public function allowed($sAction = null, $sRole = null)
{
if (static::isAdmin() || \Entrust::hasRole('admin') || \Entrust::can($sAction) || \Entrust::hasRole($sRole)) {
return true;
}
return false;
}
public function __construct()
{
$this->data['crud'] = $this->crud;
// Check for the right roles to access these pages
if (!\Entrust::can('view-admin-panel')) {
abort(403, trans('crud.unauthorized_access'));
}
}
public function __construct()
{
$this->middleware('auth');
// Check for the right roles to access these pages
if (!\Entrust::can('view-admin-panel')) {
abort(403, 'Unauthorized access - you do not have the necessary role to see this page.');
}
}
public function inicio(Request $request)
{
if (!\Entrust::can('crud-promociones')) {
return \Redirect::to('/');
} else {
$registros = Promociones::buscar($request->get('parametros'))->orderBy('nombre', 'desc')->paginate(6);
return view('Center.promociones.ver')->with('registros', $registros);
}
}
/**
* Funcion que retorna la vista de inicio del modulo de Equipo, esta retorna la vista con los datos
* @param Request $request - variable interna que controla los elementos de la vista para obtner su valor
* @return $this
*/
public function inicio(Request $request)
{
if (!\Entrust::can('crud-empleados')) {
return \Redirect::to('/');
} else {
$registros = \DB::table('users')->join('role_user', 'users.id', '=', 'user_id')->join('roles', 'roles.id', '=', 'role_id')->where('users.type', '=', 0)->select('users.id AS id_usuario', 'users.name AS nombre_usuario', 'users.email', 'users.avatar', 'roles.display_name')->orderBy('roles.display_name', 'asc')->paginate(6);
return view('Center.empleados.ver')->with('registros', $registros);
}
}
/**
* Display a listing of xcasts
*
* @return Response
*/
public function index()
{
$search = Request::get('q');
$xcasts = $search ? Xcast::search($search) : Xcast::latest('updated_at');
if (!Entrust::can('manage_premium_casts') && !Entrust::can('delete_casts')) {
$xcasts = $xcasts->onlyFree();
}
$xcasts = $xcasts->paginate(8);
return View::make('admin.xcasts.index', compact('xcasts'));
}
public function getReprezentantiOrganizatie()
{
$reprezentanti = array();
$sql = "SELECT \n rl.id,\n rl.nume,\n rl.cnp\n FROM reprezentant_legal rl\n WHERE rl.logical_delete = 0";
if (\Entrust::can('administrare_platforma')) {
$reprezentanti = DB::select($sql);
} else {
$sql .= " AND id_organizatie = :id_organizatie";
$reprezentanti = DB::select($sql, array('id_organizatie' => isset(self::organizatie()[0]) ? self::organizatie()[0]->id_organizatie : -1));
}
return View::make('entitate::reprezentant_legal.list')->with('reprezentanti', $reprezentanti);
}
public function getBanci()
{
$banci = array();
$sql = "SELECT\n id,\n denumire,\n adresa, \n telefon\n FROM banca\n WHERE logical_delete = 0";
if (\Entrust::can('administrare_platforma')) {
$banci = DB::select($sql);
} else {
$sql .= " AND id_organizatie = :id_organizatie";
$banci = DB::select($sql, array('id_organizatie' => isset(self::organizatie()[0]) ? self::organizatie()[0]->id_organizatie : -1));
}
return View::make("banca::banca.list")->with("banci", $banci);
}
public function getInvestitii()
{
$ids = self::getIDsDepartamente(Confide::getDepartamenteUser());
$sql = "SELECT \n investitie.id,\n investitie.denumire,\n im.adresa,\n investitie.id_imobil,\n j.denumire AS judet,\n l.denumire AS localitate\n FROM por12_investitie investitie\n INNER JOIN imobil im ON im.id = investitie.id_imobil AND im.logical_delete = 0\n LEFT OUTER JOIN judet j ON j.id_judet = im.id_judet AND j.logical_delete = 0\n LEFT OUTER JOIN localitate l ON l.id_localitate = im.id_localitate AND l.logical_delete = 0";
if (!Entrust::can("administrare_platforma")) {
$sql .= " INNER JOIN departament ON departament.id = investitie.id_departament AND departament.logical_delete = 0\n AND departament.id IN (" . $ids . ") ";
}
$sql .= " WHERE investitie.logical_delete = 0";
//dd($sql);
$investitii = DB::select($sql);
return View::make('investitie_por_axa12.list')->with('investitii', $investitii);
}
/**
* Deletes a backup file.
