From 241cc9659f43492e268415805f6bb47b4036fc53 Mon Sep 17 00:00:00 2001
From: fsociety <fsociety.mp3@pm.me>
Date: Mon, 30 Sep 2024 17:09:25 +0200
Subject: [PATCH] feat: add permission checks for election views

- Add permission checks to the election index and election year views.
- Show election views only to users with a certain association status.
- Update nostrApp.js to entangle the 'isAllowed' state.
---
 resources/js/nostrApp.js                          |  1 +
 .../election/[Election:year].blade.php            | 12 ++++++++++--
 .../pages/association/election/index.blade.php    | 15 +++++++++++++--
 .../pages/association/members/admin.blade.php     |  9 ++++++++-
 4 files changed, 32 insertions(+), 5 deletions(-)

diff --git a/resources/js/nostrApp.js b/resources/js/nostrApp.js
index 0161073..75dda89 100644
--- a/resources/js/nostrApp.js
+++ b/resources/js/nostrApp.js
@@ -1,5 +1,6 @@
 export default (livewireComponent) => ({
 
+    isAllowed: livewireComponent.entangle('isAllowed', true),
     signThisEvent: livewireComponent.entangle('signThisEvent'),
 
     init() {
diff --git a/resources/views/pages/association/election/[Election:year].blade.php b/resources/views/pages/association/election/[Election:year].blade.php
index 72c58a0..bf89b1c 100644
--- a/resources/views/pages/association/election/[Election:year].blade.php
+++ b/resources/views/pages/association/election/[Election:year].blade.php
@@ -24,7 +24,9 @@ use function Livewire\Volt\{on};
 
 name('association.election');
 
+state(['isAllowed' => false]);
 state(['currentPubkey' => null]);
+state(['currentPleb' => null]);
 state(['events' => []]);
 state(['election' => fn() => $election]);
 state(['plebs' => []]);
@@ -50,6 +52,12 @@ mount(function () {
 on([
     'nostrLoggedIn' => function ($pubkey) {
         $this->currentPubkey = $pubkey;
+        $this->currentPleb = \App\Models\EinundzwanzigPleb::query()
+            ->where('pubkey', $pubkey)->first();
+        if($this->currentPleb->association_status->value < 3) {
+            return redirect()->route('association.profile');
+        }
+        $this->isAllowed = true;
     },
 ]);
 
@@ -150,7 +158,7 @@ $signEvent = function ($event) {
 
 <x-layouts.app title="{{ __('Wahl') }}">
     @volt
-    <div class="relative flex h-full" x-data="nostrApp(@this)" wire:poll.600000ms="checkElection">
+    <div x-cloak x-show="isAllowed" class="relative flex h-full" x-data="nostrApp(@this)" wire:poll.600000ms="checkElection">
 
         @php
             $positions = [
@@ -189,7 +197,7 @@ $signEvent = function ($event) {
                 ->values();
         @endphp
 
-            <!-- Inbox sidebar -->
+        <!-- Inbox sidebar -->
         <div id="inbox-sidebar"
              class="absolute z-20 top-0 bottom-0 w-full md:w-auto md:static md:top-auto md:bottom-auto -mr-px md:translate-x-0 transition-transform duration-200 ease-in-out"
              :class="inboxSidebarOpen ? 'translate-x-0' : '-translate-x-full'">
diff --git a/resources/views/pages/association/election/index.blade.php b/resources/views/pages/association/election/index.blade.php
index 0dfc2a6..5563acc 100644
--- a/resources/views/pages/association/election/index.blade.php
+++ b/resources/views/pages/association/election/index.blade.php
@@ -13,6 +13,8 @@ use function Livewire\Volt\{on};
 
 name('association.elections');
 
+state(['isAllowed' => false]);
+state(['currentPubkey' => null]);
 state(['elections' => []]);
 
 mount(function () {
@@ -21,7 +23,16 @@ mount(function () {
         ->toArray();
 });
 
-updated([
+on([
+    'nostrLoggedIn' => function ($pubkey) {
+        $this->currentPubkey = $pubkey;
+        $this->currentPleb = \App\Models\EinundzwanzigPleb::query()
+            ->where('pubkey', $pubkey)->first();
+        if($this->currentPleb->association_status->value < 3) {
+            return redirect()->route('association.profile');
+        }
+        $this->isAllowed = true;
+    },
 ]);
 
 $saveElection = function ($index) {
@@ -35,7 +46,7 @@ $saveElection = function ($index) {
 
 <x-layouts.app title="{{ __('Wahlen') }}">
     @volt
-    <div class="relative flex h-full">
+    <div x-cloak class="relative flex h-full" x-show="isAllowed" x-data="{isAllowed: $wire.entangle('isAllowed').live}">
         @foreach($elections as $election)
             <div class="w-full sm:w-1/3 p-4">
                 <div class="shadow-lg rounded-lg overflow-hidden">
diff --git a/resources/views/pages/association/members/admin.blade.php b/resources/views/pages/association/members/admin.blade.php
index 6cdd35a..3b31504 100644
--- a/resources/views/pages/association/members/admin.blade.php
+++ b/resources/views/pages/association/members/admin.blade.php
@@ -13,12 +13,19 @@ use function Livewire\Volt\{on};
 
 name('association.members.admin');
 
+state(['isAllowed' => false]);
 state(['currentPubkey' => null]);
 state(['members' => []]);
 
 on([
     'nostrLoggedIn' => function ($pubkey) {
         $this->currentPubkey = $pubkey;
+        $this->currentPleb = \App\Models\EinundzwanzigPleb::query()
+            ->where('pubkey', $pubkey)->first();
+        if($this->currentPubkey !== '0adf67475ccc5ca456fd3022e46f5d526eb0af6284bf85494c0dd7847f3e5033') {
+            return redirect()->route('association.profile');
+        }
+        $this->isAllowed = true;
     },
 ]);
 
@@ -26,7 +33,7 @@ on([
 
 <x-layouts.app title="{{ __('Mitglieder') }}">
     @volt
-    <div class="px-4 sm:px-6 lg:px-8 py-8 w-full max-w-9xl mx-auto">
+    <div class="px-4 sm:px-6 lg:px-8 py-8 w-full max-w-9xl mx-auto" x-show="isAllowed" x-data="{isAllowed: $wire.entangle('isAllowed').live}" x-cloak>
         <livewire:einundzwanzig-pleb-table/>
     </div>
     @endvolt