Attendize · etiennemarais · Apr 28, 2019 · Dec 28, 2019 · Apr 14, 2020 · Apr 21, 2020
diff --git a/app/Http/Controllers/IndexController.php b/app/Http/Controllers/IndexController.php
@@ -3,6 +3,7 @@
 namespace App\Http\Controllers;
 
 use Illuminate\Http\Request;
+use Auth;
 
 class IndexController extends Controller
 {
@@ -13,6 +14,47 @@ class IndexController extends Controller
      */
     public function showIndex(Request $request)
     {
-        return redirect()->route('showSelectOrganiser');
+        /** @var $user App\Models\User */
+        $user = Auth::user();
+
+        // super admin users will get shown the organiser selection page
+        if ($user->can('manage organisers')) {
+            return redirect()->route('showSelectOrganiser');
+        }
+
+        $isCheckinUser = $user->hasRole('attendee check in');
+
+        // Normal users will get shown their dashboard
+        $organiser = $user->organiser;
+        $allowed_sorts = ['created_at', 'start_date', 'end_date', 'title'];
+
+        $searchQuery = $request->get('q');
+        $sort_by = (in_array($request->get('sort_by'), $allowed_sorts) ? $request->get('sort_by') : 'start_date');
+
+        // If user can manage events, then they can see all events, otherwise just their own
+        $events = $organiser->events()
+            ->where('organiser_id', $organiser->id)
+            ->orderBy($sort_by, 'desc');
+
+        // We only want to filter for normal users here. Check in users get a limited event UI
+        if (!$user->can('manage events') && !$isCheckinUser) {
+            $events->where('user_id', $user->id);
+        }
+
+        if ($searchQuery) {
+            $events->where('title', 'like', '%' . $searchQuery . '%');
+        }
+
+        $data = [
+            'events' => $events->paginate(12),
+            'organiser' => $organiser,
+            'search' => [
+                'q' => $searchQuery ? $searchQuery : '',
+                'sort_by' => $request->get('sort_by') ? $request->get('sort_by') : '',
+                'showPast' => $request->get('past'),
+            ],
+        ];
+
+        return view('ManageOrganiser.Events', $data);
     }
 }
diff --git a/app/Http/Controllers/ManageAccountController.php b/app/Http/Controllers/ManageAccountController.php
@@ -9,9 +9,7 @@
 use App\Models\PaymentGateway;
 use App\Models\Timezone;
 use App\Models\User;
-use Exception;
 use GuzzleHttp\Client;
-use Illuminate\Mail\Message;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
@@ -20,8 +18,11 @@
 use Illuminate\Support\Facades\Validator;
 use Illuminate\Support\Str;
 use Services\PaymentGateway\Dummy;
+use Spatie\Permission\Models\Role;
+use Spatie\Permission\Models\Permission;
 use Services\PaymentGateway\Stripe;
 use Services\PaymentGateway\StripeSCA;
+use Spatie\Permission\Exceptions\RoleDoesNotExist;
 use Utils;
 use Illuminate\Support\Facades\Lang;
 
@@ -43,6 +44,8 @@ public function showEditAccount(Request $request)
             'default_payment_gateway_id' => PaymentGateway::getDefaultPaymentGatewayId(),
             'account_payment_gateways'   => AccountPaymentGateway::scope()->get(),
             'version_info'               => $this->getVersionInfo(),
+            // Only super admin users gets to manage users so this call is safe
+            'roles'                      => Role::all(),
         ];
 
         return view('ManageAccount.Modals.EditAccount', $data);
@@ -167,13 +170,17 @@ public function postEditAccountPayment(Request $request)
     public function postInviteUser(Request $request)
     {
         $rules = [
+            'organiser' => ['required'],
+            'role' => ['required'],
             'email' => ['required', 'email', 'unique:users,email,NULL,id,account_id,' . Auth::user()->account_id],
         ];
 
         $messages = [
             'email.email'    => trans('Controllers.error.email.email'),
             'email.required' => trans('Controllers.error.email.required'),
             'email.unique'   => trans('Controllers.error.email.unique'),
+            'organiser.required' => trans('Controllers.error.organiser.required'),
+            'role.required' => trans('Controllers.error.role.required'),
         ];
 
         $validation = Validator::make($request->all(), $rules, $messages);
@@ -185,33 +192,228 @@ public function postInviteUser(Request $request)
             ]);
         }
 
