Fix redirection errors

davepartner · davepartner · commit 7af06d5569d1 · 2017-08-07T08:10:27.000+01:00
diff --git a/app/Controllers/PostsController.php b/app/Controllers/PostsController.php
@@ -101,7 +101,7 @@ public function edit($request, $response,  $args){
             $post = Post::find( $args['id']);
 
 			//only admin and the person that created the post can edit or delete it.
-			if(($this->auth->user()->id != $post->user_id) OR ($this->auth->user()->role_id < 3) ){
+			if(($this->auth->user()->id != $post->user_id) AND ($this->auth->user()->role_id > 2 ) ){
                 
 			$this->flash->addMessage('error', 'You are not allowed to perform this action!'); 
 		
@@ -150,6 +150,17 @@ public function edit($request, $response,  $args){
 	*/
 	public function delete($request, $response,  $args){
 		$user = Post::find( $args['id']);
+		
+		//only owner and admin can delete
+		if(($this->auth->user()->id != $post->user_id) AND ($this->auth->user()->role_id > 2 ) ){
+                
+			$this->flash->addMessage('error', 'You are not allowed to perform this action!'); 
+		
+			return $this->view->render($response,'posts/view.twig', ['post'=>$post]);
+
+			}
+			
+			
 		if($user->delete()){
 			$this->flash->addMessage('success', 'Post Deleted Successfully');
 			return $response->withRedirect($this->router->pathFor('posts.index', ['user_id'=>$this->auth->user()->id]));
diff --git a/app/Controllers/RolesController.php b/app/Controllers/RolesController.php
@@ -48,6 +48,14 @@ public function view($request, $response, $args){
 	*/
 	public function add($request, $response){
 	
+	if($this->auth->user()->role_id > 2 ){
+                
+			$this->flash->addMessage('error', 'You are not allowed to perform this action!'); 
+		
+			return $this->view->render($response,'/');
+
+			}
+			
         if($request->isPost()){
 
             /**
@@ -133,6 +141,16 @@ public function edit($request, $response,  $args){
 	*/
 	public function delete($request, $response,  $args){
 		$user = Role::find( $args['id']);
+		//only admin can delete
+		if($this->auth->user()->role_id > 2 ){
+                
+			$this->flash->addMessage('error', 'You are not allowed to perform this action!'); 
+		
+			return $this->view->render($response,'/');
+
+			}
+			
+			
 		if($user->delete()){
 			$this->flash->addMessage('success', 'Role Deleted Successfully');
 			return $response->withRedirect($this->router->pathFor('roles.index'));
diff --git a/app/Controllers/UsersController.php b/app/Controllers/UsersController.php
@@ -45,7 +45,7 @@ public function edit($request, $response,  $args){
 	    $user = User::find( $args['id']);
 
 		//only admin and the person that created the post can edit or delete this profile.
-			if(($this->auth->user()->id != $args['id']) OR ($this->auth->user()->role_id < 3) ){
+			if(($this->auth->user()->id != $args['id']) AND ($this->auth->user()->role_id > 2) ){
 
 				$this->flash->addMessage('error', 'You are not allowed to perform this action!'); 		
 				return $this->view->render($response,'users/view.twig', ['id'=>$args['id']]);
@@ -97,7 +97,17 @@ public function edit($request, $response,  $args){
 	* @return
 	*/
 	public function delete($request, $response,  $args){
-		$user = User::find( $args['id']);
+			$user = User::find( $args['id']);
+			
+		//only owner and admin can delete 
+		if(($this->auth->user()->id != $args['id']) AND ($this->auth->user()->role_id > 2) ){
+
+				$this->flash->addMessage('error', 'You are not allowed to perform this action!'); 		
+				return $this->view->render($response,'users/view.twig', ['id'=>$args['id']]);
+
+			}
+			
+	
 		if($user->delete()){
 			$this->flash->addMessage('success', 'User Account Deleted Successfully');
 			return $response->withRedirect($this->router->pathFor('home'));
diff --git a/bin/src/templates/Controllers.php b/bin/src/templates/Controllers.php
@@ -9,7 +9,7 @@
 class BooksController extends Controller{
 	
 	/**
-	* List all users
+	* List all books
 	* 
 	* @return
 	*/
@@ -53,7 +53,7 @@ public function view($request, $response, $args){
 	*/
 	public function add($request, $response,  $args){
 	
-        if($request->isBook()){
+        if($request->isPost()){
            
             /**
             * validate input before submission
@@ -149,10 +149,10 @@ public function edit($request, $response,  $args){
 	* @return
 	*/
 	public function delete($request, $response,  $args){
-		$user = Book::find( $args['id']);
+		$book = Book::find( $args['id']);
 		if($user->delete()){
 			$this->flash->addMessage('success', 'Book Deleted Successfully');
-			return $response->withRedirect($this->router->pathFor('books.index', ['user_id'=>$this->auth->user()->id]));
+			return $response->withRedirect($this->router->pathFor('books.index'));
 		}
 	}
 
diff --git a/bin/src/templates/Views/add.twig b/bin/src/templates/Views/add.twig
@@ -22,7 +22,7 @@
                 
             <div class="panel-body">
                 <div class="login-form" >
-          <form action="{{ path_for('books.add') }}" method="book" autocomplete="off"> 
+          <form action="{{ path_for('books.add') }}" method="post" autocomplete="off"> 
             <div class="form-group {{ errors.title ? 'has-error' : '' }}">
               <input type="text" class="form-control login-field"  name="title" placeholder="Enter your title" >
               <label class="login-field-icon fui-user" for="login-first-name"></label>
diff --git a/bin/src/templates/Views/edit.twig b/bin/src/templates/Views/edit.twig
@@ -22,7 +22,7 @@
                 
             <div class="panel-body">
                 <div class="login-form" >
-          <form action="{{ path_for('books.edit', {'id': book.id}) }}" method="book" autocomplete="off"> 
+          <form action="{{ path_for('books.edit', {'id': book.id}) }}" method="post" autocomplete="off"> 
             <div class="form-group {{ errors.title ? 'has-error' : '' }}">
               <input type="text" class="form-control login-field" value="{{ book.title }}"  name="title" placeholder="Enter your title" >
               <label class="login-field-icon fui-user" for="login-first-name"></label>
diff --git a/resources/views/users/edit.twig b/resources/views/users/edit.twig
@@ -52,21 +52,14 @@
               {% endif %}	
             </div>
             <div class="form-group {{ errors.phone ? 'has-error' : '' }}">
-              <input type="phone" class="form-control login-field" value="{{ old.phone }}" name="phone" placeholder="Enter your email" id="login-email">
+              <input type="phone" class="form-control login-field" value="{{ old.phone }}" name="phone" placeholder="Enter your phone" id="login-email">
               <label class="login-field-icon fui-user" for="phone"></label>
               
               {% if errors.email %}
               	<span class="help-block">{{ errors.phone | first }}</span>
               {% endif %}	
             </div>
 
-            <div class="form-group">
-              <input type="password" class="form-control login-field" value=""  name="password" placeholder="Password" id="login-pass">
-              <label class="login-field-icon fui-lock" for="login-pass"></label>
-              {% if errors.password %}
-              	<span class="help-block">{{ errors.password | first }}</span>
-              {% endif %}	
-            </div>
 
             <button class="btn btn-primary btn-lg btn-block" type="submit">Sign up</button>
             
