From 079343fe1ddd041947c8c19dfe6b6edc0d41566d Mon Sep 17 00:00:00 2001
From: Krzysztof Strzelecki <ks37365@st.amu.edu.pl>
Date: Fri, 31 Jan 2020 23:38:24 +0100
Subject: [PATCH] =?UTF-8?q?Dodanie=20poziomow=20dostepu.=20Poprawki=20dost?=
 =?UTF-8?q?epu=20i=20przekierowan=20w:=20Jednostka,=20Stra=C5=BCacy?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../Controllers/fireFightersController.php    | 24 ++++++++++---------
 .../Controllers/fireStationController.php     |  4 ++--
 app/User.php                                  | 16 +++++++++++++
 resources/views/fireFighters.blade.php        | 10 ++++++++
 resources/views/unit.blade.php                | 24 ++++++-------------
 5 files changed, 48 insertions(+), 30 deletions(-)

diff --git a/app/Http/Controllers/fireFightersController.php b/app/Http/Controllers/fireFightersController.php
index c7c1e55..c602836 100644
--- a/app/Http/Controllers/fireFightersController.php
+++ b/app/Http/Controllers/fireFightersController.php
@@ -15,7 +15,8 @@ class fireFightersController extends Controller
 {
     public function create(){
 
-        if(auth()->user() != null && auth()->user()->fireStationID != null ){
+        if(auth()->user() != null && auth()->user()->accessLevel() >= 20)   //prezes,naczelnik,sekretarz
+        {
 //            $users = user::where("fireStationID", auth()->user()->fireStationID)->get();
 //            $users = DB::table('users')->where("fireStationID", '=', auth()->user()->fireStationID)->get();
             $users = DB::table('users')->where("fireStationID", '=', auth()->user()->fireStationID)
@@ -24,38 +25,39 @@ class fireFightersController extends Controller
                     ->select('users.id','users.name', 'users.surname', 'users.PESEL', 'users.email', 'users.statusID', 'ranks.rank', 'unitFunctions.unitFunction')
                 ->paginate(10);
             return view("fireFighters", ["users" => $users]);
-        } else{
-            return view('fireFighters');
+        } 
+        else
+        {
+            return redirect()->to('/userprofile');
         }
 
     }
 
     public function addForm(){
-        if(auth()->user() != null && auth()->user()->fireStationID != null ){
+        if(auth()->user() != null && auth()->user()->accessLevel() == 50 ){ //prezes,naczelnik
             $fireStation = fireStation::find(auth()->user()->fireStationID);
-            if($fireStation-> creatorID == auth()->user()->id){
-                //return view('fireFightersAdd');
+            if($fireStation-> creatorID == auth()->user()->id){ //if do usunięcia w pzyszłości
                 $ranks = DB::table('ranks')->pluck("rank","id");
                 $unitFunctions = DB::table('unitFunctions')->pluck("unitFunction","id");
                 return view('fireFightersAdd',compact('ranks'), compact('unitFunctions'));
-            } else return fireFightersController::create();
-        } else return view("unit");
+            } else return fireFightersController::create(); // ???
+        } else return redirect()->to('/strazacy');
     }
 
     public function editForm($id){
-        if(auth()->user() != null && auth()->user()->fireStationID != null ){
+        if(auth()->user() != null && auth()->user()->accessLevel() == 50 ){ //prezes,naczelnik
             $userFireStation = auth()->user()->fireStationID;
             $fireFighterFireStation = DB::table('users')->where("id", $id)->value('fireStationID');
             $fireStationCreatorId = DB::table('fireStations')->where("id", $userFireStation)->value('creatorID');
 
             $fireFighter = DB::table('users')->where("id", $id)->first();
-            if($userFireStation == $fireFighterFireStation && auth()->user()->id == $fireStationCreatorId) {
+            if($userFireStation == $fireFighterFireStation && auth()->user()->id == $fireStationCreatorId) {    // if do usunięcia w pzyszłości
                 return view('fireFightersEdit', ["fireFighter" => $fireFighter]);
             } else{
                 return "Brak dostepu";
             }
         }else{
-            return view('unit');
+            return redirect()->to('/strazacy');
         }
     }
 
diff --git a/app/Http/Controllers/fireStationController.php b/app/Http/Controllers/fireStationController.php
index 4942067..5bd4e51 100644
--- a/app/Http/Controllers/fireStationController.php
+++ b/app/Http/Controllers/fireStationController.php
@@ -26,7 +26,7 @@ class fireStationController extends Controller
 
     public function editForm()
     {
-        if(auth()->user() != null && auth()->user()->fireStationID != null )
+        if(auth()->user() != null && auth()->user()->accessLevel() == 50) //prezes/naczelnik
         {
             $id = auth()->user()->fireStationID;
             $fireStation = DB::table('fireStations')->where("id", $id)->first();
@@ -34,7 +34,7 @@ class fireStationController extends Controller
             return view('fireStationEdit', ["fireStation" => $fireStation], compact('voivodeships'));
         }
         else
-            return "Brak dostępu";
+            return redirect()->to('/jednostka'); 
     }
 