-        $temp_password = Str::random(8);
-
         $user = new User();
 
+        $user->first_name = $request->input('first_name');
+        $user->last_name = $request->input('last_name');
         $user->email = $request->input('email');
-        $user->password = Hash::make($temp_password);
         $user->account_id = Auth::user()->account_id;
+        $user->organiser_id = $request->input('organiser');
+
+        $temp_password = Str::random(8);
+        $user->password = Hash::make($temp_password);
+
+        $user->save();
+
+        // Assigning role to user from selection. If for some reason the role errors out, we assign the default role.
+        try {
+            $assignedRole = Role::findById($request->input('role'));
+        } catch (RoleDoesNotExist $e) {
+            $assignedRole = Role::findByName('user');
+        }
+
+        $user->assignRole($assignedRole);
+        $user->givePermissionTo($user->getAllPermissions());
+
+        $this->sentInvitationEmailTo($user, $temp_password);
+
+        return response()->json([
+            'status'  => 'success',
+            'message' => trans('Controllers.success_name_has_received_instruction', ['name' => $user->email]),
+        ]);
+    }
+
+    /**
+     * Update the user role
+     *
+     * @return JsonResponse
+     */
+    public function postUpdateUserRole(Request $request)
+    {
+        $rules = [
+            'assigned_role' => ['required'],
+            'user_id' => ['required'],
+        ];
+
+        $messages = [
+            'user_id.required' => trans('Controllers.error.role.required'),
+            'assigned_role.required' => trans('Controllers.error.role.required'),
+        ];
+
+        $validation = Validator::make($request->all(), $rules, $messages);
+
+        if ($validation->fails()) {
+            return response()->json([
+                'status'   => 'error',
+                'messages' => $validation->messages()->toArray(),
+            ]);
+        }
+
+        /** @var \App\Models\User $user */
+        $user = User::find($request->input('user_id'));
+        $assignedRole = Role::findById($request->input('assigned_role'));
+        $user->syncRoles($assignedRole);
+        $user->syncPermissions($assignedRole->permissions()->get());
+
+        return response()->json([
+            'status'  => 'success',
+            'message' => trans('Controllers.success_user_updated_role', ['name' => $user->email]),
+        ]);
+    }
+
+    /**
+     * Toggle the user can manage events
+     *
+     * @return JsonResponse
+     */
+    public function postToggleUserCanManageEvents(Request $request)
+    {
+        $rules = [
+            'user_id' => ['required'],
+        ];
+
+        $messages = [
+            'user_id.required' => trans('Controllers.error.role.required'),
+        ];
+
+        $validation = Validator::make($request->all(), $rules, $messages);
+
+        if ($validation->fails()) {
+            return response()->json([
+                'status'   => 'error',
+                'messages' => $validation->messages()->toArray(),
+            ]);
+        }
 
+        /** @var \App\Models\User $user */
+        $user = User::find($request->input('user_id'));
+
+        // Toggle between the extended manage events permission
+        $isChecked = $request->boolean('checked');
+        $manageEvents = Permission::findByName('manage events', 'web');
+
+        if ($isChecked && !$user->can('manage events')) {
+            $user->givePermissionTo($manageEvents);
+            $message = trans('Controllers.success_user_can_manage_events', ['name' => $user->email]);
+        } elseif (!$isChecked) {
+            $user->revokePermissionTo($manageEvents);
+            $message = trans('Controllers.success_user_cannot_manage_events', ['name' => $user->email]);
+        }
+
+        return response()->json([
+            'status'  => 'success',
+            'message' => $message,
+        ]);
+    }
+
+    /**
+     * Delete user
+     *
+     * @param Request $request
+     * @param integer $userId
+     *
+     * @return JsonResponse
+     */
+    public function userDelete(Request $request, $userId)
+    {
+        /** @var \App\Models\User|null $user */
+        $user = User::withTrashed()->find($userId);
+        if (!$user) {
+            return response()->json([
+                'status'  => 'error',
+                'message' => trans('Controllers.error_user_was_not_found'),
+            ], 404);
+        }
+
+        if ($request->get('force', false)) {
+            $user->forceDelete();
+        } else {
+            $user->delete();
+        }
+
+        $message = trans('Controllers.success_user_was_deleted', ['name' => $user->email]);
+        return response()->json([
+            'status'  => 'success',
+            'message' => $message,
+        ]);
+    }
+
+    /**
+     * Restore deleted user
+     *
+     * @param Request $request
+     * @param integer $userId
+     *
+     * @return JsonResponse
+     */
+    public function userRestore(Request $request, $userId)
+    {
+        /** @var \App\Models\User|null $user */
+        $user = User::withTrashed()->find($userId);
+        if (!$user) {
+            return response()->json([
+                'status'  => 'error',
+                'message' => trans('Controllers.error_user_was_not_found'),
+            ], 404);
+        }
+
+        $user->restore();
+
+        $message = trans('Controllers.success_user_was_restored', ['name' => $user->email]);
+        return response()->json([
+            'status'  => 'success',
+            'message' => $message,
+        ]);
+    }
+
+    /**
+     * @param Request $request
+     * @param integer $userId
+     *
+     * @return JsonResponse
+     */
+    public function sendInvitationMessage(Request $request, $userId) {
+        /** @var \App\Models\User|null $user */
+        $user = User::find($userId);
+        if (!$user) {
+            return response()->json([
+                'status'  => 'error',
+                'message' => trans('Controllers.error_user_was_not_found'),
+            ], 404);
+        }
+
+        $temp_password = Str::random(8);
+        $user->password = Hash::make($temp_password);
         $user->save();
 
