Skip to content

Commit

Permalink
Patch csrf issue for admin activate/deactivation
Browse files Browse the repository at this point in the history
  • Loading branch information
@changeweb
changeweb committed Aug 11, 2021
1 parent d2f5786 commit a6497ac
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 10 deletions.
12 changes: 6 additions & 6 deletions app/Http/Controllers/UserController.php
View file
Expand Up @@ -373,12 +373,12 @@ public function update(UpdateUserRequest $request)

/**
* Activate admin
* @param $id
* @param Request $request
* @return \Illuminate\Http\RedirectResponse
*/
public function activateAdmin($id)
public function activateAdmin(Request $request)
{
$admin = $this->user->find($id);
$admin = $this->user->find($request->id);

if ($admin->active !== 0) {
$admin->active = 0;
Expand All @@ -393,12 +393,12 @@ public function activateAdmin($id)

/**
* Deactivate admin
* @param $id
* @param Request $request
* @return \Illuminate\Http\RedirectResponse
*/
public function deactivateAdmin($id)
public function deactivateAdmin(Request $request)
{
$admin = $this->user->find($id);
$admin = $this->user->find($request->id);

if ($admin->active !== 1) {
$admin->active = 1;
Expand Down
16 changes: 14 additions & 2 deletions resources/views/school/admin-list.blade.php
View file
Expand Up @@ -37,15 +37,27 @@
<tr>
<td>
@if($admin->active == 0)
<a href="{{url('master/activate-admin/'.$admin->id)}}" class="btn btn-xs btn-success"
<a href="{{ route('master.activate.admin') }}" onclick="event.preventDefault();
document.getElementById('activate-admin-'+{{$admin->id}}).submit();" class="btn btn-xs btn-success"
role="button"><i class="material-icons">
done
</i>@lang('Activate')</a>

<form id="activate-admin-{{$admin->id}}" action="{{ route('master.activate.admin') }}" method="POST" style="display: none;">
{{ csrf_field() }}
<input type="hidden" name="id" value="{{$admin->id}}">
</form>
@else
<a href="{{url('master/deactivate-admin/'.$admin->id)}}" class="btn btn-xs btn-danger"
<a href="{{ route('master.deactivate.admin') }}" onclick="event.preventDefault();
document.getElementById('deactivate-admin-'+{{$admin->id}}).submit();" class="btn btn-xs btn-danger"
role="button"><i class="material-icons">
clear
</i>@lang('Deactivate')</a>

<form id="deactivate-admin-{{$admin->id}}" action="{{ route('master.deactivate.admin') }}" method="POST" style="display: none;">
{{ csrf_field() }}
<input type="hidden" name="id" value="{{$admin->id}}">
</form>
@endif
</td>
<td>
Expand Down
4 changes: 2 additions & 2 deletions routes/web.php
View file
Expand Up @@ -173,8 +173,8 @@
return redirect()->route('register');
});
Route::post('register/admin', 'UserController@storeAdmin');
Route::get('master/activate-admin/{id}', 'UserController@activateAdmin');
Route::get('master/deactivate-admin/{id}', 'UserController@deactivateAdmin');
Route::post('master/activate-admin', 'UserController@activateAdmin')->name('master.activate.admin');
Route::post('master/deactivate-admin', 'UserController@deactivateAdmin')->name('master.deactivate.admin');
Route::get('school/admin-list/{school_id}', 'SchoolController@show');
});

Expand Down

0 comments on commit a6497ac

Please sign in to comment.