*/
public function delete($file_name)
{
if (!\Entrust::can('delete-backups')) {
abort(403, 'Unauthorized access - you do not have the necessary permission to delete backups.');
}
$disk = Storage::disk(config('dick.backupmanager.disk'));
if ($disk->exists('backups/' . $file_name)) {
$disk->delete('backups/' . $file_name);
return 'success';
} else {
abort(404, "The backup file doesn't exist.");
}
}
/**
* Deletes a log file.
*/
public function delete($file_name)
{
if (!\Entrust::can('delete-logs')) {
abort(403, 'Unauthorized access - you do not have the necessary permission to delete logs.');
}
$disk = Storage::disk('local');
if ($disk->exists('logs/' . $file_name)) {
$disk->delete('logs/' . $file_name);
return 'success';
} else {
abort(404, "The log file doesn't exist.");
}
}
public function getPersonalOrganizatie()
{
$personal = array();
$sql = "SELECT \n p.id,\n p.nume,\n p.cnp,\n p.telefon_1,\n p.telefon_2,\n p.mail_1,\n p.mail_2,\n (SELECT group_concat(ent.denumire) \n FROM entitate ent\n INNER JOIN personal_entitate pe ON pe.id_entitate = ent.id AND pe.logical_delete = 0\n WHERE ent.logical_delete = 0\n AND pe.id_personal = p.id) AS entitati\n FROM personal p\n WHERE p.logical_delete = 0";
//dd($sql);
if (\Entrust::can('administrare_platforma')) {
$personal = DB::select($sql);
} else {
$sql .= " AND p.id_organizatie = :id_organizatie";
$personal = DB::select($sql, array('id_organizatie' => isset(self::organizatie()[0]) ? self::organizatie()[0]->id_organizatie : -1));
//dd($sql);
}
return View::make('entitate::personal.list')->with('personal', $personal);
}
public function getSeriiFacturare()
{
$ids = self::getIDsDepartamente(Confide::getDepartamenteUser());
$sql = "SELECT \n sf.id,\n sf.serie,\n sf.numar,\n sf.id_entitate,\n ent.denumire AS entitate\n FROM serie_factura sf\n INNER JOIN entitate ent ON ent.id = sf.id_entitate AND ent.logical_delete = 0\n WHERE ";
if (!Entrust::can("administrare_platforma")) {
/*$sql .=
" INNER JOIN departament d ON d.id_entitate = ent.id AND d.logical_delete = 0" .
" AND d.id IN (" . $ids . ")";*/
$sql .= " EXISTS(SELECT id FROM departament WHERE departament.id_entitate = sf.id_entitate AND departament.logical_delete = 0\n AND departament.id IN (" . $ids . ")) AND ";
}
$sql .= " sf.logical_delete = 0 ORDER BY ent.id, sf.serie";
//dd($sql);
$serii = DB::select($sql);
return View::make('serii_facturare.list')->with('serii', $serii);
}
/**
* @param $filters
* @param null $limit
*
* @return \Illuminate\Database\Eloquent\Collection|static[]
*/
public function getAll($filters, $limit = null)
{
$query = $this->post->select('*');
if (!\Entrust::can('manage-all-content')) {
$query->where('created_by', auth()->user()->id);
}
$from = "posts ";
if (isset($filters['status']) && $filters['status'] != '') {
$status = $filters['status'];
$query->whereRaw("posts.metadata->>'status' = ?", [$status]);
}
if (isset($filters['date_from']) && $filters['date_from'] != '') {
$query->whereRaw("date(created_at) >= ?", [str_replace('/', '-', $filters['date_from'])]);
}
if (isset($filters['date_to']) && $filters['date_to'] != '') {
$query->whereRaw("date(created_at) <= ?", [str_replace('/', '-', $filters['date_to'])]);
}
if (isset($filters['post_type']) && $filters['post_type'] != '') {
$post_type = $filters['post_type'];
$query->whereRaw("posts.metadata->>'type' = ?", [$post_type]);
}
if (array_has($filters, "sub_category1")) {
$ids = $filters['sub_category1'];
$query->category($ids);
}
if (array_has($filters, "sub_category")) {
$category = Category::find($filters['sub_category']);
$category_ids = $category->getDescendantsAndSelf()->lists('id')->toArray();
$query->category($category_ids);
