Создание интернет-витрины на laravel. Часть 5
Добавление раздела администрирования RBAC; Правка разделов с учетом разделения прав.
Капустин Яков
оглавление
- 01 Субординация и запрет удаления последнего владельца проекта
- 02 Добавление роли вновь создаваемому пользователю
- 03 Правка раздела 'Пользователи'
- 04 Правка раздела 'Роли'
- 05 Правка раздела 'Товары'
- 06 Результаты
- 07 Добавление комментариев к товарам с помощью factories CommentFactory
01Субординация и запрет удаления последнего владельца проекта
Добавим в метод destroy() контроллера UserController условие, проверяющее доминирование удаляющего и удаляемых пользователей. Разрешим пользователям удалять равных себе.
nameFile:
1
2
3
4
5
2
3
4
5
...
abort_if ( $user->roles->first()->id < Auth::user()->roles->first()->id, 403 );
...
В случае, если удаляемый пользователь является владельцем проекта вернем предупреждение о недопустимости действия.
nameFile:
1
2
3
4
5
6
2
3
4
5
6
// dont destroy last owner!
if ( $user->roles->first()->id === 1 and DB::table('role_user')->where('role_id', '=', 1)->get()->count() === 1 ) {
return back()->withErrors([$user->name . ' is last owner. dont destroy him!']);
}
02Добавление роли вновь создаваемому пользователю
app/Http/Controllers/Auth/RegisterController.php:
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
/**
* Create a new user instance after a valid registration.
*
* @param array $data
* @return \App\User
*/
protected function create(array $data)
{
// return User::create([
// 'name' => $data['name'],
// 'email' => $data['email'],
// 'password' => Hash::make($data['password']),
// ]);
$user = User::create([
'name' => $data['name'],
'email' => $data['email'],
'password' => Hash::make($data['password']),
]);
$user->attachRole(4);
return $user;
}
03Правка раздела 'Пользователи'
app/Http/Controllers/UsersController.php:
001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
032
033
034
035
036
037
038
039
040
041
042
043
044
045
046
047
048
049
050
051
052
053
054
055
056
057
058
059
060
061
062
063
064
065
066
067
068
069
070
071
072
073
074
075
076
077
078
079
080
081
082
083
084
085
086
087
088
089
090
091
092
093
094
095
096
097
098
099
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
032
033
034
035
036
037
038
039
040
041
042
043
044
045
046
047
048
049
050
051
052
053
054
055
056
057
058
059
060
061
062
063
064
065
066
067
068
069
070
071
072
073
074
075
076
077
078
079
080
081
082
083
084
085
086
087
088
089
090
091
092
093
094
095
096
097
098
099
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
<?php
namespace App\Http\Controllers;
use Auth;
use Illuminate\Support\Facades\DB;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Validator;
use Illuminate\Support\Facades\Hash;
use App\Role;
use App\Permission;
use App\User;
class UsersController extends Controller
{
public function __construct() {
// $this->middleware(['auth', 'permission:view_users']);
$this->middleware('auth');
}
/**
* Display a listing of the resource.
*
* @return \Illuminate\Http\Response
*/
public function index()
{
abort_if ( Auth::user()->cannot('view_users'), 403 );
$users = User::all();
return view('users.index', compact('users'));
}
/**
* Display the specified resource.
*
* @param int $id
* @return \Illuminate\Http\Response
*/
public function show(User $user)
{
abort_if ( Auth::user()->cannot('view_users') and Auth::user()->id != $user->id , 403 );
$permissions = Permission::all();
return view('users.show', compact('user', 'permissions'));
}
/**
* Show the form for editing the specified resource.
*
* @param int $id
* @return \Illuminate\Http\Response
*/
public function edit(User $user)
{
abort_if ( !Auth::user()->can('edit_users') and Auth::user()->id !== $user->id, 403 );
$roles = Role::get();
$permissions = Permission::all();
return view('users.edit', compact('user', 'roles', 'permissions'));
}
/**
* Update the specified resource in storage.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\Response
*/
public function update(User $user)
{
abort_if ( Auth::user()->cannot('edit_users') and Auth::user()->id !== $user->id, 403 );
$validator = Validator::make (request()->all(), [
'name' => 'required|string|max:255',
'email' => 'required|string|email|max:255', // |unique:users
'role' => 'nullable|integer|max:255',
'take_role' => 'nullable|integer|max:255',
'password' => 'nullable|string|min:6|max:255',
]);
if ($validator->fails()) {
return back()->withErrors($validator)->withInput();
}
if ( ( request('role' ) or request( 'take_role' ) ) and Auth::user()->cannot('edit_roles') ) {
return back()->withErrors('you can not attach and take roles!')->withInput();
}
if ( Auth::user()->can('edit_users') ) {
// update user without input password
$user->update([
'name' => request('name'),
'email' => request('email'),
]);
// attach Role
if ( request('role' ) ) {
// !! проверить на уникальность! SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '5-2' for key 'PRIMARY' (SQL: insert into `role_user` (`role_id`, `user_id`) values (2, 5))
$user->attachRole(request('role'));
}
// take Role
if ( request( 'take_role' ) ) {
// dont delete last role!
if ( count(DB::table('role_user')->where('user_id', '=', $user->id)->get()) < 2 ) {
return back()->withErrors(['You can not take the last role!']);
}
$take_role = DB::table('role_user')->where([
['user_id', '=', $user->id],
['role_id', '=', request('take_role')],
])->delete();
}
} elseif ( Auth::user()->id === $user->id ) {
if ( !Hash::check(request('password'),$user->password )) {
return back()->withErrors(['failed password'])->withInput();
}
$user->update([
'name' => request('name'),
'email' => request('email'),
]);
} else {
abort(403, 'Unauthorized action.');
}
return redirect( route('usersShow', ['user' => $user]));
// return redirect( route('users') );
}
/**
* Remove the specified resource from storage.
