Merge pull request #107 from ledgerleapllc/staging

Sync staging to master

.gitignore

@@ -5,6 +5,7 @@
 /vendor
 .env
 .env.backup
+.env.testing
 .phpunit.result.cache
 docker-compose.override.yml
 Homestead.json

app/Console/Helper.php

@@ -22,6 +22,20 @@
 
 class Helper
 {
+	public static function isAccessBlocked($user, $page) {
+		if ($user->role == 'admin') return false;
+		$flag = false;
+		if (isset($user->pagePermissions) && $user->pagePermissions) {
+			foreach ($user->pagePermissions as $item) {
+				if ($item->name == $page && !$item->is_permission) {
+					$flag = true;
+					break;
+				}
+			}
+		}
+		return $flag;
+	}
+
 	public static function publicKeyToAccountHash($public_key)
 	{
 		$public_key = (string)$public_key;

app/Http/Controllers/Api/V1/AdminController.php

@@ -99,7 +99,7 @@ public function getUserDetail($id)
         $user = User::where('id', $id)->first();
         if (!$user || $user->role == 'admin')
             return $this->errorResponse(__('api.error.not_found'), Response::HTTP_NOT_FOUND);
-        $user = $user->load(['profile', 'shuftipro', 'shuftiproTemp']);
+        $user = $user->load(['pagePermissions', 'profile', 'shuftipro', 'shuftiproTemp']);
 
         $status = 'Not Verified';
         if ($user->profile && $user->profile->status == 'approved') {

app/Http/Controllers/Api/V1/BlockAccessController.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace App\Http\Controllers\Api\V1;
+
+use App\Http\Controllers\Controller;
+use Illuminate\Http\Request;
+use App\Models\PagePermission;
+
+class BlockAccessController extends Controller
+{
+    public function updateBlockAccess(Request $request) {
+        $params = $request->all();
+        $userId = (int) data_get($params, 'userId', 0);
+        $name = data_get($params, 'name');
+        $blocked = (int) data_get($params, 'blocked', 0);
+        if ($userId && $name) {
+            $permission = PagePermission::where('user_id', $userId)->where('name', $name)->first();
+            if (!$permission) $permission = new PagePermission;
+            $permission->user_id = $userId;
+            $permission->name = $name;
+            $permission->is_permission = 1 - $blocked;
+            $permission->save();
+            return $this->successResponse($permission);
+        }
+        return $this->metaSuccess();
+    }
+}

app/Http/Controllers/Api/V1/DiscussionController.php

@@ -2,6 +2,8 @@
 
 namespace App\Http\Controllers\Api\V1;
 
+use App\Console\Helper;
+
 use App\Http\Controllers\Controller;
 
 use Illuminate\Http\Request;
@@ -33,7 +35,6 @@ class DiscussionController extends Controller
     private $discussionCommentRepo;
     private $discussionRemoveNewRepo;
 
-
     public function __construct(
         UserRepository $userRepo,
         DiscussionRepository $discussionRepo,
@@ -52,8 +53,11 @@ public function __construct(
 
     public function getTrending(Request $request)
     {
+        $user = auth()->user()->load(['pagePermissions']);
+        if (Helper::isAccessBlocked($user, 'discussions'))
+            return $this->successResponse(['data' => []]);
+
         $limit = $request->limit ?? 50;
-        $user = auth()->user();
         $trendings = Discussion::where('likes', '!=', 0)->where('is_draft', 0)->take(9)->orderBy('likes', 'desc')->paginate($limit);
         $count = Discussion::where('likes', '!=', 0)->where('is_draft', 0)->orderBy('likes', 'desc')->count();
         if ($count >= 9) {
@@ -66,10 +70,9 @@ public function getTrending(Request $request)
                 // ->whereNotIn('id', $removed_ids)
                 ->where('is_draft', 0)
                 ->take($remains)->orderBy('id', 'desc')->get();
-            $trendingArray = $trendings->toArray() ;
+            $trendingArray = $trendings->toArray();
             $trendingArray['data'] = array_merge($trendingArray['data'], $news->toArray());
-
-            return $this->successResponse( [
+            return $this->successResponse([
                 'data' => $trendingArray['data']
             ]);
         }
@@ -78,9 +81,12 @@ public function getTrending(Request $request)
     // Get Discussions
     public function getDiscussions(Request $request)
     {
+        $user = auth()->user()->load(['pagePermissions']);
+        if (Helper::isAccessBlocked($user, 'discussions'))
+            return $this->successResponse(['data' => []]);
+
         $data = array();
         $limit = $request->limit ?? 50;
-        $user = auth()->user();
         $data = Discussion::with(['user', 'user.profile'])->where('discussions.is_draft', 0)
             ->leftJoin('discussion_pins', function ($query) use ($user) {
                 $query->on('discussion_pins.discussion_id', '=', 'discussions.id')
@@ -102,8 +108,11 @@ public function getDiscussions(Request $request)
 
