();
$sum = Document::sum('size');

Expand All @@ -139,6 +195,11 @@ public function index()

public function check()
{
// Only for administrator
abort_if(
(Auth::User()->role !== 1),
Response::HTTP_FORBIDDEN, '403 Forbidden');

$documents = Document::with('control')->get();

return view('/documents/check')
Expand Down
Loading

0 comments on commit 3183b2d

Please sign in to comment.