*
* @param int $id
* @return \Illuminate\Http\Response
*/
public function destroy(User $user)
{
// dd('destroy!');
abort_if ( !Auth::user()->can('delete_users'), 403 );
abort_if ( $user->roles->first()->id < Auth::user()->roles->first()->id, 403 );
// dont destroy last owner!
if ( $user->roles->first()->id === 1 and DB::table('role_user')->where('role_id', '=', 1)->get()->count() === 1 ) {
return back()->withErrors([$user->name . ' is last owner. dont destroy him!']);
}
$user->delete();
return redirect( route('users'));
}
}
resources/views/users/index.blade.php:
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
@extends('layouts.app')
@section('title')
users
@endsection
@section('content')
<div class="container">
<h1>List of users</h1>
<table class="blue_table">
<tr>
<th>#</th>
<th>id</th>
<th>img</th>
<th>name</th>
<!-- <th>email</th> -->
<!-- <th>role</th> -->
<th>roles</th>
<th>created_at</th>
<th>updated_at</th>
<th>actions</th>
</tr>
@foreach($users as $i=>$user)
<tr>
<td>{{ $i+1 }}</td>
<td>{{ $user->id }}</td>
<td><img src="{{ asset('storage') }}/images/default/user_default.png" alt="no image" width="75px"></td>
<td>{{ $user->name }}</td>
<!-- <td>{{ $user->email }}</td> -->
<!-- <td>{{ $user->roles->first()->name }}</td> -->
<td>
@if($user->roles->count())
{{-- {{ $user->roles->count() }}: --}}
@foreach ($user->roles as $role)
{{ $role->name }};
@endforeach
@endif
</td>
<td>{{ $user->created_at ?? '-' }}</td>
<td>{{ $user->updated_at ?? '-' }}</td>
<td>
<div class="td user_buttons row">
<div class="col-sm-4">
<a href="{{ route('usersShow', ['user' => $user->id]) }}" class="btn btn-outline-primary">
<i class="fas fa-eye"></i>
</a>
</div>
@permission('edit_users')
<div class="col-sm-4">
<a href="{{ route('usersEdit', ['user' => $user->id]) }}" class="btn btn-outline-success">
<i class="fas fa-pen-nib"></i>
</a>
</div>
@endpermission
@permission('delete_users')
<div class="col-sm-4">
<form action="{{ route('usersDestroy', ['user' => $user->id]) }}" method='POST'>
@csrf
@method('DELETE')
<button type="submit" class="btn btn-outline-danger">
<i class="fas fa-trash"></i>
</button>
</form>
</div>
@endpermission
</div>
</td>
</tr>
@endforeach
</table>
</div>
@endsection
resources/views/users/show.blade.php:
001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
032
033
034
035
036
037
038
039
040
041
042
043
044
045
046
047
048
049
050
051
052
053
054
055
056
057
058
059
060
061
062
063
064
065
066
067
068
069
070
071
072
073
074
075
076
077
078
079
080
081
082
083
084
085
086
087
088
089
090
091
092
093
094
095
096
097
098
099
100
101
102
103
104
105
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
032
033
034
035
036
037
038
039
040
041
042
043
044
045
046
047
048
049
050
051
052
053
054
055
056
057
058
059
060
061
062
063
064
065
066
067
068
069
070
071
072
073
074
075
076
077
078
079
080
081
082
083
084
085
086
087
088
089
090
091
092
093
094
095
096
097
098
099
100
101
102
103
104
105
@extends('layouts.app')
@section('title')
user
@endsection
@section('content')
<div class="container">
<h1>show user {{ $user->name }}</h1>
<h5>{{ $user->name }} info:</h5>
<table class="blue_table">
<tr>
<th>id</th>
<th>img</th>
<th>name</th>
<th>email</th>
<th>roles</th>
<th>permissions</th>
<th>created_at</th>
<th>updated_at</th>
<th>actions</th>
</tr>
<tr>
<td>{{ $user->id }}</td>
<td><img src="{{ asset('storage') }}/images/default/user_default.png" alt="no image" width="75px"></td>
<td>{{ $user->name }}</td>
<td>{{ $user->email }}</td>
<td>
@if($user->roles->count())
{{ $user->roles->count() }}:
@foreach ($user->roles as $role)
{{ $role->name }};
@endforeach
@endif
</td>
<td>
<?php
$num_permissions = 0;
foreach ($permissions as $permission) {
if ( $user->can($permission->name) ) { $num_permissions++; }
}
echo $num_permissions;
?>
</td>
<td>{{ $user->created_at ?? '-' }}</td>
<td>{{ $user->updated_at ?? '-' }}</td>
<td>
<div class="td user_buttons row center">
@permission('edit_users')
<a href="{{ route('usersEdit', ['user' => $user->id]) }}" class="btn btn-outline-success">
<i class="fas fa-pen-nib"></i>
</a>
@endpermission
@if ( Auth::user()->id == $user->id )
<a href="{{ route('usersEdit', ['user' => $user->id]) }}" class="btn btn-outline-success">
<i class="fas fa-pen-nib"></i>
</a>
@endif
@permission('delete_users')
<form action="{{ route('usersDestroy', ['user' => $user->id]) }}" method='POST'>
@csrf
@method('DELETE')
<button type="submit" class="btn btn-outline-danger">
<i class="fas fa-trash"></i>
</button>
</form>
@endpermission
</div>
</td>
</tr>
</table><br>
<h5>{{ $user->name }} can:</h5>
<div class="">
<?php
foreach ($permissions as $permission) {
if ( $user->can($permission->name) ) { echo $permission->display_name . '; '; }
}
?>
</div>
</div>
@endsection
resources/views/users/edit.blade.php:
001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
032
033
034
035
036
037
038
039
040
041
042
043
044
045
046
047
048
049
050
051
052
053
054
055
056
057
058
059
060
061
062
063
064
065
066
067
068
069
070
071
072
073
074
075
076
077
078
079
080
081
082
083
084
085
086
087
088
089
090
091
092
093
094
095
096
097
098
099
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
