security fix and fix parent pages
API CI/CD / Validate (composer + pint) (push) Successful in 3m7s
API CI/CD / Test (PHPUnit) (push) Failing after 5m46s
API CI/CD / Build frontend assets (push) Successful in 1m2s
API CI/CD / Security audit (push) Failing after 49s
API CI/CD / Deploy to shared hosting (PHP) (push) Has been skipped
API CI/CD / Validate (composer + pint) (push) Successful in 3m7s
API CI/CD / Test (PHPUnit) (push) Failing after 5m46s
API CI/CD / Build frontend assets (push) Successful in 1m2s
API CI/CD / Security audit (push) Failing after 49s
API CI/CD / Deploy to shared hosting (PHP) (push) Has been skipped
This commit is contained in:
@@ -5,6 +5,8 @@ namespace App\Policies;
|
||||
use App\Models\ClassProgressReport;
|
||||
use App\Models\TeacherClass;
|
||||
use App\Models\User;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use Illuminate\Support\Facades\Schema;
|
||||
|
||||
class ClassProgressReportPolicy
|
||||
{
|
||||
@@ -19,7 +21,9 @@ class ClassProgressReportPolicy
|
||||
return true;
|
||||
}
|
||||
|
||||
return $this->isAuthor($user, $report) || $this->teachesSection($user, $report);
|
||||
return $this->isAuthor($user, $report)
|
||||
|| $this->teachesSection($user, $report)
|
||||
|| $this->parentHasEnrolledSection($user, $report);
|
||||
}
|
||||
|
||||
public function create(User $user): bool
|
||||
@@ -67,4 +71,34 @@ class ClassProgressReportPolicy
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
private function parentHasEnrolledSection(User $user, ClassProgressReport $report): bool
|
||||
{
|
||||
if (! Schema::hasTable('enrollments')) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$parentId = (int) (request()?->attributes?->get('primary_parent_id') ?? 0);
|
||||
if ($parentId <= 0) {
|
||||
if (! $this->isParent($user)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$parentId = (int) $user->id;
|
||||
}
|
||||
|
||||
return DB::table('enrollments')
|
||||
->where('parent_id', $parentId)
|
||||
->where('class_section_id', (int) $report->class_section_id)
|
||||
->where('is_withdrawn', 0)
|
||||
->exists();
|
||||
}
|
||||
|
||||
private function isParent(User $user): bool
|
||||
{
|
||||
return $user->roles()
|
||||
->pluck('roles.name')
|
||||
->map(fn ($name) => strtolower((string) $name))
|
||||
->contains('parent');
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user