     public function store()
diff --git a/app/User.php b/app/User.php
index 9bf1995..2b62596 100644
--- a/app/User.php
+++ b/app/User.php
@@ -43,4 +43,20 @@ class User extends Authenticatable
     {
         $this->attributes['password'] = bcrypt($password);
     }
+
+    public function accessLevel()
+    {
+        if (auth()->user() != null && auth()->user()->fireStationID != null)
+           if ($this->functionID == 1 or $this->functionID == 5) //prezes lub naczelnik
+           return 50;
+           elseif ($this->functionID == 3)  //skarbnik
+            return 30;
+            elseif($this->functionID == 4)  //sekretarz
+                return 20;
+            else
+                return 0;   //brak specjalnych uprawnień
+        else
+            return -1;  //jednostka nie istnieje
+
+    }
 }
diff --git a/resources/views/fireFighters.blade.php b/resources/views/fireFighters.blade.php
index de7cbc9..8af8a56 100644
--- a/resources/views/fireFighters.blade.php
+++ b/resources/views/fireFighters.blade.php
@@ -2,10 +2,16 @@
 
 @section('left-menu')
     @parent
+    @if( auth()->check() )
+        @if( auth()->user()->fireStationID != NULL)
+            @if(auth()->user()->accessLevel() == 50)
     <ul>
         <a href="/strazacy/add"><li>Dodaj<img src="img/left_menu_icon/add.png"></li></a>
         <a href="/szkolenia"><li><font size="-2">Badania/Szkolenia</font><img src="/img/left_menu_icon/more.png"></li></a>
     </ul>
+            @endif
+        @endif
+    @endif
 @stop
 
 <head>
@@ -75,7 +81,9 @@
                         <th>Funkcja</th>
                         <th>Stopień</th>
                         <th>Status</th>
+                        @if(auth()->user()->accessLevel() == 50)
                         <th>Operacja</th>
+                        @endif
                     </tr>
                 </thead>
 
@@ -93,6 +101,7 @@
                             <td id="userFunction{{ $user->id }}">  {{$user->unitFunction}} </td>
                             <td id="userDegree{{ $user->id }}"> {{$user->rank}}</td>
                             <td id="userStatus{{ $user->id }}">@if( $user->statusID == 0) Czynny @else Wyłączony @endif</td>
+                            @if(auth()->user()->accessLevel() == 50)
                             <td>
                                 <a href="{{ URL::asset('strazacy/edit/'.$user->id) }}" class="btn btn-secondary" role="button">Edytuj</a>
                                 <a href="{{ URL::asset('strazacy/odznaczenia/'.$user->id) }}" class="btn btn-success" role="button">Odznaczenia</a>
@@ -112,6 +121,7 @@
                                     @endif
                                 @endif
                             </td>
+                             @endif
                         </tr>                        
                         @php
                             $i++;
diff --git a/resources/views/unit.blade.php b/resources/views/unit.blade.php
index 6b17eef..076f106 100644
--- a/resources/views/unit.blade.php
+++ b/resources/views/unit.blade.php
@@ -2,11 +2,15 @@
 
 @section('left-menu')
     @parent
+    @if( auth()->check() )
+        @if( auth()->user()->fireStationID != NULL)
+            @if(auth()->user()->accessLevel() == 50)
     <ul>
-
         <a href="/jednostka/edit"><li>Edytuj<img src="img/left_menu_icon/edit.png"></li></a>
-
     </ul>
+            @endif
+        @endif
+    @endif
 @stop
 
 @section('center-area')
@@ -67,21 +71,7 @@
             <div>
         @endif
     @else
-        <div>
-            <p><b>Nazwa:</b> Ochotnicza Straż Pożarna w Łuszczewie</p>
-            <p><b>Województwo:</b> Wielkopolskie</p>
-            <p><b>Powiat:</b> Koniński</p>
-            <p><b>Gmina i numer ewidencyjny:</b> Skulsk 3010092</p>
-            <p><b>Kod pocztowy, Miejscowość:</b> 62-560 Skulsk</p>
-            <p><b>Ulica i numer:</b> Łuszczewo 81</p>
-            <p><b>Szerokość i długość geograficzna:</b> 523113.08 | 182155.88</p>
-            <p><b>KRS:</b> 0000003716</p>
-            <p><b>NIP:</b> 665 524 497 69    </p>
-            <p><b>Telefon:</b> ??? - ??? - ???</p>
-            <p><b>E-mail:</b> twojanazwa@domena.com</p>
-            <hr>
-            <p><b>Liczba członków:</b> 40</p>
-        </div>
+        Witamy na stronie eOSP! <a href="/login">Zaloguj się</a> lub <a href="/register">Zarejestruj nową jednostkę</a>.
         <div>
     @endif
     </div>