From a6497ac3c28fffd3147c6df6264c58b3d945386a Mon Sep 17 00:00:00 2001
From: changeweb <kishorpasha870@yahoo.com>
Date: Wed, 11 Aug 2021 15:03:24 +0600
Subject: [PATCH] Patch csrf issue for admin activate/deactivation

---
 app/Http/Controllers/UserController.php     | 12 ++++++------
 resources/views/school/admin-list.blade.php | 16 ++++++++++++++--
 routes/web.php                              |  4 ++--
 3 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
index 0f19ce268..ea67757fc 100755
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@@ -373,12 +373,12 @@ public function update(UpdateUserRequest $request)
 
     /**
      * Activate admin
-     * @param $id
+     * @param Request $request
      * @return \Illuminate\Http\RedirectResponse
      */
-    public function activateAdmin($id)
+    public function activateAdmin(Request $request)
     {
-        $admin = $this->user->find($id);
+        $admin = $this->user->find($request->id);
 
         if ($admin->active !== 0) {
             $admin->active = 0;
@@ -393,12 +393,12 @@ public function activateAdmin($id)
 
     /**
      * Deactivate admin
-     * @param $id
+     * @param Request $request
      * @return \Illuminate\Http\RedirectResponse
      */
-    public function deactivateAdmin($id)
+    public function deactivateAdmin(Request $request)
     {
-       $admin = $this->user->find($id);
+       $admin = $this->user->find($request->id);
 
         if ($admin->active !== 1) {
             $admin->active = 1;
diff --git a/resources/views/school/admin-list.blade.php b/resources/views/school/admin-list.blade.php
index 323fe2a3b..309b12b7e 100755
--- a/resources/views/school/admin-list.blade.php
+++ b/resources/views/school/admin-list.blade.php
@@ -37,15 +37,27 @@
                         <tr>
                             <td>
                                 @if($admin->active == 0)
-                                <a href="{{url('master/activate-admin/'.$admin->id)}}" class="btn btn-xs btn-success"
+                                    <a href="{{ route('master.activate.admin') }}" onclick="event.preventDefault();
+                                        document.getElementById('activate-admin-'+{{$admin->id}}).submit();" class="btn btn-xs btn-success"
                                     role="button"><i class="material-icons">
                                         done
                                     </i>@lang('Activate')</a>
+
+                                    <form id="activate-admin-{{$admin->id}}" action="{{ route('master.activate.admin') }}" method="POST" style="display: none;">
+                                        {{ csrf_field() }}
+                                        <input type="hidden" name="id" value="{{$admin->id}}">
+                                    </form>
                                 @else
-                                <a href="{{url('master/deactivate-admin/'.$admin->id)}}" class="btn btn-xs btn-danger"
+                                    <a href="{{ route('master.deactivate.admin') }}" onclick="event.preventDefault();
+                                        document.getElementById('deactivate-admin-'+{{$admin->id}}).submit();" class="btn btn-xs btn-danger"
                                     role="button"><i class="material-icons">
                                         clear
                                     </i>@lang('Deactivate')</a>
+
+                                    <form id="deactivate-admin-{{$admin->id}}" action="{{ route('master.deactivate.admin') }}" method="POST" style="display: none;">
+                                        {{ csrf_field() }}
+                                        <input type="hidden" name="id" value="{{$admin->id}}">
+                                    </form>
                                 @endif
                             </td>
                             <td>
diff --git a/routes/web.php b/routes/web.php
index adef4559c..f88065fee 100755
--- a/routes/web.php
+++ b/routes/web.php
@@ -173,8 +173,8 @@
         return redirect()->route('register');
     });
     Route::post('register/admin', 'UserController@storeAdmin');
-    Route::get('master/activate-admin/{id}', 'UserController@activateAdmin');
-    Route::get('master/deactivate-admin/{id}', 'UserController@deactivateAdmin');
+    Route::post('master/activate-admin', 'UserController@activateAdmin')->name('master.activate.admin');
+    Route::post('master/deactivate-admin', 'UserController@deactivateAdmin')->name('master.deactivate.admin');
     Route::get('school/admin-list/{school_id}', 'SchoolController@show');
 });