diff options
Diffstat (limited to 'app/Http')
| -rw-r--r-- | app/Http/Controllers/DashboardController.php | 27 | ||||
| -rw-r--r-- | app/Http/Controllers/FileController.php | 9 | ||||
| -rw-r--r-- | app/Http/Controllers/LinkController.php | 4 | ||||
| -rw-r--r-- | app/Http/Controllers/WritingController.php | 6 | ||||
| -rw-r--r-- | app/Http/Middleware/Admin.php | 21 |
5 files changed, 54 insertions, 13 deletions
diff --git a/app/Http/Controllers/DashboardController.php b/app/Http/Controllers/DashboardController.php index 7335629..c104e77 100644 --- a/app/Http/Controllers/DashboardController.php +++ b/app/Http/Controllers/DashboardController.php @@ -16,10 +16,29 @@ class DashboardController extends Controller { $user = Auth::user(); - // You can add any additional data preparation here - // before passing to the view - - return view('dashboard'); + // Storage stats + $usedStorage = $user->getStorageUsed(); + $totalStorage = $user->storage_quota; + $storagePercent = $totalStorage > 0 ? min(100, round(($usedStorage / $totalStorage) * 100)) : 0; + + // File stats + $fileCount = 0; // TODO: update when DB schema supports user->files() + $recentFiles = collect(); + + // Writing stats + $writingCount = $user->writings()->count(); + $recentWritings = $user->writings()->orderBy('created_at', 'desc')->take(3)->get(); + + return view('dashboard', compact( + 'user', + 'usedStorage', + 'totalStorage', + 'storagePercent', + 'fileCount', + 'recentFiles', + 'writingCount', + 'recentWritings', + )); } /** diff --git a/app/Http/Controllers/FileController.php b/app/Http/Controllers/FileController.php index 5a4ed40..70d07ef 100644 --- a/app/Http/Controllers/FileController.php +++ b/app/Http/Controllers/FileController.php @@ -145,7 +145,8 @@ class FileController extends Controller public function addTags(Request $request, $fileId) { $file = File::findOrFail($fileId); - + $this->authorize('update', $file); + $validated = $request->validate([ 'tags' => 'required|string' ]); @@ -169,6 +170,8 @@ class FileController extends Controller public function removeTag(Request $request, $fileId, $tagId) { $file = File::findOrFail($fileId); + $this->authorize('update', $file); + $tag = Tag::findOrFail($tagId); $file->tags()->detach($tagId); @@ -196,6 +199,8 @@ class FileController extends Controller */ public function update(Request $request, File $file) { + $this->authorize('update', $file); + $validated = $request->validate([ 'description' => 'nullable|string', 'tags' => 'nullable|string' @@ -218,6 +223,8 @@ class FileController extends Controller */ public function destroy(File $file) { + $this->authorize('delete', $file); + // Remove the file from storage if (Storage::disk('public')->exists($file->path)) { Storage::disk('public')->delete($file->path); diff --git a/app/Http/Controllers/LinkController.php b/app/Http/Controllers/LinkController.php index 9ac44d8..e889489 100644 --- a/app/Http/Controllers/LinkController.php +++ b/app/Http/Controllers/LinkController.php @@ -70,6 +70,8 @@ class LinkController extends Controller */ public function update(UpdateLinkRequest $request, Link $link) { + $this->authorize('update', $link); + $validated = $request->validated(); $link->update($validated); @@ -82,6 +84,8 @@ class LinkController extends Controller */ public function destroy(Link $link) { + $this->authorize('delete', $link); + $link->delete(); $redirect = request()->input('_redirect', route('l.index')); diff --git a/app/Http/Controllers/WritingController.php b/app/Http/Controllers/WritingController.php index 974852f..67d7b8d 100644 --- a/app/Http/Controllers/WritingController.php +++ b/app/Http/Controllers/WritingController.php @@ -66,6 +66,8 @@ class WritingController extends Controller public function edit($id) { $writing = Writing::findOrFail($id); + $this->authorize('update', $writing); + return view('writings.edit', [ 'writing' => $writing ]); @@ -76,6 +78,8 @@ class WritingController extends Controller */ public function update(Request $request, Writing $writing) { + $this->authorize('update', $writing); + $validated = $request->validate([ 'title' => 'required|min:3|max:255', 'content' => 'required|min:10', @@ -92,6 +96,8 @@ class WritingController extends Controller */ public function destroy(Writing $writing) { + $this->authorize('delete', $writing); + $writing->delete(); return redirect()->route('w.index') diff --git a/app/Http/Middleware/Admin.php b/app/Http/Middleware/Admin.php index ab70520..65fba8c 100644 --- a/app/Http/Middleware/Admin.php +++ b/app/Http/Middleware/Admin.php @@ -6,6 +6,7 @@ use Closure; use Illuminate\Http\Request; use Symfony\Component\HttpFoundation\Response; use Illuminate\Support\Facades\Auth; +use Illuminate\Support\Facades\Cache; use Illuminate\Support\Facades\Notification; use App\Notifications\AdminAccessNotification; use Illuminate\Notifications\AnonymousNotifiable; @@ -21,16 +22,20 @@ class Admin abort(403, 'Unauthorized'); } - // Notify admin email of access + // Notify admin email of access — throttled to once per 15 minutes per user+IP $adminEmail = config('app.admin_notify_email'); if ($adminEmail) { - Notification::route('mail', $adminEmail)->notify( - new AdminAccessNotification( - Auth::user()->name, - $request->ip(), - $request->header('User-Agent', 'unknown') - ) - ); + $cacheKey = 'admin_notify:' . Auth::id() . ':' . $request->ip(); + if (!Cache::has($cacheKey)) { + Notification::route('mail', $adminEmail)->notify( + new AdminAccessNotification( + Auth::user()->name, + $request->ip(), + $request->header('User-Agent', 'unknown') + ) + ); + Cache::put($cacheKey, true, now()->addMinutes(15)); + } } return $next($request); |