From 6104b0e3d8f088e2eaea92c19999282dc1d11012 Mon Sep 17 00:00:00 2001
From: Dave Earley <dave@attendize.com>
Date: Wed, 27 Jul 2016 20:26:41 +0100
Subject: [PATCH] Moved admin links to footer and simplified checks for user
 permissions

---
 app/Attendize/Utils.php                       | 29 +++++++++++++++++++
 app/Http/Controllers/EventViewController.php  |  3 +-
 .../Controllers/OrganiserViewController.php   |  3 +-
 app/Models/Event.php                          |  2 +-
 .../Partials/EventFooterSection.blade.php     |  2 +-
 .../Partials/OrganiserFooterSection.blade.php |  2 +-
 6 files changed, 36 insertions(+), 5 deletions(-)

diff --git a/app/Attendize/Utils.php b/app/Attendize/Utils.php
index 6a4ac5e5..74173884 100644
--- a/app/Attendize/Utils.php
+++ b/app/Attendize/Utils.php
@@ -2,6 +2,9 @@
 
 namespace App\Attendize;
 
+use Auth;
+use PhpSpec\Exception\Exception;
+
 class Utils
 {
     
@@ -61,6 +64,32 @@ class Utils
         return file_exists(storage_path().'/framework/down');
     }
 
+    /**
+     * Check if a user has admin access to events etc.
+     *
+     * @todo - This is a temp fix until user roles etc. are implemented
+     * @param $object
+     * @return bool
+     */
+    public static function userOwns($object)
+    {
+        if(!Auth::check()) {
+            return false;
+        }
+
+        try {
+
+            if(Auth::user()->account_id === $object->account_id) {
+                return true;
+            }
+
+        } catch(Exception $e) {
+            return false;
+        }
+
+        return false;
+    }
+
     public static function file_upload_max_size()
     {
         static $max_size = -1;
diff --git a/app/Http/Controllers/EventViewController.php b/app/Http/Controllers/EventViewController.php
index d70fa77f..f63ba777 100644
--- a/app/Http/Controllers/EventViewController.php
+++ b/app/Http/Controllers/EventViewController.php
@@ -2,6 +2,7 @@
 
 namespace App\Http\Controllers;
 
+use App\Attendize\Utils;
 use App\Models\Affiliate;
 use App\Models\Event;
 use App\Models\EventStats;
@@ -26,7 +27,7 @@ class EventViewController extends Controller
     {
         $event = Event::findOrFail($event_id);
 
-        if (Auth::user()->account_id !== $event->account_id && !$event->is_live) {
+        if (!Utils::userOwns($event) && !$event->is_live) {
             return view('Public.ViewEvent.EventNotLivePage');
         }
 
diff --git a/app/Http/Controllers/OrganiserViewController.php b/app/Http/Controllers/OrganiserViewController.php
index a526ec15..8f6a7267 100644
--- a/app/Http/Controllers/OrganiserViewController.php
+++ b/app/Http/Controllers/OrganiserViewController.php
@@ -2,6 +2,7 @@
 
 namespace App\Http\Controllers;
 
+use App\Attendize\Utils;
 use App\Models\Organiser;
 use Carbon\Carbon;
 use Auth;
@@ -21,7 +22,7 @@ class OrganiserViewController extends Controller
     {
         $organiser = Organiser::findOrFail($organiser_id);
 
-        if(!$organiser->enable_organiser_page && Auth::user()->account_id !== $organiser->account_id) {
+        if(!$organiser->enable_organiser_page && !Utils::userOwns($organiser)) {
             abort(404);
         }
 
diff --git a/app/Models/Event.php b/app/Models/Event.php
index 45cea4c6..5be3f8ed 100644
--- a/app/Models/Event.php
+++ b/app/Models/Event.php
@@ -279,7 +279,7 @@ class Event extends MyBaseModel
     {
         return $this->sales_volume + $this->organiser_fees_volume;
     }
-
+    
     /**
      * The attributes that should be mutated to dates.
      *
diff --git a/resources/views/Public/ViewEvent/Partials/EventFooterSection.blade.php b/resources/views/Public/ViewEvent/Partials/EventFooterSection.blade.php
index 4086d37c..05389bcb 100644
--- a/resources/views/Public/ViewEvent/Partials/EventFooterSection.blade.php
+++ b/resources/views/Public/ViewEvent/Partials/EventFooterSection.blade.php
@@ -7,7 +7,7 @@
                 {{--See https://www.attendize.com/licence.php for more information.--}}
                 @include('Shared.Partials.PoweredBy')
 
-                @if(Auth::user()->account_id === $event->account_id)
+                @if(Utils::userOwns($event))
                 &bull;
                 <a class="adminLink " href="{{route('showEventDashboard' , ['event_id' => $event->id])}}">Event
                     Dashboard</a>
diff --git a/resources/views/Public/ViewOrganiser/Partials/OrganiserFooterSection.blade.php b/resources/views/Public/ViewOrganiser/Partials/OrganiserFooterSection.blade.php
index abda45dd..5b50de7a 100644
--- a/resources/views/Public/ViewOrganiser/Partials/OrganiserFooterSection.blade.php
+++ b/resources/views/Public/ViewOrganiser/Partials/OrganiserFooterSection.blade.php
@@ -7,7 +7,7 @@
                 {{--See https://github.com/Attendize/Attendize/blob/master/LICENSE for more information.--}}
                 @include('Shared.Partials.PoweredBy')
 
-                @if(Auth::user()->account_id === $organiser->account_id)
+                @if(Utils::userOwns($organiser))
                     &bull;
                     <a class="adminLink"
                        href="{{route('showOrganiserDashboard' , ['organiser_id' => $organiser->id])}}">Organiser