From c9f58d736afe0997b1638616b4bfc2b76854b7ce Mon Sep 17 00:00:00 2001 From: Kyle Date: Fri, 20 Mar 2026 20:10:12 -0400 Subject: [PATCH 1/4] Add event visibility middleware --- app/Http/Kernel.php | 1 + app/Http/Middleware/EventViewPolicy.php | 32 +++++++++++++++++++++++++ routes/web.php | 8 ++++--- 3 files changed, 38 insertions(+), 3 deletions(-) create mode 100644 app/Http/Middleware/EventViewPolicy.php diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index a86084528..25e1bf487 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -64,5 +64,6 @@ class Kernel extends HttpKernel { 'permission' => \Laratrust\Middleware\Permission::class, 'ability' => \Laratrust\Middleware\Ability::class, 'toggle' => \App\Http\Middleware\FeatureToggles::class, + 'event_visibility' => \App\Http\Middleware\EventViewPolicy::class, ]; } diff --git a/app/Http/Middleware/EventViewPolicy.php b/app/Http/Middleware/EventViewPolicy.php new file mode 100644 index 000000000..87f5cc1e4 --- /dev/null +++ b/app/Http/Middleware/EventViewPolicy.php @@ -0,0 +1,32 @@ +route('id'))) { + $event_id = $request->route('id'); + } elseif (!is_null($request->event_id)) { + $event_id = $request->event_id; + } + $event = Event::find($event_id); + + if (is_null($event) || ($event->status == 0 && !Auth::user()->hasPermission('events'))) { + abort(404, 'Not found'); + } + + return $next($request); + } +} diff --git a/routes/web.php b/routes/web.php index 39f42f6cb..6fcf6e072 100644 --- a/routes/web.php +++ b/routes/web.php @@ -96,9 +96,11 @@ Route::get('/profile/feedback-details/{id}', 'ControllerDash@showFeedbackDetails'); Route::get('/profile/trainer-feedback-details/{id}', 'ControllerDash@showTrainerFeedbackDetails'); Route::get('/events', 'ControllerDash@showEvents'); - Route::get('/events/view/{id}', 'ControllerDash@viewEvent'); - Route::post('/events/view/signup', 'ControllerDash@signupForEvent')->name('signupForEvent'); - Route::get('/events/view/{id}/un-signup', 'ControllerDash@unsignupForEvent'); + Route::middleware('event_visibility')->group(function () { + Route::get('/events/view/{id}', 'ControllerDash@viewEvent'); + Route::post('/events/view/signup', 'ControllerDash@signupForEvent')->name('signupForEvent'); + Route::get('/events/view/{id}/un-signup', 'ControllerDash@unsignupForEvent'); + }); Route::get('/scenery', 'ControllerDash@sceneryIndex'); Route::get('/scenery/view/{id}', 'ControllerDash@showScenery'); Route::post('/scenery/search', 'ControllerDash@searchScenery'); From c89ac8c0203311e742293736dfc107d1c41c11ca Mon Sep 17 00:00:00 2001 From: Kyle Date: Sat, 21 Mar 2026 13:01:05 -0400 Subject: [PATCH 2/4] Consistent route group formatting --- routes/web.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/routes/web.php b/routes/web.php index 6fcf6e072..d10c2fcca 100644 --- a/routes/web.php +++ b/routes/web.php @@ -96,10 +96,12 @@ Route::get('/profile/feedback-details/{id}', 'ControllerDash@showFeedbackDetails'); Route::get('/profile/trainer-feedback-details/{id}', 'ControllerDash@showTrainerFeedbackDetails'); Route::get('/events', 'ControllerDash@showEvents'); - Route::middleware('event_visibility')->group(function () { - Route::get('/events/view/{id}', 'ControllerDash@viewEvent'); - Route::post('/events/view/signup', 'ControllerDash@signupForEvent')->name('signupForEvent'); - Route::get('/events/view/{id}/un-signup', 'ControllerDash@unsignupForEvent'); + Route::prefix('events')->group(function () { + Route::prefix('view')->middleware('event_visibility')->group(function () { + Route::get('/{id}', 'ControllerDash@viewEvent'); + Route::post('/signup', 'ControllerDash@signupForEvent')->name('signupForEvent'); + Route::get('/{id}/un-signup', 'ControllerDash@unsignupForEvent'); + }); }); Route::get('/scenery', 'ControllerDash@sceneryIndex'); Route::get('/scenery/view/{id}', 'ControllerDash@showScenery'); From 5a3424eac6f6a97553049940c72421aac236ca9d Mon Sep 17 00:00:00 2001 From: Kyle Date: Sun, 22 Mar 2026 16:48:03 -0400 Subject: [PATCH 3/4] Group event routes with guard --- routes/web.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/routes/web.php b/routes/web.php index d10c2fcca..22c09cc9c 100644 --- a/routes/web.php +++ b/routes/web.php @@ -95,8 +95,8 @@ Route::post('/ticket/{id}', 'TrainingDash@addStudentComments')->name('addStudentComments'); Route::get('/profile/feedback-details/{id}', 'ControllerDash@showFeedbackDetails'); Route::get('/profile/trainer-feedback-details/{id}', 'ControllerDash@showTrainerFeedbackDetails'); - Route::get('/events', 'ControllerDash@showEvents'); Route::prefix('events')->group(function () { + Route::get('/', 'ControllerDash@showEvents'); Route::prefix('view')->middleware('event_visibility')->group(function () { Route::get('/{id}', 'ControllerDash@viewEvent'); Route::post('/signup', 'ControllerDash@signupForEvent')->name('signupForEvent'); From 90c45f084feb56dc65549c25a9a73f28f2f8ead1 Mon Sep 17 00:00:00 2001 From: Kyle Date: Sun, 29 Mar 2026 21:20:56 -0400 Subject: [PATCH 4/4] Adds guards to event routes --- app/Http/Middleware/EventViewPolicy.php | 13 +++++++++++-- routes/web.php | 4 ++-- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/app/Http/Middleware/EventViewPolicy.php b/app/Http/Middleware/EventViewPolicy.php index 87f5cc1e4..a1535b6aa 100644 --- a/app/Http/Middleware/EventViewPolicy.php +++ b/app/Http/Middleware/EventViewPolicy.php @@ -3,9 +3,11 @@ namespace App\Http\Middleware; use App\Event; +use App\EventRegistration; use Auth; use Closure; use Illuminate\Http\Request; +use Illuminate\Support\Facades\Route; use Symfony\Component\HttpFoundation\Response; class EventViewPolicy { @@ -16,10 +18,17 @@ class EventViewPolicy { */ public function handle(Request $request, Closure $next): Response { $event_id = null; - if (!is_null($request->route('id'))) { + $route = Route::current(); + + if ($route->getName() == 'viewEvent') { $event_id = $request->route('id'); - } elseif (!is_null($request->event_id)) { + } elseif ($route->getName() == 'signupForEvent') { $event_id = $request->event_id; + } elseif ($route->getName() == 'unSignupForEvent') { + $event_registration = EventRegistration::find($request->route('id')); + if (!is_null($event_registration)) { + $event_id = $event_registration->event_id; + } } $event = Event::find($event_id); diff --git a/routes/web.php b/routes/web.php index 22c09cc9c..ac84c7db2 100644 --- a/routes/web.php +++ b/routes/web.php @@ -98,9 +98,9 @@ Route::prefix('events')->group(function () { Route::get('/', 'ControllerDash@showEvents'); Route::prefix('view')->middleware('event_visibility')->group(function () { - Route::get('/{id}', 'ControllerDash@viewEvent'); + Route::get('/{id}', 'ControllerDash@viewEvent')->name('viewEvent'); Route::post('/signup', 'ControllerDash@signupForEvent')->name('signupForEvent'); - Route::get('/{id}/un-signup', 'ControllerDash@unsignupForEvent'); + Route::get('/{id}/un-signup', 'ControllerDash@unsignupForEvent')->name('unSignupForEvent'); }); }); Route::get('/scenery', 'ControllerDash@sceneryIndex');