From aaec5f8f4a0f4f5e2085f7a9d9cf37ea351756a8 Mon Sep 17 00:00:00 2001 From: Deon George Date: Tue, 21 May 2024 19:50:57 +1000 Subject: [PATCH] Security update enabling update_nn to edit system details --- app/Http/Controllers/SystemController.php | 27 ++++++---- ...Register.php => SystemRegisterRequest.php} | 5 +- resources/views/system/addedit.blade.php | 7 +-- .../views/system/widget/form-system.blade.php | 3 +- .../views/system/widget/system.blade.php | 53 ++++++++++--------- 5 files changed, 52 insertions(+), 43 deletions(-) rename app/Http/Requests/{SystemRegister.php => SystemRegisterRequest.php} (95%) diff --git a/app/Http/Controllers/SystemController.php b/app/Http/Controllers/SystemController.php index e2c7ead..5a893ba 100644 --- a/app/Http/Controllers/SystemController.php +++ b/app/Http/Controllers/SystemController.php @@ -16,7 +16,7 @@ use Illuminate\Support\Facades\Notification; use Illuminate\Support\ViewErrorBag; use App\Classes\FTN\Message; -use App\Http\Requests\{AddressMerge,AreafixRequest,SystemEchoareaRequest,SystemRegister,SystemSessionRequest}; +use App\Http\Requests\{AddressMerge,AreafixRequest,SystemEchoareaRequest,SystemRegisterRequest,SystemSessionRequest}; use App\Jobs\AddressPoll; use App\Models\{Address,Echoarea,Echomail,Filearea,Netmail,Setup,System,Zone}; use App\Notifications\Netmails\AddressLink; @@ -29,13 +29,18 @@ class SystemController extends Controller /** * Add or edit a node */ - public function add_edit(SystemRegister $request,System $o) + public function add_edit(SystemRegisterRequest $request, System $o) { - if ($request->post()) { - foreach (['name','location','sysop','hold','phone','address','port','active','method','notes','zt_id','pkt_type','heartbeat'] as $key) - $o->{$key} = $request->post($key); + if ($request->validated()) { + foreach (['name','location','phone','address','port','active','method','pkt_type'] as $key) + $o->{$key} = $request->validated($key); - switch ($request->post('pollmode')) { + // Sometimes items + foreach (['sysop','hold','notes','zt_id','heartbeat'] as $key) + if ($request->validated($key)) + $o->{$key} = $request->validated($key); + + switch ($request->validated('pollmode')) { case 1: $o->pollmode = FALSE; break; case 2: $o->pollmode = TRUE; break; default: $o->pollmode = NULL; @@ -49,9 +54,9 @@ class SystemController extends Controller ->transform(function($item) { $item['active'] = Arr::get($item,'active',FALSE); return $item; }); $o->mailers()->sync($mailers); - if ($request->post('users')) { - if (array_filter($request->post('users'),function($item) { return $item; })) - $o->users()->sync($request->post('users')); + if ($request->validated('users')) { + if (array_filter($request->validated('users'),function($item) { return $item; })) + $o->users()->sync($request->validated('users')); else $o->users()->detach(); } @@ -62,7 +67,7 @@ class SystemController extends Controller $o->load(['addresses.zone.domain','addresses.nodes_hub','addresses.system','sessions.domain','sessions.systems']); return view('system.addedit') - ->with('action',$o->exists ? 'update' : 'create') + ->with('action',$o->exists ? 'update_nn' : 'create') ->with('o',$o); } @@ -767,7 +772,7 @@ class SystemController extends Controller /** * Register a system, or link to an existing system */ - public function register(SystemRegister $request) + public function register(SystemRegisterRequest $request) { // Step 1, show the user a form to select an existing defined system if ($request->isMethod('GET')) diff --git a/app/Http/Requests/SystemRegister.php b/app/Http/Requests/SystemRegisterRequest.php similarity index 95% rename from app/Http/Requests/SystemRegister.php rename to app/Http/Requests/SystemRegisterRequest.php index 7dc97ad..6577f07 100644 --- a/app/Http/Requests/SystemRegister.php +++ b/app/Http/Requests/SystemRegisterRequest.php @@ -10,8 +10,7 @@ use Illuminate\Validation\Rule; use App\Classes\FTN\Packet; use App\Models\{Setup,System}; -// @todo rename to SystemRegisterRequest -class SystemRegister extends FormRequest +class SystemRegisterRequest extends FormRequest { private System $so; @@ -73,7 +72,7 @@ class SystemRegister extends FormRequest ],($so && $so->exists) ? [ 'users' => 'nullable|array|min:1|max:2', 'active' => 'required|boolean', - 'hold' => 'required|boolean', + 'hold' => 'sometimes|boolean', 'pollmode' => 'required|integer|min:0|max:2', 'heartbeat' => 'nullable|integer|min:0|max:48', ] : [])); diff --git a/resources/views/system/addedit.blade.php b/resources/views/system/addedit.blade.php index 2cade9f..4721f39 100644 --- a/resources/views/system/addedit.blade.php +++ b/resources/views/system/addedit.blade.php @@ -1,12 +1,12 @@ @php - use App\Models\Address; +use App\Models\Address; @endphp @extends('layouts.app') @section('htmlheader_title') - @can('admin',$o) @if($o->exists) Update @else Add @endif @endcan System + @can('update_nn',$o) @if($o->exists) Update @else Add @endif @endcan System @endsection @section('content') @@ -21,6 +21,7 @@

