Skip to content

Commit

Permalink
Use Laravel auth to check for features (#2613)
Browse files Browse the repository at this point in the history 
* use authorization system to check for features

* revery policy change

* fix mistake & test

* fix logout with login disabled

* fix mistake
  • Loading branch information
@emmachughes
emmachughes authored Nov 14, 2023
1 parent 3f6dcf6 commit de320f8
Show file tree
Hide file tree
Showing 10 changed files with 111 additions and 126 deletions.
3 changes: 0 additions & 3 deletions sourcecode/hub/app/Http/Kernel.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,13 +39,11 @@ class Kernel extends HttpKernel
\App\Http\Middleware\LtiShareWithView::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
\App\Http\Middleware\ShareFeaturesWithView::class,
\App\Http\Middleware\ContentSecurityPolicy::class,
],

'stateless' => [
\Illuminate\Routing\Middleware\SubstituteBindings::class,
\App\Http\Middleware\ShareFeaturesWithView::class,
\App\Http\Middleware\ContentSecurityPolicy::class,
],

Expand All @@ -68,7 +66,6 @@ class Kernel extends HttpKernel
'auth.session' => \Illuminate\Session\Middleware\AuthenticateSession::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'feature' => \App\Http\Middleware\ToggleFeature::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'lti.launch-type' => \App\Http\Middleware\LtiLaunchType::class,
'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
Expand Down
30 changes: 0 additions & 30 deletions sourcecode/hub/app/Http/Middleware/ShareFeaturesWithView.php
View file

This file was deleted.

29 changes: 0 additions & 29 deletions sourcecode/hub/app/Http/Middleware/ToggleFeature.php
View file

This file was deleted.

28 changes: 28 additions & 0 deletions sourcecode/hub/app/Providers/AuthServiceProvider.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

namespace App\Providers;

use App\Configuration\Features;
use App\Models\Content;
use App\Models\LtiTool;
use App\Models\User;
Expand All @@ -12,6 +13,8 @@
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Illuminate\Support\Facades\Gate;

use function request;

class AuthServiceProvider extends ServiceProvider
{
/**
Expand All @@ -32,5 +35,30 @@ public function boot(): void
Gate::define('admin', function (User $user) {
return $user->admin ?? false;
});

Gate::define('login', function (User|null $user) {
$request = request();

return !$request->hasPreviousSession() || !$request->session()->has('lti');
});

Gate::define('register', function (User|null $user) {
$features = app()->make(Features::class);

if (!$features->isSignupEnabled()) {
return false;
}

$request = request();

return !$request->hasPreviousSession() ||
!$request->session()->has('lti');
});

Gate::define('reset-password', function (User|null $user) {
$features = app()->make(Features::class);

return $features->isForgotPasswordEnabled();
});
}
}
71 changes: 39 additions & 32 deletions sourcecode/hub/resources/views/components/content-card.blade.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,41 +62,48 @@ class="btn btn-secondary btn-sm d-none d-md-inline-block me-1"
{{ trans('messages.edit-content') }}
</a>
@endcan
<div class="dropup">
<button
type="button"
class="btn dropdown-toggle"
data-bs-toggle="dropdown"
aria-expanded="false"
aria-label="{{ trans('messages.toggle-menu') }}"
>
<x-icon name="three-dots-vertical" />
</button>
<ul class="dropdown-menu dropdown-menu-end">
<li>
<a href="{{ route('content.preview', [$content->id]) }}" class="dropdown-item" data-bs-toggle="modal" data-bs-target="#previewModal">
<x-icon name="info-lg" class="me-2" />
{{ trans('messages.preview') }}
</a>
</li>
<li class="d-md-none">
<a href="{{ route('content.edit', [$content->id]) }}" class="dropdown-item">
<x-icon name="pencil" class="me-2" />
{{ trans('messages.edit-content') }}
</a>
</li>
<li>
<a href="#" class="btn btn-primary dropdown-item" data-bs-toggle="modal" data-bs-target="#deletionModal">
<x-icon name="x-lg" class="me-2 text-danger" />
{{ trans('messages.delete-content') }}
</a>
</li>
</ul>
</div>
@canany(['view', 'edit', 'delete'], $content)
<div class="dropup">
<button
type="button"
class="btn dropdown-toggle"
data-bs-toggle="dropdown"
aria-expanded="false"
aria-label="{{ trans('messages.toggle-menu') }}"
>
<x-icon name="three-dots-vertical" />
</button>
<ul class="dropdown-menu dropdown-menu-end">
@can('view', $content)
<li>
<a href="{{ route('content.preview', [$content->id]) }}" class="dropdown-item" data-bs-toggle="modal" data-bs-target="#previewModal">
<x-icon name="info-lg" class="me-2" />
{{ trans('messages.preview') }}
</a>
</li>
@endcan
@can('edit', $content)
<li class="d-md-none">
<a href="{{ route('content.edit', [$content->id]) }}" class="dropdown-item">
<x-icon name="pencil" class="me-2" />
{{ trans('messages.edit-content') }}
</a>
</li>
@endcan
@can('delete', $content)
<li>
<a href="#" class="btn btn-primary dropdown-item" data-bs-toggle="modal" data-bs-target="#deletionModal">
<x-icon name="x-lg" class="me-2 text-danger" />
{{ trans('messages.delete-content') }}
</a>
</li>
@endcan
</ul>
</div>
@endcan
<div class="badge position-absolute end-0 d-md-none content-card-preview-badge">
<x-icon name="eye"/>
<div title="{{ trans('messages.views') }}">{{ $views }}</div>
</div>
</div>
</article>

