From c8ef7d065b9ad58763823f63ad357fb4c8787d3f Mon Sep 17 00:00:00 2001
From: Deon George <deon@dege.au>
Date: Sun, 5 May 2024 22:47:33 +1000
Subject: [PATCH] Fix address_add validation, missing scoped to zone. Change to
 use shortform of $request->post() in address_add()

---
 app/Http/Controllers/SystemController.php | 93 ++++++++++++-----------
 1 file changed, 49 insertions(+), 44 deletions(-)

diff --git a/app/Http/Controllers/SystemController.php b/app/Http/Controllers/SystemController.php
index 25cb4de..d2f21d4 100644
--- a/app/Http/Controllers/SystemController.php
+++ b/app/Http/Controllers/SystemController.php
@@ -86,27 +86,30 @@ class SystemController extends Controller
 			'zone_id' => 'required|exists:zones,id',
 		]);
 
-		switch ($request->post('action')) {
+		switch ($request->action) {
 			case 'region':
 				$request->validate([
 					'region_id_new' => [
 						'required',
 						new TwoByteInteger,
-						function ($attribute,$value,$fail) {
+						function ($attribute,$value,$fail) use ($request) {
 							// Check that the region doesnt already exist
 							$o = Address::where(function($query) use ($value) {
-								return $query->where('region_id',$value)
-									->where('host_id',0)
-									->where('node_id',0)
-									->where('point_id',0)
-									->where('role',Address::NODE_RC);
-							})
-								// Check that a host doesnt already exist
-								->orWhere(function($query) use ($value) {
-									return $query->where('host_id',$value)
-										->where('point_id',0)
-										->where('role',Address::NODE_NC);
-								});
+								return $query->where(function($query) use ($value) {
+									return $query
+										->where('region_id',$value)
+										->where('role',Address::NODE_RC);
+									})
+									// Check that a host doesnt already exist
+									->orWhere(function($query) use ($value) {
+										return $query
+											->where('host_id',$value)
+											->where('role',Address::NODE_NC);
+									});
+								})
+								->where('zone_id',$request->zone_id)
+								->where('node_id',0)
+								->where('point_id',0);
 
 							if ($o->count()) {
 								$fail('Region or host already exists');
@@ -116,9 +119,9 @@ class SystemController extends Controller
 				]);
 
 				$oo = new Address;
-				$oo->zone_id = $request->post('zone_id');
-				$oo->region_id = $request->post('region_id_new');
-				$oo->host_id = 0;
+				$oo->zone_id = $request->zone_id;
+				$oo->region_id = $request->region_id_new;
+				$oo->host_id = $request->region_id_new;
 				$oo->node_id = 0;
 				$oo->point_id = 0;
 				$oo->role = Address::NODE_RC;
@@ -137,18 +140,19 @@ class SystemController extends Controller
 							// Check that the region doesnt already exist
 							$o = Address::where(function($query) use ($value) {
 								return $query->where(function($query) use ($value) {
-									return $query->where('region_id',$value)
+									return $query
+										->where('region_id',$value)
 										->where('role',Address::NODE_RC);
 								})
 									// Check that a host doesnt already exist
 									->orWhere(function($query) use ($value) {
-										return $query->where('host_id',$value)
+										return $query
+											->where('host_id',$value)
 											->where('role',Address::NODE_NC);
 									});
 							})
-								->where('zone_id',$request->post('zone_id'))
-								->where('point_id',0)
-								->where('active',TRUE);
+								->where('zone_id',$request->zone_id)
+								->where('point_id',0);
 
 							if ($o->count()) {
 								$fail('Region or host already exists');
@@ -162,7 +166,8 @@ class SystemController extends Controller
 							// Check that the region doesnt already exist
 							$o = Address::where(function($query) use ($request,$value) {
 								return $query
-									->where('host_id',$request->post('host_id_new'))
+									->where('zone_id',$request->zone_id)
+									->where('host_id',$request->host_id_new)
 									->where('node_id',$value)
 									->where('point_id',0)
 									->where('role',Address::NODE_RC);
@@ -202,10 +207,10 @@ class SystemController extends Controller
 				$o->addresses()->save($oo);
 