}
if (array_has($filters, "category")) {
$category = Category::find($filters['category']);
$category_ids = $category->getDescendantsAndSelf()->lists('id')->toArray();
$query->category($category_ids);
}
$query->from($this->db->raw($from));
$query->orderBy('updated_at', 'DESC');
if (is_null($limit)) {
return $query->get();
}
return $query->paginate();
}
public function getEntitati($tip_entitate)
{
$sql = "SELECT \n ent.id, \n ent.denumire, \n ent.cif,\n ent.adresa, \n ent.cod_postal, \n ent.telefon, \n ent.fax, \n ent.id_organizatie, \n ent.id_tip_entitate, \n judet.denumire AS judet, \n loc.denumire AS localitate\n FROM entitate ent\n LEFT OUTER JOIN judet ON ent.id_judet = judet.id_judet AND judet.logical_delete = 0 \n LEFT OUTER JOIN localitate loc ON ent.id_localitate = loc.id_localitate AND loc.logical_delete = 0";
$and = "";
if (\Entrust::hasRole("Administrator de grup")) {
$and = " AND ent.id_organizatie = " . \Entrust::user()->id_org;
} else {
if (!\Entrust::can("administrare_platforma")) {
$ids = self::getIDsDepartamente(\Confide::getDepartamenteUser());
$sql = $sql . " INNER JOIN departament d ON d.id_entitate = ent.id AND d.logical_delete = 0" . " AND d.id IN (" . $ids . ")";
}
}
$sql .= " WHERE ent.logical_delete = 0 ";
$sql .= $and;
if ($tip_entitate == 1) {
$sql .= " AND ent.id_tip_entitate = 1 ";
} else {
$sql .= " AND ent.id_tip_entitate = 2 ";
}
$sql .= " GROUP BY ent.id";
$entitati = DB::select($sql);
//dd($sql);
return View::make('entitate::entitati_organizatie.list')->with('entitati', $entitati)->with('tip_entitate', $tip_entitate);
}
public function SalveazaAdaugaDepartamente()
{
$rules = array('edit' => 'required|integer', 'organizatie' => 'integer');
$errors = array('required' => 'Nu ati selectat utilizatorul.', 'integer' => 'Organizatia nu a fost selectata.');
$validator = Validator::make(Input::all(), $rules, $errors);
if ($validator->fails()) {
return Redirect::back()->withErrors('Eroare validare formular!')->withErrors($validator)->withInput();
} else {
//filtru de securitate pt non admini
$organizatii_list = self::getOrganizations();
$organizatie_ok = 0;
foreach ($organizatii_list as $v) {
if ($v->id == Input::get('organizatie')) {
$organizatie_ok = 1;
break;
}
}
if ($organizatie_ok == 0) {
return Redirect::back()->withErrors('Organizatia nu a fost selectata corect!');
}
//sfarsit filtru de securitate non admini
//informatiile pentru popularea form-ului
$entitatiSiDepartamente = self::EntitatiSiDepartamente();
$entitati = array();
$departamente = array();
foreach ($entitatiSiDepartamente as $k => $v) {
$entitati[$v->id_entitate] = $v->id_organizatie;
$departamente[$v->id_departament] = $v->id_entitate;
}
//sfarsit informatii pentru popularea form-ului
//cautam utilizatorul
$utilizator = self::getUser(Input::get('edit'));
if (!$utilizator) {
//template-ul nu poate fi gasit
return Redirect::back()->withErrors('Nu gasesc acest utilizator!');
}
if ($organizatie_ok == 0) {
return Redirect::back()->withErrors('Organizatia nu a fost selectata corect!');
}
if (Input::has('entitati')) {
foreach (Input::get('entitati') as $v) {
if (!isset($entitati[$v])) {
return Redirect::back()->withErrors('Eroare validare formular!')->withErrors($validator)->withInput();
}
$idepartamente = Input::get('departamente');
if (!isset($idepartamente[$v])) {
$sql_insert[] = array('id_user' => Input::get('edit'), 'id_departament' => NULL);
} else {
foreach ($idepartamente[$v] as $dk => $dv) {
if (intval($dv) > 0) {
$sql_insert[] = array('id_user' => Input::get('edit'), 'id_departament' => $dv);
}
}
}
//end foreach departamente
}
//end foreach entitati
}
//end test entitati
//sfarsit testare date de intrare
