Fix #63 Fix #62 fix user permission bug

ziishaned · Apr 5, 2017 · 495bdde · 495bdde
1 parent f28a37b
commit 495bdde
Show file tree

Hide file tree

Showing 7 changed files with 162 additions and 149 deletions.
diff --git a/app/Http/Controllers/InviteController.php b/app/Http/Controllers/InviteController.php
@@ -19,16 +19,6 @@ public function __construct(Request $request, Invite $invite)
         $this->invite  = $invite;
     }
 
-    public function index()
-    {
-
-    }
-
-    public function create()
-    {
-
-    }
-
     public function store(Team $team)
     {
         $this->validate($this->request, Invite::INVITE_RULES, [
@@ -57,21 +47,6 @@ public function sendInvitationEmail($invitation, $team)
         return true;
     }
 
-    public function show($id)
-    {
-
-    }
-
-    public function edit($id)
-    {
-
-    }
-
-    public function update(Request $request, $id)
-    {
-
-    }
-
     public function destroy(Team $team, $invitationCode)
     {
         $this->invite->where('code', $invitationCode)->where('team_id', $team->id)->delete();

diff --git a/app/Http/Controllers/TeamController.php b/app/Http/Controllers/TeamController.php
@@ -55,11 +55,6 @@ public function isContentTypeJson()
         return $this->request->header('content-type') == 'application/json';
     }
 
-    public function edit($id)
-    {
-
-    }
-
     public function update(Team $team)
     {
         if($team->name === $this->request->get('team_name')) {
@@ -111,7 +106,7 @@ public function postJoin(Team $team, $hash)
 
         $invitation = (new Invite)->getInvitation($team->id, $hash);
 
-        DB::table('users_roles')->update([
+        DB::table('users_roles')->insert([
             'role_id'    => $invitation->role_id,
             'user_id'    => $user->id,
             'team_id'    => $team->id,

diff --git a/app/Http/Middleware/CheckPermission.php b/app/Http/Middleware/CheckPermission.php
@@ -22,8 +22,6 @@ public function handle($request, Closure $next, $permissions = null)
             }
         }
 
-        return response()->json([
-            'Unauthorized.'
-        ], 401);
+        abort(403);
     }
 }
diff --git a/app/Models/User.php b/app/Models/User.php
@@ -77,7 +77,7 @@ public function watchWikis()
      */
     public function roles()
     {
-        return $this->hasMany(Role::class, 'user_id', 'id')->with('permissions');
+        return $this->belongsToMany(Role::class, 'users_roles', 'user_id', 'role_id')->with('permissions');
     }
 
     /**
@@ -293,7 +293,7 @@ public function hasPermission($routePermissions)
     {
         $routePermissions = explode('|', $routePermissions);
 
-        $roles = $this->with('roles')->findOrFail(Auth::user()->id)->roles;
+        $roles = Auth::user()->roles;
 
         foreach ($roles as $role) {
             foreach ($role->permissions as $permission) {