 				$oo = new Address;
-				$oo->zone_id = $request->post('zone_id');
-				$oo->region_id = $request->post('region_id');
-				$oo->host_id = $request->post('host_id_new');
-				$oo->node_id = $request->post('node_id_new');
+				$oo->zone_id = $request->zone_id;
+				$oo->region_id = $request->region_id;
+				$oo->host_id = $request->host_id_new;
+				$oo->node_id = $request->node_id_new;
 				$oo->point_id = 0;
 				$oo->role = Address::NODE_ACTIVE;
 				$oo->active = TRUE;
@@ -226,11 +231,11 @@ class SystemController extends Controller
 								// Check that the host doesnt already exist
 								$o = Address::where(function($query) use ($request,$value) {
 									return $query
-										->where('zone_id',$request->post('zone_id'))
-										->where('host_id',$request->post('host_id'))
+										->where('zone_id',$request->zone_id)
+										->where('host_id',$request->host_id)
 										->where('node_id',$value)
 										->where('point_id',0)
-										->where('id','<>',$request->post('submit'));
+										->where('id','<>',$request->submit);
 								});
 
 								if ($o->count()) {
@@ -248,11 +253,11 @@ class SystemController extends Controller
 							// Check that the host doesnt already exist
 							$o = Address::where(function($query) use ($request,$value) {
 								return $query
-									->where('zone_id',$request->post('zone_id'))
-									->where('host_id',$request->post('host_id'))
-									->where('node_id',$request->post('node_id'))
+									->where('zone_id',$request->zone_id)
+									->where('host_id',$request->host_id)
+									->where('node_id',$request->node_id)
 									->where('point_id',$value)
-									->where('id','<>',$request->post('submit'));
+									->where('id','<>',$request->submit);
 							});
 
 							if ($o->count()) {
@@ -265,23 +270,23 @@ class SystemController extends Controller
 					'security' => 'required|integer|min:0|max:7',
 				]);
 
-				$oo = Address::findOrNew($request->post('submit'));
-				$oo->zone_id = $request->post('zone_id');
-				$oo->region_id = $request->post('region_id');
-				$oo->host_id = $request->post('host_id');
-				$oo->node_id = $request->post('node_id');
-				$oo->point_id = $request->post('point_id');
-				$oo->hub_id = $request->post('hub_id') > 0 ? $request->post('hub_id') : NULL;
+				$oo = Address::findOrNew($request->submit);
+				$oo->zone_id = $request->zone_id;
+				$oo->region_id = $request->region_id;
+				$oo->host_id = $request->host_id;
+				$oo->node_id = $request->node_id;
+				$oo->point_id = $request->point_id;
+				$oo->hub_id = $request->hub_id > 0 ? $request->hub_id : NULL;
 				if (is_null($oo->role))
-					$oo->role = ((! $oo->point_id) && $request->post('hub')) ? Address::NODE_HC : ($request->post('point_id') ? Address::NODE_POINT : Address::NODE_ACTIVE);
-				$oo->security = $request->post('security');
+					$oo->role = ((! $oo->point_id) && $request->hub) ? Address::NODE_HC : ($request->point_id ? Address::NODE_POINT : Address::NODE_ACTIVE);
+				$oo->security = $request->security;
 				$oo->active = TRUE;
 
 				$o->addresses()->save($oo);
 				break;
 
 			default:
-				return redirect()->back()->withErrors(['action'=>'Unknown action: '.$request->post('action')]);
+				return redirect()->back()->withErrors(['action'=>'Unknown action: '.$request->action]);
 		}
 
 		return redirect()->to(sprintf('system/addedit/%d',$o->id));