//se poate salva
try {
if (Entrust::can('administrare_platforma')) {
//facem update la organizatie
DB::table('users')->where('id', Input::get('edit'))->update(['id_org' => Input::get('organizatie')]);
//sfarsit update organizatie
}
//curatam informatiile vechi
DB::table('users_departament')->where('id_user', Input::get('edit'))->delete();
//sfarsit curatare
//inserare linii in template_contract_tipizat_detail
DB::table('users_departament')->insert($sql_insert);
} catch (Exception $e) {
return Redirect::back()->withErrors('Eroare salvare date: ' . $e)->withInput();
}
return Redirect::back()->with('message', 'Salvare realizata cu succes!')->withInput();
//sfarsit salvare informatii
}
}
if (!Entrust::can('edit_request')) {
return Redirect::route('sales.index')->with('message', 'You do not have permission to view that.')->with('alert-class', 'danger');
}
});
Route::filter('bom.view', function ($route) {
// Bypass if direct award
if (isDirectAward($route->parameter('rfq'))) {
return;
}
if (!Entrust::can('view_bom')) {
return Redirect::route('sales.index')->with('message', 'You do not have permission to view that.')->with('alert-class', 'danger');
}
});
Route::filter('approval.view', function ($route) {
// Bypass if direct award
if (isDirectAward($route->parameter('rfq'))) {
return;
}
if (!Entrust::can('view_approval')) {
return Redirect::route('sales.index')->with('message', 'You do not have permission to view that.')->with('alert-class', 'danger');
}
});
Route::filter('summary.view', function ($route) {
// Bypass if direct award
if (isDirectAward($route->parameter('rfq'))) {
return;
}
if (!Entrust::can('view_summary')) {
return Redirect::route('sales.index')->with('message', 'You do not have permission to view that.')->with('alert-class', 'danger');
}
});
public function authorOrAdminPermissioinRequire($author_id)
{
if (!Entrust::can('manage_contents') && $author_id != Auth::user()->id) {
App::abort(403, 'Unauthorized action.');
}
}
/**
* Attempt to do login
*
*/
public function postLogin()
{
//$repo = App::make('UserRepository');
$input = Input::all();
/*$input = array(
'username' =>Input::get('username'),
'password' =>Input::get('password'),
);*/
$err_msg = "";
if ($this->userRepo->login($input)) {
//return Redirect::intended('/');
//Administratorul platformei si utilizatorii care au acces la aplicatia vor putea continua
if (Entrust::can('administrare_platforma') || $this->userRepo->hasAccessApp(1)) {
if (Entrust::can('hostinger')) {
return Redirect::intended('/proba');
} else {
self::registerLogin(Input::get('username'), Input::get('password'), 'Login OK');
Confide::getDepartamente();
return Redirect::intended('/dashboard');
}
} else {
//altfel se afiseaza mesajul de eroare si sunt redirectionati la pagina de login
$err_msg = Lang::get('confide::confide.alerts.access_denied');
}
} else {
if ($this->userRepo->isThrottled($input)) {
$err_msg = Lang::get('confide::confide.alerts.too_many_attempts');
} elseif ($this->userRepo->existsButNotConfirmed($input)) {
$err_msg = Lang::get('confide::confide.alerts.not_confirmed');
} elseif ($this->userRepo->isUserBlocked($input)) {
$err_msg = Lang::get('confide::confide.alerts.user_blocked');
} else {
$err_msg = Lang::get('confide::confide.alerts.wrong_credentials');
}
}
self::registerLogin(Input::get('username'), Input::get('password'), $err_msg);
return Redirect::to('user/login')->withInput(Input::except('password'))->with('error', $err_msg);
}
| The CSRF filter is responsible for protecting your application against
| cross-site request forgery attacks. If this special token in a user
| session does not match the one given in this request, we'll bail.
