Skip to content

feat: further restrict permissions to view and access reports #112

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
azend merged 1 commit into from
May 25, 2025
Merged

feat: further restrict permissions to view and access reports #112

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 15 additions & 3 deletions app/Http/Controllers/ReportsController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,15 +13,26 @@ public function index()
'name' => 'Member Status',
'description' => 'A view of all members in the database and current membership status.',
'route' => route('reports.member-status-report'),
'permission' => 'view-user-reports',
],
[
'name' => 'Member Activity',
'description' => 'A view of all gatekeeper authentications in the database by member.',
'route' => route('reports.member-activity-report'),
'permission' => 'view-gatekeeper-reports',
],
];

return view('reports.index', ['reports' => $reports]);
$filtered_reports = [];

foreach ($reports as $report) {
// if no additional permissions are required or the user has the permission
if (! isset($report['permission']) || \Gate::allows($report['permission'])) {
$filtered_reports[] = $report;
}
}

return view('reports.index', ['reports' => $filtered_reports]);
}

public function member_status_report()
Expand Down Expand Up @@ -49,13 +60,15 @@ public function member_status_report()

public function member_activity_report(Request $request)
{
$report_name = 'Member Activity Report';

if ($request->has('fromDate', 'toDate')) {
$validated = $request->validate([
'fromDate' => 'required|date',
'toDate' => 'required|date',
]);

$report_name = 'Member Activity Report ('.$validated['fromDate'].' - '.$validated['toDate'].')';
$report_name = $report_name.' ('.$validated['fromDate'].' - '.$validated['toDate'].')';
$data = \App\Models\Authentication::where('lock_in', '>=', $validated['fromDate'])
->where('lock_in', '<=', $validated['toDate'])
->orderBy('lock_in', 'desc')
Expand All @@ -80,7 +93,6 @@ public function member_activity_report(Request $request)
'fields' => $fields,
]);
} else {
$report_name = 'Member Activity Report';
$filters = ['daterange'];

return view('reports.filter', [
Expand Down
8 changes: 8 additions & 0 deletions app/Providers/AuthServiceProvider.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,14 @@ public function boot()
return Auth::user()->is_allowed('reports', 'manage');
});

Gate::define('view-user-reports', function ($user) {
return Auth::user()->is_allowed('reports', 'users');
});

Gate::define('view-gatekeeper-reports', function ($user) {
return Auth::user()->is_allowed('reports', 'gatekeepers');
});

Gate::define('manage-users-keys', function ($user) {
if (Auth::user()->is_allowed('users', 'manage')) {
return true;
Expand Down
4 changes: 2 additions & 2 deletions routes/web.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,8 +91,8 @@
// Reports
Route::middleware(['auth', 'can:manage-reports'])->group(function () {
Route::get('/reports', [ReportsController::class, 'index'])->name('reports');
Route::get('/reports/member-status-report', [ReportsController::class, 'member_status_report'])->name('reports.member-status-report');
Route::get('/reports/member-activity-report', [ReportsController::class, 'member_activity_report'])->name('reports.member-activity-report');
Route::get('/reports/member-status-report', [ReportsController::class, 'member_status_report'])->middleware(['auth', 'can:view-user-reports'])->name('reports.member-status-report');
Route::get('/reports/member-activity-report', [ReportsController::class, 'member_activity_report'])->middleware(['auth', 'can:view-gatekeeper-reports'])->name('reports.member-activity-report');
});

// Gatekeeper sync and key authentication routes
Expand Down