This system is the ZC for the following zones: {!! $o->zcs->sortBy('zone_id')->map(function($item) { return sprintf('%d@%s',$item->zone_id,$item->domain->name); })->join(', ') !!}

@endif + @include('widgets.error')
@if ($o->exists) @@ -163,8 +164,8 @@ {!! $message !!} +
- @enderror @can('admin',$o) diff --git a/resources/views/system/widget/form-system.blade.php b/resources/views/system/widget/form-system.blade.php index 430f265..49e1d20 100644 --- a/resources/views/system/widget/form-system.blade.php +++ b/resources/views/system/widget/form-system.blade.php @@ -1,3 +1,4 @@ +
@csrf @@ -5,7 +6,7 @@
-

@can('update',$o) @if($o->exists) Update @else Add @endif @endif System

+

@can($action,$o) @if($o->exists) Update @else Add @endif @endif System

@include('system.widget.system')
diff --git a/resources/views/system/widget/system.blade.php b/resources/views/system/widget/system.blade.php index 4020be1..9c51332 100644 --- a/resources/views/system/widget/system.blade.php +++ b/resources/views/system/widget/system.blade.php @@ -1,9 +1,9 @@ @php - use App\Classes\FTN\Packet; - use App\Models\{Mailer,User}; +use App\Classes\FTN\Packet; +use App\Models\{Mailer,User}; @endphp - +
@can('admin',$o) @@ -46,7 +46,7 @@
- +
@@ -227,7 +227,7 @@
- @can('update',$o) + @can($action,$o)
@@ -245,7 +245,7 @@
- @can('update',$o) + @can('admin',$o)
@@ -263,7 +263,7 @@
- @can('update',$o) + @can($action,$o)
@@ -287,11 +287,18 @@
- -
pollmode))d-none @endif" id="heartbeat_option"> - @can('admin',$o) -
-
+
+
+
+ +
+ +
+
+ + + @can('admin',$o) +
pollmode))d-none @endif" id="heartbeat_option">
@@ -303,18 +310,15 @@
+ @endcan -
- - -
-
- @endcan - @if (! is_null($o->pollmode)) +
+ + @if(! is_null($o->pollmode))
- @if($job = $o->poll()) + @if($job=$o->poll())
@if($job->attempts)Last: @else Scheduled: @endif @@ -333,7 +337,7 @@
- @if ($job->attempts) + @if($job->attempts)
Next: @@ -363,7 +367,7 @@
- @if ($o->heartbeat) + @if($o->heartbeat)
Next Heartbeat: @@ -381,7 +385,7 @@
- @if ($job) Queued + @if($job) Queued @elseif ($o->autohold)Auto Hold @else @switch($o->pollmode) @@ -416,7 +420,7 @@ @if($o->exists) @can($action,$o) Cancel - + @else NOTE: You'll be able to update these details after registration is completed. @@ -449,7 +453,6 @@ }) $('#poll_hold').on('click',function() { $('#heartbeat_option').addClass('d-none'); - console.log('hold'); }) $("#autohold").on('click',function(item) { var that = $(this)