Finish user edit, update, index, and destroy actions

Author: summerblue

app/Http/Controllers/SessionsController.php

@@ -11,6 +11,13 @@
 
 class SessionsController extends Controller
 {
+    public function __construct()
+    {
+        $this->middleware('guest', [
+            'only' => ['create']
+        ]);
+    }
+
     public function create()
     {
         return view('sessions.create');
@@ -24,13 +31,13 @@ public function store(Request $request)
        ]);
 
        $credentials = [
-           'email'    => $request->email,
-           'password' => $request->password,
+           'email'    => $request->input('email'),
+           'password' => $request->input('password'),
        ];
 
        if (Auth::attempt($credentials, $request->has('remember'))) {
            session()->flash('success', '欢迎回来！');
-           return redirect()->route('users.show', [Auth::user()]);
+           return redirect()->intended(route('users.show', [Auth::user()]));
        } else {
            session()->flash('danger', '很抱歉，您的邮箱和密码不匹配');
            return redirect()->back();

app/Http/Controllers/UsersController.php

@@ -13,6 +13,23 @@
 
 class UsersController extends Controller
 {
+    public function __construct()
+    {
+        $this->middleware('auth', [
+            'only' => ['edit', 'update', 'destroy']
+        ]);
+
+        $this->middleware('guest', [
+            'only' => ['create']
+        ]);
+    }
+
+    public function index()
+    {
+        $users = User::paginate(30);
+        return view('users.index', compact('users'));
+    }
+
     public function create()
     {
         return view('users.create');
@@ -42,4 +59,41 @@ public function store(Request $request)
         session()->flash('success', '欢迎，您将在这里开启一段新的旅程~');
         return redirect()->route('users.show', [$user]);
     }
+
+    public function edit($id)
+    {
+        $user = User::findOrFail($id);
+        $this->authorize('update', $user);
+        return view('users.edit', compact('user'));
+    }
+
+    public function update($id, Request $request)
+    {
+        $this->validate($request, [
+            'name' => 'required|max:50',
+            'password' => 'confirmed|min:6'
+        ]);
+
+        $user = User::findOrFail($id);
+        $this->authorize('update', $user);
+
+        $data = array_filter([
+            'name' => $request->name,
+            'password' => $request->password,
+        ]);
+        $user->update($data);
+
+        session()->flash('success', '个人资料更新成功！');
+
+        return redirect()->route('users.show', $id);
+    }
+
+    public function destroy($id)
+    {
+        $user = User::findOrFail($id);
+        $this->authorize('destroy', $user);
+        $user->delete();
+        session()->flash('success', '成功删除用户！');
+        return back();
+    }
 }

app/Http/Middleware/Authenticate.php

@@ -38,7 +38,7 @@ public function handle($request, Closure $next)
             if ($request->ajax()) {
                 return response('Unauthorized.', 401);
             } else {
-                return redirect()->guest('auth/login');
+                return redirect()->guest('login');
             }
         }
 

app/Policies/UserPolicy.php

@@ -0,0 +1,21 @@
+<?php
+
+namespace App\Policies;
+
+use Illuminate\Auth\Access\HandlesAuthorization;
+use App\Models\User;
+
+class UserPolicy
+{
+    use HandlesAuthorization;
+
+    public function update(User $currentUser, User $user)
+    {
+        return $currentUser->id === $user->id;
+    }
+
+    public function destroy(User $currentUser, User $user)
+    {
+        return $currentUser->is_admin && $currentUser->id !== $user->id;
+    }
+}

app/Providers/AuthServiceProvider.php

@@ -5,6 +5,9 @@
 use Illuminate\Contracts\Auth\Access\Gate as GateContract;
 use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
 
+use App\Models\User;
+use App\Policies\UserPolicy;
+
 class AuthServiceProvider extends ServiceProvider
 {
     /**
@@ -14,6 +17,7 @@ class AuthServiceProvider extends ServiceProvider
      */
     protected $policies = [
         'App\Model' => 'App\Policies\ModelPolicy',
+        User::class  => UserPolicy::class,
     ];
 
     /**

database/factories/ModelFactory.php

@@ -12,10 +12,14 @@
 */
 
 $factory->define(App\Models\User::class, function (Faker\Generator $faker) {
+    $date_time = $faker->date . ' ' . $faker->time;
     return [
         'name' => $faker->name,
         'email' => $faker->safeEmail,
-        'password' => bcrypt(str_random(10)),
+        'is_admin' => false,
+        'password' => str_random(10),
         'remember_token' => str_random(10),
+        'created_at' => $date_time,
+        'updated_at' => $date_time,
     ];
 });

database/migrations/2016_12_17_103708_add_is_admin_to_users_table.php

@@ -0,0 +1,31 @@
+<?php
+
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Database\Migrations\Migration;
+
+class AddIsAdminToUsersTable extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('users', function (Blueprint $table) {
+            $table->boolean('is_admin')->default(false);
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('users', function (Blueprint $table) {
+            $table->dropColumn('is_admin');
+        });
+    }
+}

database/seeds/DatabaseSeeder.php

@@ -14,7 +14,7 @@ public function run()
     {
         Model::unguard();
 
