#2, #20: Laid the groundwork for an admin area. Includes the addition of Laravel's authorization system.

This commit is contained in:
Peter Deltchev 2015-11-23 21:19:23 -08:00
parent 80838eab69
commit c4e31a6431
14 changed files with 283 additions and 4 deletions

View file

@ -0,0 +1,37 @@
<?php
/**
* Pony.fm - A community for pony fan music.
* Copyright (C) 2015 Peter Deltchev
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
namespace Poniverse\Ponyfm\Http\Controllers;
use Illuminate\Support\Facades\Redirect;
use View;
class AdminController extends Controller
{
public function getIndex()
{
return Redirect::to('AdminController@getGenres');
}
public function getGenres()
{
return View::make('shared.null');
}
}

View file

@ -20,11 +20,12 @@
namespace Poniverse\Ponyfm\Http\Controllers;
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
use Illuminate\Foundation\Bus\DispatchesJobs;
use Illuminate\Routing\Controller as BaseController;
use Illuminate\Foundation\Validation\ValidatesRequests;
abstract class Controller extends BaseController
{
use DispatchesJobs, ValidatesRequests;
use DispatchesJobs, ValidatesRequests, AuthorizesRequests;
}

View file

@ -47,6 +47,7 @@ class Kernel extends HttpKernel
protected $routeMiddleware = [
'auth' => \Poniverse\Ponyfm\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'can' => \Poniverse\Ponyfm\Http\Middleware\Authorize::class,
'guest' => \Poniverse\Ponyfm\Http\Middleware\RedirectIfAuthenticated::class,
'csrf' => \Poniverse\Ponyfm\Http\Middleware\VerifyCsrfHeader::class,
];

View file

@ -0,0 +1,62 @@
<?php
/**
* Pony.fm - A community for pony fan music.
* Copyright (C) 2015 Peter Deltchev
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
namespace Poniverse\Ponyfm\Http\Middleware;
use Closure;
use Gate;
use Illuminate\Contracts\Auth\Guard;
class Authorize
{
/**
* The Guard implementation.
*
* @var Guard
*/
protected $auth;
/**
* Create a new filter instance.
*
* @param Guard $auth
*/
public function __construct(Guard $auth)
{
$this->auth = $auth;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param string
* @return mixed
*/
public function handle($request, Closure $next, $ability)
{
if (Gate::denies($ability)) {
abort(403);
}
return $next($request);
}
}

View file

@ -166,6 +166,11 @@ Route::group(['prefix' => 'account'], function() {
});
});
Route::group(['prefix' => 'admin', 'middleware' => ['auth', 'can:access-admin-area']], function() {
Route::get('/genres', 'AdminController@getGenres');
Route::get('/', 'AdminController@getIndex');
});
Route::get('u{id}', 'ArtistsController@getShortlink')->where('id', '\d+');
Route::get('users/{id}-{slug}', 'ArtistsController@getShortlink')->where('id', '\d+');
Route::get('{slug}', 'ArtistsController@getProfile');

View file

@ -0,0 +1,34 @@
<?php
/**
* Pony.fm - A community for pony fan music.
* Copyright (C) 2015 Peter Deltchev
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
namespace Poniverse\Ponyfm\Policies;
class GenrePolicy
{
/**
* Create a new policy instance.
*
* @return void
*/
public function __construct()
{
// stub class
}
}

View file

@ -0,0 +1,54 @@
<?php
/**
* Pony.fm - A community for pony fan music.
* Copyright (C) 2015 Peter Deltchev
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
namespace Poniverse\Ponyfm\Providers;
use Illuminate\Contracts\Auth\Access\Gate as GateContract;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Poniverse\Ponyfm\Genre;
use Poniverse\Ponyfm\Policies\GenrePolicy;
use Poniverse\Ponyfm\User;
class AuthServiceProvider extends ServiceProvider
{
/**
* The policy mappings for the application.
*
* @var array
*/
protected $policies = [
Genre::class => GenrePolicy::class
];
/**
* Register any application authentication / authorization services.
*
* @param \Illuminate\Contracts\Auth\Access\Gate $gate
* @return void
*/
public function boot(GateContract $gate)
{
$gate->define('access-admin-area', function(User $user) {
return $user->hasRole('admin');
});
$this->registerPolicies($gate);
}
}