+        $this->sentInvitationEmailTo($user, $temp_password);
+
+        return response()->json([
+            'status'  => 'success',
+            'message' => trans('Controllers.success_name_has_received_instruction', ['name' => $user->email]),
+        ]);
+    }
+
+    /**
+     * Send an invitation email
+     *
+     * @param User $user
+     * @param string $password
+     */
+    protected function sentInvitationEmailTo(User $user, string $password)
+    {
         $data = [
             'user'          => $user,
-            'temp_password' => $temp_password,
+            'temp_password' => $password,
             'inviter'       => Auth::user(),
         ];
 
-        Mail::send(Lang::locale().'.Emails.inviteUser', $data, static function (Message $message) use ($data) {
+        Mail::send('Emails.inviteUser', $data, static function ($message) use ($data) {
             $message->to($data['user']->email)
                 ->subject(trans('Email.invite_user', [
                     'name' => $data['inviter']->first_name . ' ' . $data['inviter']->last_name,
                     'app'  => config('attendize.app_name')
                 ]));
         });
-
-        return response()->json([
-            'status'  => 'success',
-            'message' => trans('Controllers.success_name_has_received_instruction', ['name' => $user->email]),
-        ]);
     }
 }
diff --git a/app/Http/Controllers/OrganiserController.php b/app/Http/Controllers/OrganiserController.php
@@ -5,7 +5,7 @@
 use App\Models\Organiser;
 use Illuminate\Http\Request;
 use Illuminate\Support\Str;
-use Image;
+use App\Models\User;
 
 class OrganiserController extends MyBaseController
 {
@@ -71,6 +71,12 @@ public function postCreateOrganiser(Request $request)
 
         $organiser->save();
 
+        // After the organiser gets added as the first run, we should also update the super user to
+        // belong to that organiser
+        if ($request->get('first_run') === 'yup') {
+            User::first()->update(['organiser_id' => $organiser->id]);
+        }
+
         session()->flash('message', trans("Controllers.successfully_created_organiser"));
 
         return response()->json([

diff --git a/app/Http/Controllers/UserSignupController.php b/app/Http/Controllers/UserSignupController.php
@@ -81,6 +81,11 @@ public function postSignup(Request $request)
         $user_data['is_registered'] = 1;
         $user = User::create($user_data);
 
+        // We need to assign the first ever user as super admin to be able to add the first organiser
+        if ($request->get('first_run') === 'yup') {
+            $user->assignRole('super admin');
+        }
+
         $payment_gateway_data = [
             'payment_gateway_id' => PaymentGateway::getDefaultPaymentGatewayId(),
             'account_id' => $account->id,

diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
@@ -69,6 +69,7 @@ class Kernel extends HttpKernel
         /**** ATTENDIZE MIDDLEWARE ****/
         'first.run'  => \App\Http\Middleware\FirstRunMiddleware::class,
         'installed'  => \App\Http\Middleware\CheckInstalled::class,
+        'manage.organisers'  => \App\Http\Middleware\CanManageOrganisers::class,
 
         /**** OTHER MIDDLEWARE ****/
         'localize' => \Mcamara\LaravelLocalization\Middleware\LaravelLocalizationRoutes::class,