From 5c9e4a05f357252ab1d52c49e76b05d46fe6155d Mon Sep 17 00:00:00 2001 From: Ned Zimmerman Date: Tue, 17 Oct 2023 12:28:04 -0300 Subject: [PATCH] fix: prevent the creation of interpretation resources (resolves #1936) (#1938) --- .../Resources/InterpretationResource.php | 13 +---------- app/Models/Interpretation.php | 14 ------------ app/Policies/InterpretationPolicy.php | 17 ++++++++++++++ app/Providers/AuthServiceProvider.php | 3 +++ app/View/Components/Interpretation.php | 1 - database/factories/InterpretationFactory.php | 1 - database/schema/mysql-schema.sql | 6 ++--- tests/Feature/InterpretationTest.php | 22 +------------------ 8 files changed, 25 insertions(+), 52 deletions(-) create mode 100644 app/Policies/InterpretationPolicy.php diff --git a/app/Filament/Resources/InterpretationResource.php b/app/Filament/Resources/InterpretationResource.php index 2c44d03d5..452d4f9e2 100644 --- a/app/Filament/Resources/InterpretationResource.php +++ b/app/Filament/Resources/InterpretationResource.php @@ -9,7 +9,6 @@ use Filament\Resources\Resource; use Filament\Tables; use Filament\Tables\Table; -use Illuminate\Support\Str; class InterpretationResource extends Resource { @@ -29,12 +28,10 @@ public static function form(Form $form): Form ->columnSpan(2), Forms\Components\TextInput::make('route') ->required() + ->disabled() ->maxLength(255), Forms\Components\TextInput::make('namespace') ->maxLength(255), - Forms\Components\Toggle::make('route_has_params') - ->label('Route has parameters') - ->columnSpan(2), Forms\Components\TextInput::make('video.asl') ->label('ASL Video') ->url() @@ -52,14 +49,6 @@ public static function table(Table $table): Table ->columns([ Tables\Columns\TextColumn::make('name')->disableClick(), Tables\Columns\TextColumn::make('namespace')->disableClick(), - Tables\Columns\TextColumn::make('context') - ->label(__('Show context')) - ->getStateUsing(fn (Interpretation $record): string => __('Show context').' '.__('for').' '.$record->name.'') - ->html() - ->url(fn (Interpretation $record): string => $record->route_has_params ? route('filament.admin.resources.interpretations.edit', $record) : localized_route($record->route).'#'.Str::slug($record->name)) - ->openUrlInNewTab() - ->icon('heroicon-m-arrow-top-right-on-square') - ->iconPosition('after'), Tables\Columns\BadgeColumn::make('asl') ->getStateUsing(fn (Interpretation $record): string => $record->getTranslation('video', 'asl', false) !== '' ? __('Yes') : __('No')) ->colors([ diff --git a/app/Models/Interpretation.php b/app/Models/Interpretation.php index 001d61d19..65a405e21 100644 --- a/app/Models/Interpretation.php +++ b/app/Models/Interpretation.php @@ -5,7 +5,6 @@ use Illuminate\Database\Eloquent\Casts\Attribute; use Illuminate\Database\Eloquent\Factories\HasFactory; use Illuminate\Database\Eloquent\Model; -use Illuminate\Support\Str; use Spatie\Translatable\HasTranslations; /** @@ -22,7 +21,6 @@ class Interpretation extends Model 'name', 'namespace', 'route', - 'route_has_params', 'video', ]; @@ -53,16 +51,4 @@ public static function boot(): void $model->namespace ??= $model->route; }); } - - public function getContextURL(string $locale = null): ?string - { - if ($this->route_has_params) { - return null; - } - - $locale ??= locale(); - $anchor = '#'.Str::slug(__($this->getRawOriginal('name'), [], $locale)); - - return localized_route($this->route, [], $locale).$anchor; - } } diff --git a/app/Policies/InterpretationPolicy.php b/app/Policies/InterpretationPolicy.php new file mode 100644 index 000000000..43df1cca7 --- /dev/null +++ b/app/Policies/InterpretationPolicy.php @@ -0,0 +1,17 @@ + RegulatedOrganizationPolicy::class, ResourceCollection::class => ResourceCollectionPolicy::class, Individual::class => IndividualPolicy::class, + Interpretation::class => InterpretationPolicy::class, Meeting::class => MeetingPolicy::class, Project::class => ProjectPolicy::class, Organization::class => OrganizationPolicy::class, diff --git a/app/View/Components/Interpretation.php b/app/View/Components/Interpretation.php index 0932ae846..17810ebf5 100644 --- a/app/View/Components/Interpretation.php +++ b/app/View/Components/Interpretation.php @@ -43,7 +43,6 @@ public function __construct(string $name, string $namespace = null) ], [ 'route' => Str::after(Route::currentRouteName(), locale().'