public function setPermissions($userUid) { // Lookup relevant data // $active_user = User::getIndex(Session::get('user_uid')); if (!$active_user->isAdmin()) { return Response::make('Non administrators may not alter permissions!', 401); } $user = User::getIndex($userUid); $permissions = Permission::all(); $user_permissions = UserPermission::where('user_uid', '=', $userUid)->get(); // Requests for permissions the user already owns or do not exist should flag an error // $valid_permissions = []; foreach ($permissions as $p) { $valid_permissions[] = $p->permission_code; } if (!in_array(Input::get('permission_code'), $valid_permissions)) { return Response::make('Invalid permission code detected.', 500); } $record = false; foreach ($user_permissions as $up) { if ($up->permission_code == Input::get('permission_code')) { $record = $up; break; } } // an existing entry did for the permission did not exist for the user // if (Input::has('status')) { if (!$record) { $record = new UserPermission(array('user_permission_uid' => GUID::create(), 'user_uid' => $userUid, 'permission_code' => Input::get('permission_code'), 'request_date' => gmdate('Y-m-d H:i:s'), 'update_date' => gmdate('Y-m-d H:i:s'), 'admin_comment' => Input::get('comment'))); // we found an existing entry and update the information } else { $record->request_date = gmdate('Y-m-d H:i:s'); $record->delete_date = null; $record->admin_comment = Input::get('comment'); } // status application switch (Input::get('status')) { case 'revoked': $record->delete_date = gmdate('Y-m-d H:i:s'); $record->expiration_date = null; $record->grant_date = null; $record->denial_date = null; break; case 'denied': $record->delete_date = null; $record->expiration_date = null; $record->grant_date = null; $record->denial_date = gmdate('Y-m-d H:i:s'); break; case 'granted': $record->delete_date = null; $record->expiration_date = gmdate('Y-m-d H:i:s', time() + 60 * 60 * 24 * 365); $record->grant_date = gmdate('Y-m-d H:i:s'); $record->denial_date = null; break; case 'expired': $record->expiration_date = gmdate('Y-m-d H:i:s', time() - 60); $record->denial_date = null; break; case 'pending': $record->delete_date = null; $record->expiration_date = null; $record->grant_date = null; $record->denial_date = null; $record->request_date = gmdate('Y-m-d H:i:s'); break; } // status application // $record->save(); } if ($user && $user->email && $user->getFullName()) { $cfg = array('url' => Config::get('app.cors_url') ?: '', 'user' => $user, 'comment' => Input::get('comment')); Mail::send('emails.permission-reviewed', $cfg, function ($message) use($user) { $message->to($user->email, $user->getFullName()); $message->subject('SWAMP Permission Request'); }); } }