Avoiding issues and refactoring code

I made the code more passive, avoiding issued at taking, returning, storing alerts or removing alerts from an item. Now they all check if it is with you before returning/deleting alert etc. I am not sure if all cases are covered, but they are better than before. I had one only issued on this on that time, but I prefer to prioritize safety/security. I took the opportunitie to move some code from Controllers to the model itself, as they were changing with the DB.
2025-11-15 16:00:54 -03:00 · 2018-10-21 12:36:02 -03:00
parent 1f9da456a5
commit e22f49bc6a
4 changed files with 78 additions and 15 deletions
--- a/app/Http/Controllers/AlertController.php
+++ b/app/Http/Controllers/AlertController.php
@@ -29,9 +29,12 @@ class AlertController extends Controller
            );
            return redirect('home');
        }
-        $item->waiting_user_id = Auth::id();
-        $item->timestamps = false;
-        $item->save();
+
+        if ($item->used_by == Auth::id()) {
+            return redirect('home');
+        }
+
+        $item->storeAlert();

        $loggedUser = Auth::user()->name;
        $userWithItem = User::find($item->used_by);
@@ -45,10 +48,12 @@ class AlertController extends Controller
    public function delete(Request $request)
    {
        $item = User::loggedIn()->items()->find(request('item'));
-        $item->waiting_user_id = null;
-        $item->timestamps = false;
-        $item->save();

+        if ($item->waiting_user_id != Auth::id()) {
+            return redirect('home');
+        }
+
+        $item->removeAlert();
        return redirect('home');
    }
 }
--- a/app/Http/Controllers/TakeController.php
+++ b/app/Http/Controllers/TakeController.php
@@ -8,6 +8,7 @@ use App\Item;
 use App\User;
 use App\Events\ReturnItem;
 use Illuminate\Http\Request;
+use PhpParser\Node\Stmt\TryCatch;

 /**
 * Responsible to Take and Return an Item.
@@ -24,14 +25,15 @@ class TakeController extends Controller
    public function store(Request $request)
    {
        $item = User::loggedIn()->items()->find(request('item'));
-        if ($item->used_by) {
+
+        try {
+            $item->takeItem();
+        } catch (\Exception $e) {
            return back()->withErrors(
-                Lang::getFromJson("This item is already taken")
+                Lang::getFromJson('This item is already taken')
            );
        }
-        $item->used_by = Auth::id();
-        $item->waiting_user_id = null;
-        $item->save();
+
        return redirect('home');
    }

@@ -46,8 +48,17 @@ class TakeController extends Controller
    public function delete(Request $request)
    {
        $item = User::loggedIn()->items()->find(request('item'));
+
+        try {
+            $item->returnItem();
+
+        } catch (\Exception $e) {
+            return back()->withErrors(
+                Lang::getFromJson("You cannot return an item that is not with you")
+            );
+        }
+
        event(new ReturnItem($item));
-        $item->returnItem();
        return redirect('home');
    }
 }