032
033
034
035
036
037
038
039
040
041
042
043
044
045
046
047
048
049
050
051
052
053
054
055
056
057
058
059
060
061
062
063
064
065
066
067
068
069
070
071
072
073
074
075
076
077
078
079
080
081
082
083
084
085
086
087
088
089
090
091
092
093
094
095
096
097
098
099
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
@extends('layouts.app')
@section('title')
edit profile
@endsection
@section('content')
<div class="container">
<h1>edit profile {{ $user->name }}</h1>
<img src="{{ asset('storage') }}/images/default/user_default.png" alt="no image" width="75px">
<h5>{{ $user->name }} info:</h5>
<form method="POST"
action="{{ route('usersUpdate', ['user' => $user->id]) }}"
enctype="multipart/form-data">
@csrf
@method('PATCH')
<table class="blue_table">
<tr>
<th>id</th>
<th>name</th>
<th>email</th>
<th>roles</th>
@permission('edit_roles')
<th>add role</th>
<th>take the role</th>
@endpermission
<th>created_at</th>
<th>updated_at</th>
</tr>
<tr>
<td>{{ $user->id }}</td>
<td>
<input type="text" id="name" name="name" class="form-control"
value="{{ old('name') ?? $user->name }}" required>
</td>
<td>
<input type="email" id="email" name="email" class="form-control"
value="{{ old('email') ?? $user->email }}">
</td>
<td>
<?php
foreach ( $user->roles as $role ) {
echo $role->name . '; ';
}
?>
</td>
@permission('edit_roles')
<td>
<select name='role' id="role">
<option value="" selected>-</option>
<?php
foreach ( $roles as $role ) {
if ( !$user->hasRole($role->name) ) {
echo '<option value="' . $role->id . '">' . $role->name . '</option>';
}/* else {
echo '<option value="' . $role->id . '" disabled>' . $role->name . '</option>';
}*/
}
?>
</select>
</td>
<td>
<select name='take_role' id="take_role">
<option value="" selected>-</option>
<?php
$num_roles = 0;
foreach ( $roles as $role ) {
if ( $user->hasRole($role->name) ) {
$num_roles++;
}
}
foreach ( $roles as $role ) {
if ( $user->hasRole($role->name) ) {
if ( $num_roles < 2 ) {
echo '<option value="' . $role->id . '" disabled>' . $role->name . '</option>';
} else {
echo '<option value="' . $role->id . '">' . $role->name . '</option>';
}
}
}
?>
</select>
</td>
@endpermission
<td>{{ $user->created_at ?? '-' }}</td>
<td>{{ $user->updated_at ?? '-' }}</td>
</tr>
</table><br>
@permission('edit_users')
@else
<div class="form-group">
<label for="name">password user</label>
<input type="password" id="password" name="password" class="form-control" required>
</div>
@endpermission
<button type="submit" class="btn btn-primary form-control">edit profile!</button><br>
</form>
<br><h5>{{ $user->name }} can:</h5>
<div class="">
<?php
foreach ($permissions as $permission) {
if ( $user->can($permission->name) ) { echo $permission->display_name . '; '; }
}
?>
</div>
</div>
@endsection
04Правка раздела 'Роли'
app/Role.php:
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
<?php
namespace App;
use Zizaco\Entrust\EntrustRole;
class Role extends EntrustRole
{
/*
* The Role model has three main attributes:
*
* name — Unique name for the Role, used for looking up role information in the application layer. For example: "admin", "owner", "employee".
* display_name — Human readable name for the Role. Not necessarily unique and optional. For example: "User Administrator", "Project Owner", "Widget Co. Employee".
* description — A more detailed explanation of what the Role does. Also optional.
*/
/**
* The attributes that are mass assignable. yo
*
* @var array
*/
protected $fillable = [
'name',
'display_name',
'description',
];
/**
* Many-to-Many relations with the user model.
*
* @return \Illuminate\Database\Eloquent\Relations\BelongsToMany
*/
public function users()
{
return $this->belongsToMany(User::class);
}
}
app/Http/Controllers/RolesController.php:
001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
032
033
034
035
036
037
038
039
040
041
042
043
044
045
046
047
048
049
050
051
052
053
054
055
056
057
058
059
060
061
062
063
064
065
066
067
068
069
070
071
072
073
074
075
076
077
078
079
080
081
082
083
084
085
086
087
088
089
090
091
092
093
094
095
096
097
098
099
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
032
033
034
035
036
037
038
039
040
041
042
043
044
045
046
047
048
049
050
051
052
053
054
055
056
057
058
059
060
061
062
063
064
065
066
067
068
069
070
071
072
073
074
075
076
077
078
079
080
081
082
083
084
085
086
087
088
089
090
091
092
093
094
095
096
097
098
099
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Auth;
use App\Role;
use App\Permission;
use Illuminate\Support\Facades\DB;
class RolesController extends Controller
{
public function __construct() {
$this->middleware('auth');
}
/**
* Display a listing of the resource.
*
* @return \Illuminate\Http\Response
*/
public function index()
{
abort_if ( Auth::user()->cannot('view_roles'), 403 );
$roles = Role::all();
$permissions = Permission::all()->toArray();
$arr_all_role_permissions = array();
foreach ($roles as $role) {
$arr_all_role_permissions[$role->name] = $this->getArrPermissionId($role);
}
return view('roles.index', compact('roles', 'permissions', 'arr_all_role_permissions'));
}
/**
* Show the form for creating a new resource.