     public function getPinnedDiscussions(Request $request)
     {
+        $user = auth()->user()->load(['pagePermissions']);
+        if (Helper::isAccessBlocked($user, 'discussions'))
+            return $this->successResponse(['data' => []]);
+
         $limit = $request->limit ?? 50;
-        $user = auth()->user();
         $data = DiscussionPin::where('discussion_pins.user_id', $user->id)->with('user')
             ->join('discussions', 'discussions.id', '=', 'discussion_pins.discussion_id')
             ->leftJoin('discussion_votes', function ($query) use ($user) {
@@ -121,8 +130,11 @@ public function getPinnedDiscussions(Request $request)
 
     public function getMyDiscussions(Request $request)
     {
+        $user = auth()->user()->load(['pagePermissions']);
+        if (Helper::isAccessBlocked($user, 'discussions'))
+            return $this->successResponse(['data' => []]);
+
         $limit = $request->limit ?? 50;
-        $user = auth()->user();
         $data = Discussion::with(['user', 'user.profile'])->where('discussions.is_draft', 0)
             ->where('discussions.user_id', $user->id)
             ->leftJoin('discussion_pins', function ($query) use ($user) {
@@ -139,13 +151,15 @@ public function getMyDiscussions(Request $request)
                 'discussion_votes.id as is_vote',
                 'discussion_votes.is_like as is_like',
             ])->orderBy('discussions.created_at', 'DESC')->paginate($limit);
-
         return $this->successResponse($data);
     }
 
     public function getDiscussion(Request $request, $id)
     {
-        $user = auth()->user();
+        $user = auth()->user()->load(['pagePermissions']);
+        if (Helper::isAccessBlocked($user, 'discussions'))
+            return $this->errorResponse('Your access is blocked', Response::HTTP_BAD_REQUEST);
+
         $discussion = Discussion::with(['user', 'user.profile'])
             ->where('discussions.id', $id)
             ->leftJoin('discussion_pins', function ($query) use ($user) {
@@ -171,6 +185,10 @@ public function getDiscussion(Request $request, $id)
     }
 
     public function updateDiscussion($id, Request $request) {
+        $user = auth()->user()->load(['pagePermissions']);
+        if (Helper::isAccessBlocked($user, 'discussions'))
+            return $this->errorResponse('Your access is blocked', Response::HTTP_BAD_REQUEST);
+
         $validator = Validator::make($request->all(), [
             'title' => 'required',
             'description' => 'required',
@@ -179,7 +197,6 @@ public function updateDiscussion($id, Request $request) {
             return $this->validateResponse($validator->errors());
         }
 
-        $user = auth()->user();
         $discussion = $this->discussionRepo->update($id, [
             "title" => $request->title,
             "description" => $request->description,
@@ -190,6 +207,10 @@ public function updateDiscussion($id, Request $request) {
 
     public function postDiscussion(Request $request)
     {
+        $user = auth()->user()->load(['pagePermissions']);
+        if (Helper::isAccessBlocked($user, 'discussions'))
+            return $this->errorResponse('Your access is blocked', Response::HTTP_BAD_REQUEST);
+
         $validator = Validator::make($request->all(), [
             'title' => 'required',
             'description' => 'required',
@@ -199,7 +220,6 @@ public function postDiscussion(Request $request)
             return $this->validateResponse($validator->errors());
         }
 