34
app/Role.php Normal file
View file

@ -0,0 +1,34 @@
<?php
/**
* Pony.fm - A community for pony fan music.
* Copyright (C) 2015 Peter Deltchev
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
namespace Poniverse\Ponyfm;
use Illuminate\Database\Eloquent\Model;
class Role extends Model
{
protected $table = 'roles';
public $timestamps = false;
public function users()
{
return $this->belongsToMany(User::class, 'role_user');
}
}

View file

@ -27,13 +27,14 @@ use Illuminate\Auth\Passwords\CanResetPassword;
use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordContract;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Foundation\Auth\Access\Authorizable;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\URL;
use Illuminate\Support\Str;
class User extends Model implements AuthenticatableContract, CanResetPasswordContract
class User extends Model implements AuthenticatableContract, CanResetPasswordContract, \Illuminate\Contracts\Auth\Access\Authorizable
{
use Authenticatable, CanResetPassword;
use Authenticatable, CanResetPassword, Authorizable;
protected $table = 'users';
protected $hidden1 = ['password_hash', 'password_salt', 'bio'];
@ -61,6 +62,11 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
return $this->hasMany('Poniverse\Ponyfm\ResourceUser', 'artist_id');
}
public function roles()
{
return $this->belongsToMany(Role::class, 'role_user');
}
public function comments()
{
return $this->hasMany('Poniverse\Ponyfm\Comment', 'profile_id')->orderBy('created_at', 'desc');
@ -167,4 +173,21 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
{
return "remember_token";
}
/**
* Returns true if this user has the given role.
*
* @param $roleName
* @return bool
*/
public function hasRole($roleName)
{
foreach ($this->roles as $role) {
if ($role->name === $roleName) {
return true;
}
}
return false;
}
}

View file

@ -143,6 +143,7 @@ return [
Poniverse\Ponyfm\Providers\AppServiceProvider::class,
Poniverse\Ponyfm\Providers\EventServiceProvider::class,
Poniverse\Ponyfm\Providers\RouteServiceProvider::class,
Poniverse\Ponyfm\Providers\AuthServiceProvider::class,
Intouch\LaravelNewrelic\NewrelicServiceProvider::class,
Barryvdh\LaravelIdeHelper\IdeHelperServiceProvider::class,
@ -175,6 +176,7 @@ return [
'Eloquent' => Illuminate\Database\Eloquent\Model::class,
'Event' => Illuminate\Support\Facades\Event::class,
// 'File' => Illuminate\Support\Facades\File::class,
'Gate' => Illuminate\Support\Facades\Gate::class,
'Hash' => Illuminate\Support\Facades\Hash::class,
'Input' => Illuminate\Support\Facades\Input::class,
'Inspiring' => Illuminate\Foundation\Inspiring::class,

View file

@ -0,0 +1,5 @@
<ul class="tabs">
<li ng-class="{active: stateIncludes('admin.genres')}"><a href="/admin/genres">Genres</a></li>
</ul>
<ui-view></ui-view>

View file

@ -0,0 +1,3 @@
<h1>Genre Editor</h1>
<p>This is a stub page!</p>

View file

@ -224,7 +224,18 @@ module.config [
url: '/register'
templateUrl: '/templates/auth/register.html'
# Hompage
# Admin
state.state 'admin',
abstract: true
url: '/admin'
templateUrl: '/templates/admin/_layout.html'
state.state 'admin.genres',
url: '/genres',
templateUrl: '/templates/admin/genres.html'
# Homepage
if window.pfm.auth.isLogged
state.state 'home',

View file

@ -85,6 +85,13 @@
<li class="uploader" ng-class="{selected: stateIncludes('uploader')}">
<a href="/account/uploader">Upload Music</a>
</li>
@can('access-admin-area')
<li ng-class="{selected: stateIncludes('admin')}">
<a href="/admin/genres">Admin Area</a>
</li>
@endcan
<li>
<h3>
<a href="#" ng-click="createPlaylist()" pfm-eat-click title="Create Playlist"><i class="icon-plus"></i></a>