*
* @return \Illuminate\Http\Response
*/
public function create()
{
abort_if ( Auth::user()->cannot('create_roles'), 403 );
$permissions = Permission::all()->toArray();
return view('roles.create', compact('permissions'));
}
/**
* Store a newly created resource in storage.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function store(Role $role)
{
abort_if ( Auth::user()->cannot('create_roles'), 403 );
$arrToValidate['name'] = 'required|string|max:255|unique:roles';
$arrToValidate['display_name'] = 'required|string|max:255|unique:roles';
$arrToValidate['description'] = 'required|string|max:255';
$permissions = Permission::all()->toArray();
foreach ( $permissions as $permission ) {
$arrToValidate[$permission['name']] = 'string|max:3';
}
$validator = request()->validate($arrToValidate);
$role = Role::create([
'name' => request('name'),
'display_name' => request('display_name'),
'description' => request('description'),
]);
if ( $role ) {
foreach ( $permissions as $permission ) {
if ( request($permission['name']) == 'on' ) {
$role->attachPermission($permission['id']);
}
}
}
return redirect()->route('rolesShow', compact('role'));
}
/**
* Display the specified resource.
*
* @param int $id
* @return \Illuminate\Http\Response
*/
public function show(Role $role)
{
abort_if ( Auth::user()->cannot('view_roles'), 403 );
$arr_role_permissions = $this->getArrPermissionId($role);
$permissions = Permission::all()->toArray();
return view('roles.show', compact('role', 'permissions', 'arr_role_permissions'));
}
/**
* Show the form for editing the specified resource.
*
* @param int $id
* @return \Illuminate\Http\Response
*/
public function edit(Role $role)
{
abort_if ( Auth::user()->cannot('edit_roles'), 403 );
$arr_role_permissions = $this->getArrPermissionId($role);
$permissions = Permission::all()->toArray();
return view('roles.edit', compact('role', 'permissions', 'arr_role_permissions'));
}
/**
* Update the specified resource in storage.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\Response
*/
public function update(Role $role)
{
abort_if ( Auth::user()->cannot('edit_roles'), 403 );
$arrToValidate['name'] = 'required|string|max:255'; // |unique:roles
$arrToValidate['display_name'] = 'required|string|max:255'; // |unique:roles
$arrToValidate['description'] = 'required|string|max:255';
$permissions = Permission::all()->toArray();
foreach ( $permissions as $permission ) {
$arrToValidate[$permission['name']] = 'string|max:3';
}
$validator = request()->validate($arrToValidate);
$role->update([
'name' => request('name'),
'display_name' => request('display_name'),
'description' => request('description'),
]);
if ( $role and Auth::user()->can('edit_permissions') ) {
$arr_role_permissions = $this->getArrPermissionId($role);
foreach ( $permissions as $permission ) {
// attach Permission
if ( request($permission['name']) == 'on' and !in_array($permission['id'], $arr_role_permissions) ) {
$role->attachPermission($permission['id']);
// take Permission
} elseif ( empty(request($permission['name'])) and in_array($permission['id'], $arr_role_permissions) ) {
$take_role = DB::table('permission_role')->where([
['permission_id', '=', $permission['id']],
['role_id', '=', $role->id],
])->delete();
}
}
}
return redirect()->route('rolesShow', compact('role'));
}
/**
* Remove the specified resource from storage.
*
* @param int $id
* @return \Illuminate\Http\Response
*/
public function destroy(Role $role)
{
abort_if ( Auth::user()->cannot('delete_roles'), 403 );
if ( $role->id < 5 ) {
return back()->withErrors(['"' . $role->name . '" is basic role and can not be removed.']);
}
$role->forceDelete();
// $role->delete();
return redirect()->route('roles');
}
/**
* Get permissions id
*
* @param Role $role
* @return array $arr_role_permissions
*/
private function getArrPermissionId (Role $role) {
$arr_role_permissions = array();
foreach ( DB::table('permission_role')->where('role_id', $role->id)->get() as $role_permission ) {
$arr_role_permissions[] = $role_permission->permission_id;
};
return $arr_role_permissions;
}
}
resources/views/roles/index.blade.php:
001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
032
033
034
035
036
037
038
039
040
041
042
043
044
045
046
047
048
049
050
051
052
053
054
055
056
057
058
059
060
061
062
063
064
065
066
067
068
069
070
071
072
073
074
075
076
077
078
079
080
081
082
083
084
085
086
087
088
089
090
091
092
093
094
095
096
097
098
099
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
032
033
034
035
036
037
038
039
040
041
042
043
044
045
046
047
048
049
050
051
052
053
054
055
056
057
058
059
060
061
062
063
064
065
066
067
068
069
070
071
072
073
074
075
076
077
078
079
080
081
082
083
084
085
086
087
088
089
090
091
092
093
094
095
096
097
098
099
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
@extends('layouts.app')
@section('title')
roles
@endsection
@section('content')
<div class="container">
<h1>List of roles</h1>
<h5 class="blue">Parameters of the roles:</h5>
<table class="blue_table">
<tr>
<th>#</th>
<th>id</th>
<!-- <th>name</th> -->
<th>display_name</th>
<th>description</th>
<th>permissions</th>
<th>created_at</th>
<th>updated_at</th>
<th>actions</th>
</tr>
@foreach($roles as $i=>$role)
<tr>
<td>{{ $i+1 }}</td>
<td>{{ $role->id }}</td>
<!-- <td>{{ $role->name }}</td> -->
<td>{{ $role->display_name }}</td>
<td style="max-width: 350px;">{{ $role->description }}</td>
<td>
@if ($role->perms())
{{ $role->perms()->pluck('display_name')->count() }}
@else
-
@endif
</td>
<td>{{ $role->created_at ?? '-' }}</td>