-        $user = auth()->user();
         $discussion = $this->discussionRepo->create([
             "title" => $request->title,
             "description" => $request->description,
@@ -212,6 +232,10 @@ public function postDiscussion(Request $request)
 
     public function publishDraftDiscussion($id)
     {
+        $user = auth()->user()->load(['pagePermissions']);
+        if (Helper::isAccessBlocked($user, 'discussions'))
+            return $this->errorResponse('Your access is blocked', Response::HTTP_BAD_REQUEST);
+
         $discussion = Discussion::where('id', $id)->where('is_draft', 1)->first();
         if($discussion) {
             $discussion->is_draft = 0;
@@ -222,8 +246,11 @@ public function publishDraftDiscussion($id)
 
     public function createComment(Request $request, $id)
     {
+        $user = auth()->user()->load(['pagePermissions']);
+        if (Helper::isAccessBlocked($user, 'discussions'))
+            return $this->errorResponse('Your access is blocked', Response::HTTP_BAD_REQUEST);
+
         $data = array();
-        $user = auth()->user();
         $validator = Validator::make($request->all(), [
             'description' => 'required'
         ]);
@@ -239,8 +266,10 @@ public function createComment(Request $request, $id)
 
         $data['comment'] = $this->discussionCommentRepo->create($model_data);
         $discussion = $this->discussionRepo->find($id);
-        $discussion->comments = $discussion->comments + 1;
-        $discussion->save();
+        if ($discussion) {
+            $discussion->comments = $discussion->comments + 1;
+            $discussion->save();
+        }
 
         $data['comment']['user'] = $user;
 
@@ -249,8 +278,11 @@ public function createComment(Request $request, $id)
 
     public function updateComment(Request $request, $id)
     {
+        $user = auth()->user()->load(['pagePermissions']);
+        if (Helper::isAccessBlocked($user, 'discussions'))
+            return $this->errorResponse('Your access is blocked', Response::HTTP_BAD_REQUEST);
+
         $data = array();
-        $user = auth()->user();
         $validator = Validator::make($request->all(), [
             'description' => 'required',
             'comment_id' => 'required'
@@ -269,8 +301,11 @@ public function updateComment(Request $request, $id)
 
     public function setVote(Request $request, $id)
     {
+        $user = auth()->user()->load(['pagePermissions']);
+        if (Helper::isAccessBlocked($user, 'discussions'))
+            return $this->errorResponse('Your access is blocked', Response::HTTP_BAD_REQUEST);
+
         $data = array();
-        $user = auth()->user();
         $validator = Validator::make($request->all(), [
             'is_like' => 'required|boolean'
         ]);
@@ -322,8 +357,11 @@ public function setVote(Request $request, $id)
 
     public function setPin(Request $request, $id)
     {
+        $user = auth()->user()->load(['pagePermissions']);
+        if (Helper::isAccessBlocked($user, 'discussions'))
+            return $this->errorResponse('Your access is blocked', Response::HTTP_BAD_REQUEST);
+
         $data = array();
-        $user = auth()->user();
         $pinned = $this->discussionPinRepo->first(['discussion_id' => $id, 'user_id' => $user->id]);
         if ($pinned == null) {
             $this->discussionPinRepo->create(['discussion_id' => $id, 'user_id' => $user->id]);
@@ -335,7 +373,10 @@ public function setPin(Request $request, $id)
 
     public function removeNewMark(Request $request, $id)
     {
-        $user = auth()->user();
+        $user = auth()->user()->load(['pagePermissions']);
+        if (Helper::isAccessBlocked($user, 'discussions'))
+            return $this->errorResponse('Your access is blocked', Response::HTTP_BAD_REQUEST);
+
         $this->discussionRemoveNewRepo->deleteConditions([['created_at', '<=',  Carbon::now()->subDays(3)]]);
         $this->discussionRemoveNewRepo->create(['discussion_id' => $id, 'user_id' => $user->id]);
 