.'), - 'route_has_params' => (bool) request()->route()->parameters(), ] ) : null; diff --git a/database/factories/InterpretationFactory.php b/database/factories/InterpretationFactory.php index 661c3dec7..274ee6d5d 100644 --- a/database/factories/InterpretationFactory.php +++ b/database/factories/InterpretationFactory.php @@ -19,7 +19,6 @@ public function definition() return [ 'name' => $this->faker->sentence(3), 'route' => 'welcome', - 'route_has_params' => false, 'video' => [ 'asl' => 'https://vimeo.com/766454375', 'lsq' => 'https://vimeo.com/766455246', diff --git a/database/schema/mysql-schema.sql b/database/schema/mysql-schema.sql index 468f38016..5922292ec 100644 --- a/database/schema/mysql-schema.sql +++ b/database/schema/mysql-schema.sql @@ -596,7 +596,6 @@ CREATE TABLE `interpretations` ( `name` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL, `namespace` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL, `route` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL, - `route_has_params` tinyint(1) DEFAULT NULL, `video` json DEFAULT NULL, `created_at` timestamp NULL DEFAULT NULL, `updated_at` timestamp NULL DEFAULT NULL, @@ -1405,10 +1404,11 @@ INSERT INTO `migrations` (`id`, `migration`, `batch`) VALUES (147,'2023_04_18_11 INSERT INTO `migrations` (`id`, `migration`, `batch`) VALUES (150,'2023_05_09_132308_add_dismiss_customization_status_to_users_table',11); INSERT INTO `migrations` (`id`, `migration`, `batch`) VALUES (151,'2023_05_09_141054_add_dismiss_invite_status_to_organizations_table',11); INSERT INTO `migrations` (`id`, `migration`, `batch`) VALUES (152,'2023_05_09_141124_add_dismiss_invite_status_to_regulated_organizations_table',11); -INSERT INTO `migrations` (`id`, `migration`, `batch`) VALUES (153,'2023_05_01_180138_create_general_settings',12); -INSERT INTO `migrations` (`id`, `migration`, `batch`) VALUES (154,'2023_05_01_201239_add_registration_links_to_general_settings',12); INSERT INTO `migrations` (`id`, `migration`, `batch`) VALUES (155,'2023_07_11_220402_migrate_slug_column_to_json_courses_table',12); INSERT INTO `migrations` (`id`, `migration`, `batch`) VALUES (156,'2023_07_11_220419_migrate_slug_column_to_json_modules_table',12); INSERT INTO `migrations` (`id`, `migration`, `batch`) VALUES (157,'2023_07_12_140339_migrate_to_json_author_column_courses_table',12); INSERT INTO `migrations` (`id`, `migration`, `batch`) VALUES (158,'2023_07_19_145806_remove_completed_at_column_module_user_table',12); INSERT INTO `migrations` (`id`, `migration`, `batch`) VALUES (159,'2023_10_16_174255_update_settings_table',13); +INSERT INTO `migrations` (`id`, `migration`, `batch`) VALUES (160,'2023_05_01_180138_create_general_settings',14); +INSERT INTO `migrations` (`id`, `migration`, `batch`) VALUES (161,'2023_05_01_201239_add_registration_links_to_general_settings',14); +INSERT INTO `migrations` (`id`, `migration`, `batch`) VALUES (162,'2023_10_17_142724_remove_route_has_params_column_from_interpretations',14); diff --git a/tests/Feature/InterpretationTest.php b/tests/Feature/InterpretationTest.php index 011fff7c0..be7ee62ef 100644 --- a/tests/Feature/InterpretationTest.php +++ b/tests/Feature/InterpretationTest.php @@ -3,7 +3,6 @@ use App\Filament\Resources\InterpretationResource; use App\Models\Interpretation; use App\Models\User; -use Illuminate\Support\Str; use function Pest\Livewire\livewire; @@ -71,25 +70,6 @@ expect($interpretation->getTranslation('video', 'lsq'))->toBe($videoSrc['lsq']); }); -test('get context URL', function () { - $interpretation = Interpretation::factory()->create([ - 'name' => 'The Accessibility Exchange', - 'route_has_params' => true, - ]); - - expect($interpretation->getContextURL())->toBeNull(); - - $interpretation->route_has_params = false; - - app()->setLocale('fr'); - expect($interpretation->getContextURL())->toBe(localized_route('welcome').'#'.Str::slug($interpretation->name)); - expect($interpretation->getContextURL('en'))->toBe(localized_route('welcome', [], 'en').'#'.Str::slug(__('The Accessibility Exchange', [], 'en'))); - - app()->setLocale('en'); - expect($interpretation->getContextURL())->toBe(localized_route('welcome').'#'.Str::slug($interpretation->name)); - expect($interpretation->getContextURL('fr'))->toBe(localized_route('welcome', [], 'fr').'#'.Str::slug(__('The Accessibility Exchange', [], 'fr'))); -}); - test('only administrative users can access interpretation admin pages', function () { $user = User::factory()->create(); $administrator = User::factory()->create(['context' => 'administrator']); @@ -98,7 +78,7 @@ $this->actingAs($administrator)->get(InterpretationResource::getUrl('index'))->assertSuccessful(); $this->actingAs($user)->get(InterpretationResource::getUrl('create'))->assertForbidden(); - $this->actingAs($administrator)->get(InterpretationResource::getUrl('create'))->assertSuccessful(); + $this->actingAs($administrator)->get(InterpretationResource::getUrl('create'))->assertForbidden(); $this->actingAs($user)->get(InterpretationResource::getUrl('edit', [ 'record' => Interpretation::factory()->create(),