<td>{{ $role->updated_at ?? '-' }}</td>
<td>
<div class="td role_buttons row">
@if ( Auth::user()->can( ['view_roles', 'edit_roles', 'delete_roles'], true ) )
<div class="col-sm-4">
<a href="{{ route('rolesShow', ['role' => $role->id]) }}" class="btn btn-outline-primary">
<i class="fas fa-eye"></i>
</a>
</div>
<div class="col-sm-4">
@if ( $role->id < 5 )
<button class="btn btn-outline-secondary"><i class="fas fa-pen-nib"></i></button>
@else
<a href="{{ route('rolesEdit', ['role' => $role->id]) }}" class="btn btn-outline-success">
<i class="fas fa-pen-nib"></i>
</a>
@endif
</div>
<div class="col-sm-4">
<form action="{{ route('rolesDestroy', ['role' => $role->id]) }}" method='POST'>
@csrf
@method('DELETE')
@if ( $role->id < 5 )
<button type="submit" class="btn btn-outline-secondary">
@else
<button type="submit" class="btn btn-outline-danger">
@endif
<i class="fas fa-trash"></i>
</button>
</form>
</div>
@elseif ( Auth::user()->can( ['view_roles', 'edit_roles'], true ) )
<div class="col-sm-4">
<a href="{{ route('rolesShow', ['role' => $role->id]) }}" class="btn btn-outline-primary">
<i class="fas fa-eye"></i>
</a>
</div>
<div class="col-sm-4">
@if ( $role->id < 5 )
<button class="btn btn-outline-secondary"><i class="fas fa-pen-nib"></i></button>
@else
<a href="{{ route('rolesEdit', ['role' => $role->id]) }}" class="btn btn-outline-success">
<i class="fas fa-pen-nib"></i>
</a>
@endif
</div>
@elseif ( Auth::user()->can( 'view_roles' ) )
<div class="col-sm-4">
<a href="{{ route('rolesShow', ['role' => $role->id]) }}" class="btn btn-outline-primary">
<i class="fas fa-eye"></i>
</a>
</div>
@endif
</div>
</td>
</tr>
@endforeach
</table>
@permission('create_roles')
<br><a href="{{ route('rolesCreate') }}" class="btn btn-outline-primary"><h5>create new roles</h5></a>
@endpermission
@permission('view_permissions')
<h1 class="blue">List of Permissions:</h1>
@foreach($arr_all_role_permissions as $name_role => $arr_role_permissions)
<div class="row"><h5 class="blue">Permissions of the roles '{{ $name_role }}':</h5></div>
<table class="blue_table">
<tr>
<?php
foreach($permissions as $i => $permission) {
if ( empty( $permissions[$i-1] ) or $permissions[$i-1]['group'] !== $permission['group'] ) {
echo '</tr><tr><td>group: <strong>' . $permission['group'] . '</strong>
</td>';
}
echo '<td style="text-align: right;">' . $permission['name'] . ': </td>';
if ( in_array($permission['id'], $arr_role_permissions) ) {
echo '<td>1</td>';
} else {
echo '<td>0</td>';
}
}
?>
</tr>
</table><br>
@endforeach
@endpermission
</div>
@endsection
resources/views/roles/show.blade.php:
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
@extends('layouts.app')
@section('title')
show role
@endsection
@section('content')
<div class="container">
<h1>Show Role '{{ $role->name }}'</h1>
<h5 class="blue">Parameters of the role '{{ $role->name }}':</h5>
<div class="">
<span class="grey">name:</span> {{ $role->name }}
</div>
<div class="">
<span class="grey">display_name:</span> {{ $role->display_name }}
</div>
<div class="">
<span class="grey">description:</span> {{ $role->description }}
</div>
<br>
<h5 class="blue">Permissions for role '{{ $role->name }}':</h5>
<table class="blue_table">
<tr>
<?php
foreach($permissions as $i => $permission) {
if ( empty( $permissions[$i-1] ) or $permissions[$i-1]['group'] !== $permission['group'] ) {
echo '</tr><tr><td>group: <strong>' . $permission['group'] . '</strong>
</td>';
}
echo '<td style="text-align: right;">' . $permission['name'] . ': </td>';
if ( in_array($permission['id'], $arr_role_permissions) ) {
echo '<td>1</td>';
} else {
echo '<td>0</td>';
}
}
?>
</tr>
</table><br>
@permission('edit_roles')
<div class="row">
@if ( $role->id < 5 )
<button class="btn btn-outline-secondary col-sm-12">
<i class="fas fa-pen-nib"></i> edit role
</button>
@else
<a href="{{ route('rolesEdit', ['role' => $role->id]) }}" class="btn btn-outline-success col-sm-12">
<i class="fas fa-pen-nib"></i> edit role
</a>
@endif
</div>
@endpermission
<!-- <h5 class="blue">Users with role '{{ $role->name }}':</h5> -->
</div>
@endsection
resources/views/roles/edit.blade.php:
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
@extends('layouts.app')
@section('title')
edit role
@endsection
@section('content')
<div class="container">
<h1>Edit Role '{{ $role->name }}'</h1>
<form method="POST" action="{{ route('rolesUpdate', ['role' => $role->id]) }}">
@csrf
@method("PATCH")
<h5 class="blue">specify the parameters of the new role:</h5>
<div class="form-group">
<!-- <label for="name">name</label> -->
<input type="text" id="name" name="name" class="form-control" value="{{ old('name') ?? $role->name }}" required>
</div>
<div class="form-group">
<!-- <label for="display_name">display_name</label> -->
<input type="text" id="display_name" name="display_name" class="form-control" value="{{ old('display_name') ?? $role->display_name }}" required>
</div>
<div class="form-group">
<!-- <label for="description">description</label> -->
<input type="text" id="description" name="description" class="form-control" value="{{ old('description') ?? $role->description }}" required>
</div>
<h5 class="blue">select permissions for new role:</h5>
<table class="blue_table">
<tr>
<?php
foreach($permissions as $i => $permission) {
if ( empty( $permissions[$i-1] ) or $permissions[$i-1]['group'] !== $permission['group'] ) {
echo '</tr><tr><td>group: <strong>' . $permission['group'] . '</strong>
</td>';
}
echo '<td style="text-align: right;">' . $permission['name'] . ': </td>';