@@ -344,8 +385,11 @@ public function removeNewMark(Request $request, $id)
 
     public function getComment(Request $request, $id)
     {
+        $user = auth()->user()->load(['pagePermissions']);
+        if (Helper::isAccessBlocked($user, 'discussions'))
+            return $this->successResponse(['data' => []]);
+
         $limit = $request->limit ?? 50;
-        $user = auth()->user();
         $data = DiscussionComment::with(['user', 'user.profile'])
             ->where('discussion_comments.discussion_id', $id)
             ->select([
@@ -357,8 +401,11 @@ public function getComment(Request $request, $id)
 
     public function getDraftDiscussions(Request $request)
     {
+        $user = auth()->user()->load(['pagePermissions']);
+        if (Helper::isAccessBlocked($user, 'discussions'))
+            return $this->successResponse(['data' => []]);
+
         $limit = $request->limit ?? 50;
-        $user = auth()->user();
         $data = Discussion::with(['user', 'user.profile'])->where('discussions.is_draft', 1)
             ->where('discussions.user_id', $user->id)
             ->orderBy('discussions.created_at', 'DESC')->paginate($limit);
@@ -367,7 +414,10 @@ public function getDraftDiscussions(Request $request)
 
     public function deleteDraftDiscussions($id)
     {
-        $user = auth()->user();
+        $user = auth()->user()->load(['pagePermissions']);
+        if (Helper::isAccessBlocked($user, 'discussions'))
+            return $this->errorResponse('Your access is blocked', Response::HTTP_BAD_REQUEST);
+
         $discussion = Discussion::where('id', $id)->where('discussions.is_draft', 1)->where('discussions.user_id', $user->id)->first();
         if($discussion) {
             $discussion->delete();
@@ -376,4 +426,4 @@ public function deleteDraftDiscussions($id)
             return $this->errorResponse('Can not delete draft', Response::HTTP_BAD_REQUEST);
         }
     }
-}
+}

app/Http/Controllers/Api/V1/MetricController.php

@@ -2,6 +2,8 @@
 
 namespace App\Http\Controllers\Api\V1;
 
+use App\Console\Helper;
+
 use App\Http\Controllers\Controller;
 
 use App\Models\Metric;
@@ -23,7 +25,11 @@ class MetricController extends Controller
 {
     public function getMetric(Request $request)
     {
-        $user = auth()->user();
+        $user = auth()->user()->load(['pagePermissions']);
+        /*
+        if (Helper::isAccessBlocked($user, 'nodes'))
+            return $this->successResponse([]);
+        */
         $public_address_node = $request->get('public_address_node');
 
         if (!$public_address_node) {

app/Http/Controllers/Api/V1/PerkController.php

@@ -2,6 +2,8 @@
 
 namespace App\Http\Controllers\Api\V1;
 
+use App\Console\Helper;
+
 use App\Http\Controllers\Controller;
 
 use App\Models\Perk;
@@ -277,7 +279,10 @@ public function getPerkResultAdmin(Request $request, $id)
 
     public function getPerksUser(Request $request)
     {
-        $user = auth()->user();
+        $user = auth()->user()->load(['pagePermissions']);
+        if (Helper::isAccessBlocked($user, 'perks'))
+            return $this->successResponse(['data' => []]);
+
         $limit = $request->limit ?? 50;
         $sort_key = $request->sort_key ?? 'created_at';
         $sort_direction = $request->sort_direction ?? 'desc';
@@ -287,7 +292,10 @@ public function getPerksUser(Request $request)
 
     public function getPerkDetailUser($id)
     {
-        $user = auth()->user();
+        $user = auth()->user()->load(['pagePermissions']);
+        if (Helper::isAccessBlocked($user, 'perks'))
+            return $this->errorResponse('Your access is blocked', Response::HTTP_BAD_REQUEST);
+
         $perk = Perk::where('visibility', 'visible')->where('id', $id)->first();
         if (!$perk) {
             return $this->errorResponse('Not found perk', Response::HTTP_BAD_REQUEST);