22 changes: 12 additions & 10 deletions sourcecode/hub/resources/views/components/navbar/navbar-bottom.blade.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,16 +90,18 @@ class="dropdown-item"
</ul>
</li>
@else
<li class="nav-item">
<a
href="{{ route('login') }}"
class="nav-link @if(request()->routeIs('login')) active @endif"
>
{{ trans('messages.log-in') }}
</a>
</li>
@can('login')
<li class="nav-item">
<a
href="{{ route('login') }}"
class="nav-link @if(request()->routeIs('login')) active @endif"
>
{{ trans('messages.log-in') }}
</a>
</li>
@endcan

@if ($features->isSignupEnabled())
@can('register')
<li class="nav-item">
<a
href="{{ route('register') }}"
Expand All @@ -108,7 +110,7 @@ class="nav-link @if(request()->routeIs('register')) active @endif"
{{ trans('messages.sign-up') }}
</a>
</li>
@endif
@endcan
@endauth
</ul>
</div>
Expand Down
22 changes: 12 additions & 10 deletions sourcecode/hub/resources/views/components/navbar/navbar-top.blade.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,16 +99,18 @@ class="dropdown-item"
</ul>
</li>
@else
<li class="nav-item">
<a
href="{{ route('login') }}"
class="nav-link @if(request()->routeIs('login')) active @endif"
>
{{ trans('messages.log-in') }}
</a>
</li>
@can('login')
<li class="nav-item">
<a
href="{{ route('login') }}"
class="nav-link @if(request()->routeIs('login')) active @endif"
>
{{ trans('messages.log-in') }}
</a>
</li>
@endcan

@if ($features->isSignupEnabled())
@can('register')
<li class="nav-item">
<a
href="{{ route('register') }}"
Expand All @@ -117,7 +119,7 @@ class="nav-link @if(request()->routeIs('register')) active @endif"
{{ trans('messages.sign-up') }}
</a>
</li>
@endif
@endcan
@endauth
</ul>
</div>
Expand Down
4 changes: 2 additions & 2 deletions sourcecode/hub/resources/views/login/index.blade.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,11 @@
{{ trans('messages.log-in') }}
</x-form.button>

@if ($features->isForgotPasswordEnabled())
@can('reset-password')
<a href="{{ route('forgot-password') }}" class="btn btn-secondary">
{{ trans('messages.forgot-password') }}
</a>
@endif
@endcan
</div>
</x-form>

Expand Down
20 changes: 14 additions & 6 deletions sourcecode/hub/routes/web.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,12 +31,20 @@
return view('welcome');
})->name('home');

Route::controller(LoginController::class)->group(function () {
Route::get('/login', 'login')->name('login');
Route::post('/login', 'check')->name('login_check');
Route::post('/log-out', 'logout')->name('log_out');
Route::middleware('can:login')->group(function () {
Route::get('/login')
->uses([LoginController::class, 'login'])
->name('login');

Route::post('/login')
->uses([LoginController::class, 'check'])
->name('login_check');
});

Route::post('/log-out')
->uses([LoginController::class, 'logout'])
->name('log_out');

Route::controller(ContentController::class)->group(function () {
Route::get('/content', 'index')->name('content.index');

Expand Down Expand Up @@ -103,12 +111,12 @@
});

Route::controller(UserController::class)->group(function () {
Route::middleware('feature:sign-up')->group(function () {
Route::middleware('can:register')->group(function () {
Route::get('/register', 'register')->name('register');
Route::post('/register', 'store');
});

Route::middleware('feature:forgot-password')->group(function () {
Route::middleware('can:reset-password')->group(function () {
Route::get('/forgot-password', 'showForgotPasswordForm')->name('forgot-password');
Route::post('/forgot-password', 'sendResetLink')->name('forgot-password-send');

Expand Down
8 changes: 4 additions & 4 deletions sourcecode/hub/tests/Feature/UserTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,9 @@ public function testSignupsAreUsuallyEnabled(): void

public function testSignupCanBeDisabled(): void
{
config(['features.sign-up' => false]);
config()->set('features.sign-up', false);

$this->get('/register')->assertNotFound();
$this->get('/register')->assertForbidden();
}

public function testForgotPasswordIsUsuallyEnabled(): void
Expand All @@ -36,9 +36,9 @@ public function testForgotPasswordIsUsuallyEnabled(): void

public function testForgotPasswordCanBeDisabled(): void
{
config(['features.forgot-password' => false]);
config()->set('features.forgot-password', false);

$this->get('/forgot-password')->assertNotFound();
$this->get('/forgot-password')->assertForbidden();
}

public function testSerialisation(): void
Expand Down

0 comments on commit de320f8

Please sign in to comment.