if ( in_array($permission['id'], $arr_role_permissions) ) {
echo '<td><input type="checkbox" name="' . $permission['name'] . '" checked></td>';
} else {
echo '<td><input type="checkbox" name="' . $permission['name'] . '"></td>';
}
}
?>
</tr>
</table><br>
<button type="submit" class="btn btn-primary form-control">edit role!</button>
</form>
</div>
@endsection
resources/views/roles/create.blade.php:
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
@extends('layouts.app')
@section('title')
create role
@endsection
@section('content')
<div class="container">
<h1>Create new role</h1>
<form method="POST" action="{{ route('rolesStore') }}">
@csrf
<h5 class="blue">specify the parameters of the new role:</h5>
<div class="form-group">
<!-- <label for="name">name</label> -->
<input type="text" id="name" name="name" class="form-control" placeholder="Name" value="{{ old('name') ?? 'name_new_roles' }}" required>
</div>
<div class="form-group">
<!-- <label for="display_name">display_name</label> -->
<input type="text" id="display_name" name="display_name" class="form-control" placeholder="display_name" value="{{ old('display_name') ?? 'Display Name New Roles' }}" required>
</div>
<div class="form-group">
<!-- <label for="description">description</label> -->
<input type="text" id="description" name="description" class="form-control" placeholder="description" value="{{ old('description') ?? 'Description New Roles' }}" required>
</div>
<h5 class="blue">select permissions for new role:</h5>
<table class="blue_table">
<tr>
<?php
foreach($permissions as $i => $permission) {
if ( empty( $permissions[$i-1] ) or $permissions[$i-1]['group'] !== $permission['group'] ) {
echo '</tr><tr><td>group: <strong>' . $permission['group'] . '</strong>
</td>';
}
echo '<td style="text-align: right;">' . $permission['name'] . ': </td><td><input type="checkbox" name="' . $permission['name'] . '"></td>';
}
?>
</tr>
</table><br>
<button type="submit" class="btn btn-primary form-control">Create new role!</button>
</form>
</div>
@endsection
05Правка раздела 'Товары'
resources/views/products/index.blade.php:
001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
032
033
034
035
036
037
038
039
040
041
042
043
044
045
046
047
048
049
050
051
052
053
054
055
056
057
058
059
060
061
062
063
064
065
066
067
068
069
070
071
072
073
074
075
076
077
078
079
080
081
082
083
084
085
086
087
088
089
090
091
092
093
094
095
096
097
098
099
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
032
033
034
035
036
037
038
039
040
041
042
043
044
045
046
047
048
049
050
051
052
053
054
055
056
057
058
059
060
061
062
063
064
065
066
067
068
069
070
071
072
073
074
075
076
077
078
079
080
081
082
083
084
085
086
087
088
089
090
091
092
093
094
095
096
097
098
099
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
@extends('layouts.app')
@section('title')
catalog
@endsection
@section('content')
<div class="container">
<h1>Products</h1>
<div class="row">
<!-- pagination block -->
@if($products->links())
<div class="row col-sm-12 pagination">{{ $products->links() }}</div>
@endif
@foreach($products as $product)
<div class="col-lg-4 product_card_bm">
<div class="card">
<h5><a href="{{ route('productsShow', ['product' => $product->id]) }}">{{ $product->name }}</a></h5>
<a href="{{ route('productsShow', ['product' => $product->id]) }}">
@if($product->image)
<div class="card-img-top b_image" style="background-image: url({{ asset('storage') }}/images/products/{{$product->id}}/{{$product->image}});">
@else
<div class="card-img-top b_image" style="background-image: url({{ asset('storage') }}/images/default/no-img.jpg);">
@endif
<div class="dummy"></div><div class="element"></div>
</div>
</a>
<div class="card-body">
<p class="card-text col-sm-12">
<span class="grey">
@if($product->price)
price: {{ $product->price }} ₽
@else
priceless
@endif
</span><br>
</p>
<div class="row product_buttons center">
@guest
<div class="col-sm-6">
<a href="{{ route('productsShow', ['product' => $product->id]) }}" class="btn btn-outline-primary">
<i class="fas fa-eye"></i> view
</a>
</div>
<div class="col-sm-6">
<a href="#" class="btn btn-outline-success">
<i class="fas fa-shopping-cart"></i> buy now
</a>
</div>
@else
@if ( Auth::user()->can( ['view_products', 'edit_products', 'delete_products'], true ) )
<div class="col-sm-4">
<a href="{{ route('productsShow', ['product' => $product->id]) }}" class="btn btn-outline-primary">
<i class="fas fa-eye"></i>
</a>
</div>
<div class="col-sm-4">
<a href="{{ route('productsEdit', ['product' => $product->id]) }}" class="btn btn-outline-success">
<i class="fas fa-pen-nib"></i>
</a>
</div>
<div class="col-sm-4">
<!-- form delete product -->
<form action="{{ route('productsDestroy', ['product' => $product->id]) }}" method='POST'>
@csrf
@method('DELETE')
<button type="submit" class="btn btn-outline-danger">
<i class="fas fa-trash"></i>
</button>
</form>
</div>
@elseif ( Auth::user()->can( ['view_products', 'edit_products'], true ) )
<div class="col-sm-6">
<a href="{{ route('productsShow', ['product' => $product->id]) }}" class="btn btn-outline-primary">
<i class="fas fa-eye"></i>
</a>
</div>
<div class="col-sm-6">
<a href="{{ route('productsEdit', ['product' => $product->id]) }}" class="btn btn-outline-success">
<i class="fas fa-pen-nib"></i>
</a>
</div>
@elseif ( Auth::user()->can( 'view_products' ) )
<div class="col-sm-6">
<a href="{{ route('productsShow', ['product' => $product->id]) }}" class="btn btn-outline-primary">
<i class="fas fa-eye"></i> view
</a>
</div>
<div class="col-sm-6">
