From abe2939542e4e83c9f7c6493e5042d15c8bb0297 Mon Sep 17 00:00:00 2001
From: bad <badatnames@tutanota.com>
Date: Sat, 20 Nov 2021 22:12:35 +0100
Subject: [PATCH] Create admin users

---
 app/Http/Kernel.php                           |  1 +
 app/Http/Middleware/AdminAuth.php             | 27 ++++++++++++++++
 app/Models/User.php                           |  4 +++
 config/admin.php                              |  7 ++++
 .../2021_11_19_075332_admin_field_user.php    | 32 +++++++++++++++++++
 database/seeders/DatabaseSeeder.php           | 14 +++++++-
 routes/web.php                                |  2 +-
 7 files changed, 85 insertions(+), 2 deletions(-)
 create mode 100644 app/Http/Middleware/AdminAuth.php
 create mode 100644 config/admin.php
 create mode 100644 database/migrations/2021_11_19_075332_admin_field_user.php

diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 39910d7..feef0b8 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -55,6 +55,7 @@ class Kernel extends HttpKernel
      */
     protected $routeMiddleware = [
         'auth' => \App\Http\Middleware\Authenticate::class,
+        'auth.admin' => \App\Http\Middleware\AdminAuth::class,
         'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
         'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
         'can' => \Illuminate\Auth\Middleware\Authorize::class,
diff --git a/app/Http/Middleware/AdminAuth.php b/app/Http/Middleware/AdminAuth.php
new file mode 100644
index 0000000..9f43e97
--- /dev/null
+++ b/app/Http/Middleware/AdminAuth.php
@@ -0,0 +1,27 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
+
+class AdminAuth
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @return mixed
+     */
+    public function handle(Request $request, Closure $next)
+    {
+        $user = Auth::user();
+        if($user && $user->isAdmin()) {
+            return $next($request);
+        }
+        throw new AccessDeniedHttpException("You must be an admin to access this path");
+    }
+}
diff --git a/app/Models/User.php b/app/Models/User.php
index 40bf04d..2bd1a73 100644
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -45,6 +45,10 @@ class User extends Authenticatable
         'email_verified_at' => 'datetime',
     ];
 
+    public function isAdmin() {
+          return $this->admin;
+    }
+
     public function cart() {
           return $this->belongsToMany(Product::class, "cart_items", "userID", "productID");
     }
diff --git a/config/admin.php b/config/admin.php
new file mode 100644
index 0000000..50912f7
--- /dev/null
+++ b/config/admin.php
@@ -0,0 +1,7 @@
+<?php
+
+return [
+    'email' => env("ADMIN_EMAIL"), 
+    'username' => env("ADMIN_USERNAME"), 
+    'password' => env("ADMIN_PASSWORD"), 
+];
diff --git a/database/migrations/2021_11_19_075332_admin_field_user.php b/database/migrations/2021_11_19_075332_admin_field_user.php
new file mode 100644
index 0000000..e0bd084
--- /dev/null
+++ b/database/migrations/2021_11_19_075332_admin_field_user.php
@@ -0,0 +1,32 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class AdminFieldUser extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table("users", function (Blueprint $blueprint) {
+            $blueprint->boolean("admin")->default(false);
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table("users", function (Blueprint $blueprint) {
+            $blueprint->dropColumn("admin");
+        });
+    }
+}
diff --git a/database/seeders/DatabaseSeeder.php b/database/seeders/DatabaseSeeder.php
index 76da146..3355f8d 100644
--- a/database/seeders/DatabaseSeeder.php
+++ b/database/seeders/DatabaseSeeder.php
@@ -3,7 +3,9 @@
 namespace Database\Seeders;
 
 use App\Models\Image;
+use App\Models\User;
 use Illuminate\Database\Seeder;
+use Illuminate\Support\Facades\Hash;
 
 class DatabaseSeeder extends Seeder
 {
@@ -14,7 +16,17 @@ class DatabaseSeeder extends Seeder
      */
     public function run()
     {
-        \App\Models\User::factory(10)->create();
+        User::factory(10)->create();
+        $creds = [
+            'email' => config('admin.email'),
+            'name' => config('admin.username'),
+            'password' => config('admin.password'), 
+        ];
+        $creds["password"] = Hash::make($creds["password"]);
+        $user = User::create($creds);
+        $user->admin = true;
+        $user->save();
+
         \App\Models\Product::factory(10)->has(Image::factory()->count(3))->create();
     }
 }
diff --git a/routes/web.php b/routes/web.php
index 3fda1b4..a24a01b 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -38,4 +38,4 @@ Route::post("/product/{product}/removeFromCart", [CartController::class, "remove
 
 Route::resource("product", ProductController::class);
 Route::resource("order", OrderController::class);
-Route::resource("image", ImageController::class)->only(["store", "delete", "create"]);
+Route::resource("image", ImageController::class)->only(["store", "delete", "create"])->middleware("auth.admin");