|
*/
Route::filter('csrf', function () {
if (Session::token() != Input::get('_token')) {
throw new Illuminate\Session\TokenMismatchException();
}
});
/* Role/permission based Route filters */
/*If the user does not have the first role most likely administrator
redirect to the home page */
Route::filter('admin', function () {
if (!Entrust::hasRole(Role::find(1)->name)) {
return Redirect::to('home');
}
});
/**
* A filter that receives a permission ($perms) as the parameter and checks if the user has
* the said permissions or that the user is accessing only his own profile
*/
Route::filter('checkPerms', function ($route, $request, $perms) {
if (!Entrust::can($perms) && Auth::id() != Request::segment(2)) {
return Redirect::to('home');
}
});
//Ensure form value is not zero
Validator::extend('non_zero_key', function ($attribute, $value, $parameters) {
return $value != 0 ? true : false;
});
/**
* Using Entrust Authorization Driver
*
* @param [string] $permission
* @param [bool] $arguments
* @package Zizaco\Entrust
* @return boolean
*/
protected function aclEntrust($permission, $arguments = false)
{
return \Entrust::can($permission, $arguments);
}
});
Route::filter('manage_group', function () {
if (!Entrust::can('manage_group')) {
return Redirect::to('dashboard')->with('notice', 'you do not have access to this resource. Contact your system admin');
}
});
Route::filter('manage_settings', function () {
if (!Entrust::can('manage_settings')) {
return Redirect::to('dashboard')->with('notice', 'you do not have access to this resource. Contact your system admin');
}
});
Route::filter('manage_users', function () {
if (!Entrust::can('manage_user')) {
return Redirect::to('dashboard')->with('notice', 'you do not have access to this resource. Contact your system admin');
}
});
Route::filter('manage_roles', function () {
if (!Entrust::can('manage_role')) {
return Redirect::to('dashboard')->with('notice', 'you do not have access to this resource. Contact your system admin');
}
});
Route::filter('manage_audits', function () {
if (!Entrust::can('manage_audit')) {
return Redirect::to('dashboard')->with('notice', 'you do not have access to this resource. Contact your system admin');
}
});
Route::filter('manage_leavetypes', function () {
if (!Entrust::can('manage_leave')) {
return Redirect::to('dashboard')->with('notice', 'you do not have access to this resource. Contact your system admin');
}
});
|--------------------------------------------------------------------------
| CSRF Protection Filter
|--------------------------------------------------------------------------
|
| The CSRF filter is responsible for protecting your application against
| cross-site request forgery attacks. If this special token in a user
| session does not match the one given in this request, we'll bail.
|
*/
Route::filter('csrf', function () {
if (Session::token() != Input::get('_token')) {
throw new Illuminate\Session\TokenMismatchException();
}
});
/*
|--------------------------------------------------------------------------
| Roles & Permissions Filters
|--------------------------------------------------------------------------
|
*/
Entrust::routeNeedsRole('admin', ['Administrator', 'Users Manager', 'Premium Author', 'Author', 'Eraser'], Redirect::to('/'), false);
Entrust::routeNeedsPermission('admin/xcasts*', ['manage_premium_casts', 'manage_free_casts', 'delete_casts'], Redirect::to('admin'), false);
Entrust::routeNeedsPermission('admin/series*', ['manage_series', 'delete_series'], Redirect::to('admin'), false);
Entrust::routeNeedsPermission('admin/users*', ['manage_users', 'delete_users'], Redirect::to('admin'), false);
Route::filter('can_manage_premium_casts', function () {
if (Xcast::find(Route::input('xcasts'))->levels > 0) {
if (!Entrust::can('manage_premium_casts') && !Entrust::can('delete_casts')) {
return Redirect::to('admin');
}
}
});
| it simply checks that the current user is not logged in. A redirect
| response will be issued if they are, which you may freely change.
|
*/
Route::filter('guest', function () {
if (Auth::check()) {
return Redirect::to('/');
}
});
/*
|--------------------------------------------------------------------------
| CSRF Protection Filter
|--------------------------------------------------------------------------
|
| The CSRF filter is responsible for protecting your application against
| cross-site request forgery attacks. If this special token in a user
| session does not match the one given in this request, we'll bail.