<a href="#" class="btn btn-outline-success">
<i class="fas fa-shopping-cart"></i> buy now
</a>
</div>
@endif
@endguest
</div>
</div>
</div>
</div>
@endforeach
<!-- pagination block -->
@if($products->links())
<div class="row col-sm-12 pagination">{{ $products->links() }}</div>
@endif
</div>
</div>
@endsection
resources/views/products/show.blade.php:
001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
032
033
034
035
036
037
038
039
040
041
042
043
044
045
046
047
048
049
050
051
052
053
054
055
056
057
058
059
060
061
062
063
064
065
066
067
068
069
070
071
072
073
074
075
076
077
078
079
080
081
082
083
084
085
086
087
088
089
090
091
092
093
094
095
096
097
098
099
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
032
033
034
035
036
037
038
039
040
041
042
043
044
045
046
047
048
049
050
051
052
053
054
055
056
057
058
059
060
061
062
063
064
065
066
067
068
069
070
071
072
073
074
075
076
077
078
079
080
081
082
083
084
085
086
087
088
089
090
091
092
093
094
095
096
097
098
099
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
@extends('layouts.app')
@section('title')
{{ $product->name }}
@endsection
@section('content')
<div class="container">
<h1>{{ $product->name }}</h1>
<!-- product -->
<div class="row">
<div class="col-md-4 wrap_b_image">
@if($product->image)
<div class="card-img-top b_image" style="background-image: url({{ asset('storage') }}/images/products/{{$product->id}}/{{$product->image}});">
@else
<div class="card-img-top b_image" style="background-image: url({{ asset('storage') }}/images/default/no-img.jpg);">
@endif
<div class="dummy"></div><div class="element"></div>
</div>
</div>
<div class="col-md-8">
<h2>specification product</h2>
<span class="grey">manufacturer: </span>{{ $product->manufacturer }}<br>
<span class="grey">materials: </span>{{ $product->materials }}<br>
<span class="grey">year_manufacture: </span>{{ $product->year_manufacture }}<br>
<span class="grey">артикул: </span>{{ $product->id }}<br>
@if($product->price)
<span class="grey">price: </span>{{ $product->price }} ₽<br>
@else
<span class="grey">priceless</span><br>
@endif
@permission('edit_products')
<!-- created_at -->
<span class="grey">добавлен: </span>{{ $product->added_by_user_id }}<br>
<span class="grey">дата добавления: </span>{{ $product->created_at }}<br>
@if($product->updated_at != $product->created_at)
<!-- updated_at -->
<span class="grey">обновлен: </span>{{ $product->edited_by_user_id }}<br>
<span class="grey">дата обновления: </span>{{ $product->updated_at }}<br>
@endif
@endpermission
{{-- <div class="product_buttons">
<div class="col-sm-4">
<a href="#" class="btn btn-outline-primary">
<i class="fas fa-shopping-cart"></i> buy now
</a>
</div>
@permission('edit_products')
<div class="col-sm-4">
<a href="{{ route('productsEdit', ['product' => $product->id]) }}" class="btn btn-outline-success">
<i class="fas fa-pen-nib"></i> edit
</a>
</div>
@endpermission
@permission('delete_products')
<div class="col-sm-4">
<!-- form delete product -->
<form action="{{ route('productsDestroy', ['product' => $product->id]) }}" method='POST'>
@csrf
@method('DELETE')
<button type="submit" class="btn btn-outline-danger">
<i class="fas fa-trash"></i> delete
</button>
</form>
</div>
@endpermission
</div> --}}
<div class="row product_buttons">
@guest
<div class="col-sm-12 padding_left_0">
<a href="#" class="btn btn-outline-success">
<i class="fas fa-shopping-cart"></i> buy now
</a>
</div>
@else
@if ( Auth::user()->can( ['view_products', 'edit_products', 'delete_products'], true ) )
<div class="col-sm-6 padding_left_0">
<a href="{{ route('productsEdit', ['product' => $product->id]) }}" class="btn btn-outline-success">
<i class="fas fa-pen-nib"></i> edit
</a>
</div>
<div class="col-sm-6">
<!-- form delete product -->
<form action="{{ route('productsDestroy', ['product' => $product->id]) }}" method='POST'>
@csrf
@method('DELETE')
<button type="submit" class="btn btn-outline-danger">
<i class="fas fa-trash"></i> delete
</button>
</form>
</div>
@elseif ( Auth::user()->can( ['view_products', 'edit_products'], true ) )
<div class="col-sm-12 padding_left_0">
<a href="{{ route('productsEdit', ['product' => $product->id]) }}" class="btn btn-outline-success">
<i class="fas fa-pen-nib"></i> edit
</a>
</div>
@elseif ( Auth::user()->can( 'view_products' ) )
<div class="col-sm-12 padding_left_0">
<a href="#" class="btn btn-outline-success">
<i class="fas fa-shopping-cart"></i> buy now
</a>
</div>
@endif
@endguest
</div>
</div>
</div><br>
<div class="row">
<div class="col-md-12">
<h2>description {{ $product->name }}</h2>
<p>{{ $product->description }}</p>
</div>
</div>
<!-- /product -->
<!-- comments -->
<div class="row">
<div class="col-md-12">
<h2>comments for {{ $product->name }}</h2>
@if($product->comments->count())
<ul class='content list-group'>
@foreach ($product->comments as $comment)
<li class="list-group-item" id="comment_{{ $comment->id }}" >
<div class="comment_header">
@if($comment->user_id == 0)
Guest {{ $comment->user_name }}
@else
{{ $comment->user_name }}
@endif
<!-- created_at/updated_at -->
@if($comment->updated_at == $comment->created_at)
wrote {{ $comment->created_at }}:
@else
wrote {{ $comment->created_at }} (edited: {{ $comment->updated_at }}):
@endif
<div class="comment_buttons">
<div class="comment_num">#{{ $comment->id }}</div>
<?php if ( (Auth::user() and Auth::user()->can('create_products') or Auth::user() and Auth::user()->id == $comment->user_id )) { ?>
<!-- button edit -->
<button type="button" class="btn btn-outline-success edit" data-toggle="collapse"
