/** * Determine if the user is authorized to make this request. * a topic can be updated by the section moderator or by an administrator * * a topic can be moved to another section if the user moderators that section or * they are an administrator * * @return bool */ public function authorize() { $return = false; if (!\Auth::check()) { $return = false; } $formName = key($this::input('form')); $formValues = $this::input('form')[$formName]; $this->session()->flash('form', $formName); // does the user moderate the section that this topic is currently in? $topic = \Nexus\Topic::findOrFail($formValues['id']); if ($topic->section->moderator->id == \Auth::id()) { $return = true; } // is the user moving the topic to a section they moderate? try { \Auth::user()->sections()->where('id', $formValues['section_id'])->firstOrFail(); } catch (\Exception $e) { $return = false; \Log::error('Topic Update - Attempt to move to unowned section ' . $e); } // if the user is an admin then we assume they can do all if (\Auth::user()->administrator) { $return = true; } return $return; }
/** * user can delete the topic if they are the moderator or an administrator * @return bool */ public function authorize() { $return = false; $topic = \Nexus\Topic::findOrFail($this->topic); if (\Auth::check()) { $authUser = \Auth::user(); // is the user an administrator if ($authUser->administrator) { $return = true; } // or the user is the section moderator if ($authUser->id === $topic->section->moderator->id) { $return = true; } } else { $return = false; } return $return; }
public function authorize() { $return = false; $topic = Topic::findOrFail($this::input('topic_id')); $section = Section::findOrFail($topic->section_id); if (\Auth::check()) { $authUser = \Auth::user(); // is the user an administrator if ($authUser->administrator) { $return = true; } // OR is the user the moderator if ($authUser->id === $section->moderator->id) { $return = true; } // OR is the topic NOT ready only if (!$topic->readonly) { $return = true; } } else { $return = false; } return $return; }
/** * * toggles a users subscription to the topic */ public function updateSubscription(Requests\Topic\SubscriptionRequest $request, $id) { $input = $request->all(); $topic = \Nexus\Topic::findOrFail($id); if ($input['command'] === 'subscribe') { \Nexus\Helpers\ViewHelper::subscribeToTopic(\Auth::user(), $topic); $message = '**Subscribed!** _Catch-up_ will return you here when new comments are added.'; } else { \Nexus\Helpers\ViewHelper::unsubscribeFromTopic(\Auth::user(), $topic); $message = '**Unsubscribed!** New comments here will be hidden from _Catch-up_.'; } \Nexus\Helpers\FlashHelper::showAlert($message, 'success'); return redirect()->route('topic.show', ['id' => $topic->id]); }