Merge pull request #267 from dbarzin/dev

Controls for auditor
dbarzin · Feb 9, 2025 · ec96055 · ec96055
2 parents 002baea + 9f4e3f8
commit ec96055
Show file tree

Hide file tree

Showing 6 changed files with 64 additions and 39 deletions.
diff --git a/app/Http/Controllers/ControlController.php b/app/Http/Controllers/ControlController.php
@@ -1111,7 +1111,7 @@ public function unplan(Request $request)
     {
         // For administrators and users only
         abort_if(
-            Auth::User()->role !== 1 && Auth::User()->rol !== 2,
+            Auth::User()->role !== 1 && Auth::User()->role !== 2,
             Response::HTTP_FORBIDDEN,
             '403 Forbidden'
         );
@@ -1188,18 +1188,18 @@ public function doPlan(Request $request)
 
     public function make(Request $request)
     {
-        // Not for auditor and API
+        // Not for API
         abort_if(
-            Auth::User()->role === 3 || Auth::User()->role === 4,
+            Auth::User()->role === 4,
             Response::HTTP_FORBIDDEN,
             '403 Forbidden'
         );
 
         $id = (int) request('id');
 
-        // for aditee only if he is assigne to that control
+        // for (aditee or auditor) only if he is assigne to that control
         abort_if(
-            Auth::User()->role === 5 &&
+            ((Auth::User()->role === 3) || (Auth::User()->role === 5)) &&
                 ! DB::table('control_user')
                     ->where('user_id', Auth::User()->id)
                     ->where('control_id', $id)
@@ -1256,20 +1256,17 @@ public function make(Request $request)
      */
     public function doMake(Request $request)
     {
-        // Only for admin, user and auditee
-        abort_if(
-            ! (Auth::User()->role === 1 ||
-                Auth::User()->role === 2 ||
-                Auth::User()->role === 5),
+        // Not for API
+        abort_if(Auth::User()->role === 4,
             Response::HTTP_FORBIDDEN,
             '403 Forbidden'
         );
 
         $id = (int) request('id');
 
-        // for aditee only if he is assigne to that control
+        // for (aditee or auditor) only if he is assigne to that control
         abort_if(
-            Auth::User()->role === 5 &&
+            ((Auth::User()->role === 3)||(Auth::User()->role === 5)) &&
                 ! DB::table('control_user')
                     ->where('user_id', Auth::User()->id)
                     ->where('control_id', $id)
@@ -1448,9 +1445,9 @@ public function save(Request $request)
      */
     public function draft(Request $request)
     {
-        // Not for API and Auditor
+        // Not for API
         abort_if(
-            Auth::User()->role === 3 || Auth::User()->role === 4,
+            Auth::User()->role === 4,
             Response::HTTP_FORBIDDEN,
             '403 Forbidden'
         );
@@ -1459,7 +1456,7 @@ public function draft(Request $request)
 
         // for aditee only if he is assigned to that control
         abort_if(
-            Auth::User()->role === 5 &&
+            ((Auth::User()->role === 3)||(Auth::User()->role === 5)) &&
                 ! DB::table('control_user')
                     ->where('user_id', Auth::User()->id)
                     ->where('control_id', $id)
@@ -1638,23 +1635,32 @@ public function export()
 
     public function template()
     {
-        // For administrators and users only
+        // Not for API
         abort_if(
-            Auth::User()->role !== 1 &&
-                Auth::User()->rol !== 2 &&
-                Auth::User()->role !== 5,
+            Auth::User()->role === 4,
             Response::HTTP_FORBIDDEN,
             '403 Forbidden'
         );
 
         $id = (int) request('id');
 
-        // find associate measurement
+        // find associate control
         $control = Control::find($id);
 
         // Control not found
         abort_if($control === null, Response::HTTP_NOT_FOUND, '404 Not Found');
 
+        // for (aditee or auditor) only if he is assigne to that control
+        abort_if(
+            ((Auth::User()->role === 3)||(Auth::User()->role === 5)) &&
+                ! DB::table('control_user')
+                    ->where('user_id', Auth::User()->id)
+                    ->where('control_id', $id)
+                    ->exists(),
+            Response::HTTP_FORBIDDEN,
+            '403 Forbidden'
+        );
+
         // Get template file
         $template_filename = storage_path('app/models/control_.docx');
         if (! file_exists($template_filename)) {

diff --git a/app/Models/Control.php b/app/Models/Control.php
@@ -4,6 +4,7 @@
 
 use App\Traits\Auditable;
 use Illuminate\Database\Eloquent\Model;
+use Illuminate\Support\Facades\Auth;
 
 class Control extends Model
 {
@@ -54,12 +55,33 @@ public function actionPlan()
         return DB::table('actions')->select('id')->where("control_id",'=',$this->id)->get();
     }
 