|
*/
Route::filter('csrf', function () {
if (Session::token() != Input::get('_token')) {
throw new Illuminate\Session\TokenMismatchException();
}
});
Route::filter('manage_topics', function () {
if (Auth::guest()) {
return Redirect::guest('login-required');
} elseif (!Entrust::can('manage_topics')) {
return Redirect::route('admin-required');
}
});
/**
* @param $vaccine_id
* @param $child_id
* @return $this
*/
public function provideVaccine($vaccine_id, $child_id)
{
if (\Entrust::can('vaccination-create')) {
$vaccine = $this->vaccine->getVaccineWithWhichDose($vaccine_id, $child_id);
if ($vaccine['full'] == true) {
return redirect('/vaccination/program/' . $child_id)->with('message', 'This vaccine dose is already completed');
}
$user = \Auth::user();
$child = $this->child->getChildByRegistrationId($child_id);
$address = $this->location->getFullAddress($user->office_address);
$places = \DB::table('vaccination_places')->where('address', '=', $user->office_address)->get();
$vaccilator = \DB::table('vaccillators')->where('vclr_address', '=', $user->office_address)->lists('vclr_first_name', 'vclr_id');
//$vaccilator = $this->helper->getVaccilatorList();
return view('vaccination.vaccine_program.create')->with('vaccine', $vaccine)->with('child', $child)->with('address', $address)->with('user_address', $user->office_address)->with('places', $places)->with('vaccilator', $vaccilator);
} else {
return abort(404, 'You are not allowed');
}
}
| cross-site request forgery attacks. If this special token in a user
| session does not match the one given in this request, we'll bail.
|
*/
Route::filter('csrf', function () {
if (Session::token() != Input::get('_token')) {
throw new Illuminate\Session\TokenMismatchException();
}
});
Route::filter('manage_topics', function () {
if (Auth::guest()) {
return Redirect::guest('login-required');
} elseif (!Entrust::can('manage_topics')) {
// Checks the current user
return Redirect::route('admin-required');
}
});
Route::filter('manage_users', function () {
if (Auth::guest()) {
return Redirect::guest('login-required');
} elseif (!Entrust::can('manage_users')) {
// Checks the current user
return Redirect::route('admin-required');
}
});
Route::filter('check_banned_user', function () {
// Check Banned User
if (Auth::check() && !Route::is('user-banned') && Auth::user()->is_banned) {
return Redirect::route('user-banned');
}
});
public function getEntitati()
{
$sql = "SELECT\n denumire, id\n FROM entitate\n WHERE logical_delete = 0";
$departamente = [];
if (\Entrust::can('list_departament')) {
$sql = $sql . " AND entitate.id_organizatie = :id_organizatie";
$departamente = DB::select($sql, array('id_organizatie' => isset(self::organizatie()[0]) ? self::organizatie()[0]->id_organizatie : -1));
return self::object_to_array($departamente);
} else {
if (\Entrust::can('administrare_platforma')) {
$departamente = DB::select($sql);
return self::object_to_array($departamente);
}
}
return $departamente;
}
if (!Entrust::can('eliminar_examen')) {
return Redirect::guest('/');
}
});
Route::filter('modificar_examen', function () {
if (!Entrust::can('modificar_examen')) {
return Redirect::guest('/');
}
});
Route::filter('realizar_examen', function () {
if (!Entrust::can('realizar_examen')) {
return Redirect::guest('/');
}
});
Route::filter('ver_resultado_examen', function () {
if (!Entrust::can('ver_resultado_examen')) {
return Redirect::guest('/');
}
});
/*
|--------------------------------------------------------------------------
| Guest Filter
|--------------------------------------------------------------------------
|
| The "guest" filter is the counterpart of the authentication filters as
| it simply checks that the current user is not logged in. A redirect
| response will be issued if they are, which you may freely change.
|
*/
Route::filter('guest', function () {
if (Auth::check()) {
public function authorOrAdminPermissioinRequire($author_id)
{
if (!Entrust::can('manage_users') && $author_id != Auth::id()) {
throw new ManageTopicsException("permission-required");
}
}
public function viewBirthCertificate($id)
{
if (\Entrust::can('birth-registration-show')) {
$result = $this->birth->viewBirthCertificate($id);
return view('birthRegistration.birth_details.birth_certificate')->with('child', $result);
} else {
return abort(404, 'You are not allowed');
}
}