data-target="#collapse_{{ $comment->id }}" aria-expanded="false" aria-controls="coll"
>
<i class="fas fa-pen-nib"></i>
</button>
<?php } ?>
@permission('delete_comments')
<!-- delete comment -->
<form action="{{ route('commentsDestroy', ['comment' => $comment->id]) }}" method="POST">
@csrf
@method('DELETE')
<button type="submit" class="btn btn-outline-danger"><i class="fas fa-trash"></i></button>
</form>
@endpermission
</div>
</div>
<div class="comment_str">{{$comment->comment_string}}</div>
<?php if ( (Auth::user() and Auth::user()->can('create_products') or Auth::user() and Auth::user()->id == $comment->user_id )) { ?>
<!-- form edit -->
<form action="/comments/{{ $comment->id }}" method="POST" class="collapse" id="collapse_{{ $comment->id }}">
@method("PATCH")
@csrf
<textarea id="comment_string_{{ $comment->id }}" name="comment_string"
cols="30" rows="4" class="form-control card" placeholder="Add a comment">{{$comment->comment_string}}</textarea>
<button type="submit" class="btn btn-success">edit comment</button>
</form>
<?php } ?>
</li>
@endforeach
</ul>
@else
<p class="grey">no comments for this product.</p>
@endif
</div>
</div>
<!-- /comments -->
<!-- comment on -->
<div class="row">
<div class="col-md-12">
<h2>leave your comment</h2>
<form method="POST" action="/products/{{ $product->id }}/comments">
@csrf
@auth
@else
<div class="form-group">
<!-- <label for="user_name">Your name</label> -->
<input type="text" id="user_name" name="user_name" class="form-control" placeholder="Your name" value="{{ old('user_name') }}" required>
</div>
@endauth
<div class="form-group">
<!-- <label for="comment_string">Add a comment</label> -->
<textarea id="comment_string" name="comment_string" cols="30" rows="4" class="form-control" placeholder="Add a your comment" required>{{ old('comment_string') }}</textarea>
</div>
<button type="submit" class="btn btn-primary">comment on</button>
</form>
</div>
</div>
<!-- /comment on -->
</div>
@endsection
resources/views/products/create.blade.php:
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
@extends('layouts.app')
@section('title')
Creating new product
@endsection
@section('content')
<div class="container">
<div class="row justify-content-center">
<h1>Creating new product</h1>
</div>
<div class="row">
<div class="col-sm-12 product_card_bm">
<div class="card">
<form method="POST" action="{{ route('productsStore') }}" enctype="multipart/form-data">
@csrf
<div class="form-group">
<!-- <input type="file" id="image" name="image" accept="image/png, image/jpeg, jpg, pdf"> -->
<input type="file" name="image" accept=".jpg, .jpeg, .png" value="{{ old('image') }}">
</div>
<div class="form-group">
<!-- <label for="name">name</label> -->
<input type="text" id="name" name="name" class="form-control" placeholder="Name Product" value="{{ old('name') }}" required>
</div>
<div class="form-group">
<!-- <label for="manufacturer">manufacturer</label> -->
<input type="text" id="manufacturer" name="manufacturer" class="form-control" placeholder="manufacturer" value="{{ old('manufacturer') }}">
</div>
<div class="form-group">
<!-- <label for="materials">materials</label> -->
<input type="text" id="materials" name="materials" class="form-control" placeholder="materials" value="{{ old('materials') }}">
</div>
<div class="form-group">
<!-- <label for="year_manufacture">year_manufacture</label> -->
<input type="number" id="year_manufacture" name="year_manufacture" class="form-control" placeholder="year_manufacture" value="{{ old('year_manufacture') }}">
</div>
<div class="form-group">
<!-- <label for="price">price</label> -->
<input type="number" id="price" name="price" class="form-control" placeholder="price" value="{{ old('price') }}">
</div>
<!-- <input type="hidden" name="added_by_user_id" value=""> -->
<div class="form-group">
<!-- <label for="description">Add a comment</label> -->
<textarea id="description" name="description" cols="30" rows="10" class="form-control" placeholder="description">{{ old('description') }}</textarea>
</div>
<button type="submit" class="btn btn-primary form-control">Create new product!</button>
</form>
</div>
</div>
</div>
</div>
@endsection
07Добавление комментариев к товарам с помощью factories CommentFactory
Ранее была создана фабрика для производства комментариев. Пора её задействовать.
database/factories/CommentFactory.php:
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
<?php
/* @var $factory \Illuminate\Database\Eloquent\Factory */
use App\Comment;
use Faker\Generator as Faker;
$factory->define(Comment::class, function (Faker $faker) {
$created_at = $faker->dateTimeBetween('-1 months', '-1 days');
$updated_at = rand(1, 9) < 8 ? $created_at : $faker->dateTimeBetween($created_at, 'now');
return [
'product_id' => rand(1, 24),
'user_id' => 0,
'user_name' => $faker->name,
// 'comment_string' => $faker->sentense(rand(5, 9), true),
'comment_string' => $faker->realText(rand(300, 900)),
'created_at' => $created_at,
'updated_at' => $updated_at,
];
});
database/seeds/DatabaseSeeder.php:
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
<?php
use Illuminate\Database\Seeder;
class DatabaseSeeder extends Seeder
{
/**
* Seed the application's database.
*
* @return void
*/
public function run()
{
$this->call([
ProductsTableSeeder::class,
UsersTableSeeder::class,
// Zizaco/entrust
RolesTableSeeder::class,
PermissionsTableSeeder::class,
RoleUserTableSeeder::class,
PermissionRoleTableSeeder::class,
]);
factory(App\Comment::class, 250)->create(); // upd
}
}
Капустин Яков (2019.05.19 22:46)