+    private $owners = null;
+
     public function owners()
     {
-        return $this->belongsToMany(User::class, 'control_user', 'control_id')->orderBy('name');
+        if ($this->owners === null)
+            $this->owners = $this->belongsToMany(User::class, 'control_user', 'control_id')->orderBy('name');
+        return $this->owners;
+    }
+
+    public function canMake() {
+        if ($this->status !== 0)
+            return false;
+
+        // user or admin
+        if ((Auth::User()->role===1)||(Auth::User()->role===2))
+            return true;
+
+        // auditor or auditee
+        if ((Auth::User()->role === 3) || (Auth::User()->role === 5))
+            foreach($this->owners()->get() as $owner)
+                if ($owner->id===Auth::User()->id)
+                    return true;
+
+        return false;
     }
 
-    public static function clauses(int $id)
+    public function clauses(int $id)
     {
         return DB::table('measures')
             ->select('measure_id', 'clause')

diff --git a/app/Models/User.php b/app/Models/User.php
@@ -22,6 +22,14 @@ class User extends Authenticatable
         'login', 'name', 'email', 'password', 'title', 'role', 'language',
     ];
 
+    /* Roles :
+        1 - Admin
+        2 - User
+        3 - Auditor
+        4 - API
+        5 - Auditee
+    */
+
     /**
      * The attributes that should be hidden for arrays.
      *

diff --git a/resources/views/controls/make.blade.php b/resources/views/controls/make.blade.php
@@ -232,7 +232,7 @@
 			<div class="grid">
 		    	<div class="row-12">
                     @if ($control->status===0)
-                        @if ((Auth::User()->role === 1)||(Auth::User()->role === 2)||(Auth::User()->role === 5))
+                        @if ($control->canMake())
     					<button type="submit" class="button success">
     						<span class="mif-done"></span>
     						&nbsp;
@@ -257,11 +257,7 @@
     					&nbsp;
                         @endif
                     @endif
-                    @if (
-                        (Auth::User()->role === 1)||
-                        (Auth::User()->role === 2)||
-                        ((Auth::User()->role === 5) && ($control->status===0))
-                        )
+                    @if ($control->canMake())
     					<button type="submit" class="button primary" onclick='this.form.action="/bob/draft"'>
     			            <span class="mif-floppy-disk"></span>
     			            &nbsp;

diff --git a/resources/views/controls/show.blade.php b/resources/views/controls/show.blade.php
@@ -221,9 +221,9 @@
 	    		<strong>{{ trans('cruds.control.fields.owners') }}</strong>
 	    	</div>
 			<div class="cell">
-				@foreach($control->owners as $owner)
+                @foreach($control->owners as $owner)
 					{{ $owner->name }}
-					@if ($control->owners->last()!=$owner)
+                    @if ($control->owners->last()!=$owner)
 					,
 					@endif
 				@endforeach
@@ -234,14 +234,7 @@
    	<div class="row">
    		<div class="cell-7">
 
-            @if (
-                    ($control->status===0) &&
-                    (
-                        (Auth::User()->role===1)||
-                        (Auth::User()->role===2)||
-                        (Auth::User()->role===5)
-                    )
-                )
+            @if ($control->canMake())
 			    <form action="/bob/make/{{ $control->id }}">
 		    		<button class="button success">
 						<span class="mif-assignment"></span>

diff --git a/resources/views/users/index.blade.php b/resources/views/users/index.blade.php
@@ -65,7 +65,7 @@
 			    <tbody>
 			@foreach($users as $user)
 				<tr>
-					<td><a href="/users/{{ $user->id}}">{{ $user->login==null ? "N/A" : $user->login }}</a></td>
+                    <td><a id="{{$user->login}}" href="/users/{{ $user->id}}">{{ $user->login==null ? "N/A" : $user->login }}</a></td>
 					<td>{{ $user->name }}</td>
                     <td>
                     {{ $user->role==1 ? trans('cruds.user.roles.admin') : "" }}
-Original file line number
+Diff line change
@@ Expand Up / @@ -22,6 +22,14 @@ class User extends Authenticatable @@
             'login', 'name', 'email', 'password', 'title', 'role', 'language',
         ];
+        /* Roles :
+- Admin
+- User
+- Auditor
+- API
+- Auditee
+        */
         /**
          * The attributes that should be hidden for arrays.
          *
@@ Expand Down @@