-        // $this->call(UserTableSeeder::class);
+        $this->call('UsersTableSeeder');
 
         Model::reguard();
     }

database/seeds/UsersTableSeeder.php

@@ -0,0 +1,25 @@
+<?php
+
+use Illuminate\Database\Seeder;
+use App\Models\User;
+
+class UsersTableSeeder extends Seeder
+{
+    /**
+     * Run the database seeds.
+     *
+     * @return void
+     */
+    public function run()
+    {
+        $users = factory(User::class)->times(50)->make();
+        User::insert($users->toArray());
+
+        $user = User::find(1);
+        $user->name = 'Aufree';
+        $user->email = '[email protected]';
+        $user->password = 'password';
+        $user->is_admin = true;
+        $user->save();
+    }
+}

public/css/app.css

@@ -161,3 +161,33 @@ input {
 .panel {
   margin-top: 50px;
 }
+
+/* Users edit */
+
+.gravatar_edit {
+  margin: 15px auto;
+  text-align: center;
+  .gravatar {
+    float: none;
+    max-width: 100px;
+  }
+}
+
+/* Users index */
+
+.users {
+  list-style: none;
+  margin: 0;
+  padding-left: 0;
+  li {
+    overflow: auto;
+    padding: 10px 0;
+    border-bottom: 1px solid $gray-lighter;
+  }
+}
+
+.delete-btn {
+  float: right;
+  position: relative;
+  right: 0;
+}

public/css/app.css.map

@@ -5,14 +5,14 @@
       <nav>
         <ul class="nav navbar-nav navbar-right">
           @if (Auth::check())
-            <li><a href="#">用户列表</a></li>
+            <li><a href="{{ route('users.index') }}">用户列表</a></li>
             <li class="dropdown">
               <a href="#" class="dropdown-toggle" data-toggle="dropdown">
                 {{ Auth::user()->name }} <b class="caret"></b>
               </a>
               <ul class="dropdown-menu">
                 <li><a href="{{ route('users.show', Auth::user()->id) }}">个人中心</a></li>
-                <li><a href="#">编辑资料</a></li>
+                <li><a href="{{ route('users.edit', Auth::user()->id) }}">编辑资料</a></li>
                 <li class="divider"></li>
                 <li>
                   <a id="logout" href="#">

resources/assets/sass/app.scss

@@ -0,0 +1,12 @@
+<li>
+    <img src="{{ $user->gravatar() }}" alt="{{ $user->name }}" class="gravatar"/>
+    <a href="{{ route('users.show', $user->id )}}" class="username">{{ $user->name }}</a>
+
+    @can('destroy', $user)
+      <form action="{{ route('users.destroy', $user->id) }}" method="post">
+        {{ csrf_field() }}
+        {{ method_field('DELETE') }}
+        <button type="submit" class="btn btn-sm btn-danger delete-btn">删除</button>
+      </form>
+    @endcan
+</li>

resources/views/layouts/_header.blade.php

@@ -0,0 +1,49 @@
+@extends('layouts.default')
+@section('title', '更新个人资料')
+
+@section('content')
+<div class="col-md-offset-2 col-md-8">
+  <div class="panel panel-default">
+    <div class="panel-heading">
+      <h5>更新个人资料</h5>
+    </div>
+      <div class="panel-body">
+
+        @include('shared.errors')
+
+        <div class="gravatar_edit">
+          <a href="http://gravatar.com/emails" target="_blank">
+            <img src="{{ $user->gravatar('200') }}" alt="{{ $user->name }}" class="gravatar"/>
+          </a>
+        </div>
+
+        <form method="POST" action="{{ route('users.update', $user->id )}}">
+            {{ method_field('PATCH') }}
+            {{ csrf_field() }}
+
+            <div class="form-group">
+              <label for="name">名称：</label>
+              <input type="text" name="name" class="form-control" value="{{ $user->name }}">
+            </div>
+
+            <div class="form-group">
+              <label for="email">邮箱：</label>
+              <input type="text" name="email" class="form-control" value="{{ $user->email }}" disabled>
+            </div>
+
+            <div class="form-group">
+              <label for="password">密码：</label>
+              <input type="password" name="password" class="form-control" value="{{ old('password') }}">
+            </div>
+
+            <div class="form-group">
+              <label for="password_confirmation">确认密码：</label>
+              <input type="password" name="password_confirmation" class="form-control" value="{{ old('password_confirmation') }}">
+            </div>
+
+            <button type="submit" class="btn btn-primary">更新</button>
+        </form>
+    </div>
+  </div>
+</div>
+@stop

resources/views/users/_user.blade.php

@@ -0,0 +1,15 @@
+@extends('layouts.default')
+@section('title', '所有用户')
+
+@section('content')
+<div class="col-md-offset-2 col-md-8">
+  <h1>所有用户</h1>
+  <ul class="users">
+    @foreach ($users as $user)
+      @include('users._user')
+    @endforeach
+  </ul>
+
+  {!! $users->render() !!}
+</div>
+@stop