diff --git a/app/Audit.php b/app/Audit.php index 86769df98..ba72bfcd7 100644 --- a/app/Audit.php +++ b/app/Audit.php @@ -7,7 +7,6 @@ class Audit extends Model { protected $table = 'audits'; - protected $fillable = ['id', 'cid', 'ip', 'what', 'created_at', 'updated_at']; public function getTimeDateAttribute() { $date = $this->created_at; @@ -17,10 +16,21 @@ public function getTimeDateAttribute() { } public static function newAudit(string $message): void { + $impersonated_by_id = null; + $impersonation_string = ''; + if (session()->has('impersonating_user')) { + $impersonated_by_id = session('impersonating_user'); + $impersonation_user = User::find($impersonated_by_id); + + $impersonation_string = 'IMPERSONATED BY ' . (is_null($impersonation_user) ? 'UNKNOWN' : $impersonation_user->full_name) . ': '; + } + $impersonated_by_id = session()->has('impersonating_user') ? session('impersonating_user') : null; + $audit = new Audit; $audit->cid = Auth::id(); + $audit->impersonated_by_id = $impersonated_by_id; $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name . ' ' . $message; + $audit->what = $impersonation_string . Auth::user()->full_name . ' ' . $message; $audit->save(); } } diff --git a/app/Http/Controllers/AdminDash.php b/app/Http/Controllers/AdminDash.php index ba182662f..ee6b57e8e 100644 --- a/app/Http/Controllers/AdminDash.php +++ b/app/Http/Controllers/AdminDash.php @@ -91,11 +91,7 @@ public function storeScenery(Request $request) { $scenery->image3 = $request->input('image3'); $scenery->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' added new scenery.'; - $audit->save(); + Audit::newAudit(' added new scenery.'); return redirect('/dashboard/admin/scenery')->with('success', 'Scenery added successfully.'); } @@ -128,11 +124,7 @@ public function saveScenery(Request $request, $id) { $scenery->image3 = $request->input('image3'); $scenery->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' updated a scenery.'; - $audit->save(); + Audit::newAudit(' updated a scenery.'); return redirect('/dashboard/admin/scenery')->with('success', 'Scenery edited successfully.'); } @@ -141,11 +133,7 @@ public function deleteScenery($id) { $scenery = Scenery::find($id); $scenery->delete(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' removed a scenery.'; - $audit->save(); + Audit::newAudit(' removed a scenery.'); return redirect('/dashboard/admin/scenery')->with('success', 'Scenery deleted successfully.'); } @@ -452,11 +440,7 @@ public function updateController(Request $request, $id) { $user->save(); } - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' made changes to '.$user->full_name.'.'; - $audit->save(); + Audit::newAudit(' made changes to '.$user->full_name.'.'); return redirect('/dashboard/controllers/roster')->with('success', 'Controller updated successfully.'); } @@ -471,11 +455,7 @@ public function disallowVisitReq($id) { $user->status = 2; $user->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' removed '.$name.' from the visitor agreement.'; - $audit->save(); + Audit::newAudit(' removed '.$name.' from the visitor agreement.'); return redirect('/dashboard/controllers/roster')->with('success', 'Controller removed from the visitor agreement.'); } @@ -493,11 +473,7 @@ public function allowVisitReq(Request $request) { } $visitrej->delete(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' readded '.$name.' to the visitor agreement.'; - $audit->save(); + Audit::newAudit(' readded '.$name.' to the visitor agreement.'); return redirect('/dashboard/controllers/roster')->with('success', 'Controller allowed to visit.'); } @@ -564,11 +540,7 @@ public function rejectVisitRequest(Request $request, $id) { Mail::to($visitor->email)->send(new VisitorMail('reject', $visitor)); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' rejected the visit request for '.$visitor->name.'.'; - $audit->save(); + Audit::newAudit(' rejected the visit request for '.$visitor->name.'.'); return redirect('/dashboard/admin/roster/visit/requests')->with('success', 'The visit request has been rejected successfully.'); } @@ -617,11 +589,7 @@ public function storeVisitor(Request $request) { $user->twr_solo_expires = ''; $user->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' added the visitor '.$user->full_name.'.'; - $audit->save(); + Audit::newAudit(' added the visitor '.$user->full_name.'.'); // Add to the VATUSA roster $client = new Client(); @@ -643,11 +611,7 @@ public function removeVisitor($id) { $user->status = 2; $user->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' removed the visitor '.$name.'.'; - $audit->save(); + Audit::newAudit(' removed the visitor '.$name.'.'); if (filter_var($user->email, FILTER_VALIDATE_EMAIL)) { Mail::to($user->email)->send(new VisitorMail('remove', $user)); } @@ -703,11 +667,7 @@ public function storeCalendarEvent(Request $request) { $calendar->created_by = Auth::id(); $calendar->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' added a new calendar or news event.'; - $audit->save(); + Audit::newAudit(' added a new calendar or news event.'); return redirect('/dashboard/admin/calendar')->with('success', 'The calendar event or news posting has been created.'); } @@ -735,11 +695,7 @@ public function saveCalendarEvent(Request $request, $id) { $calendar->updated_by = Auth::id(); $calendar->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' edited the calendar event '.$calendar->title.'.'; - $audit->save(); + Audit::newAudit(' edited the calendar event '.$calendar->title.'.'); return redirect('/dashboard/admin/calendar')->with('success', 'The calendar event or news posting has been edited.'); } @@ -749,11 +705,7 @@ public function deleteCalendarEvent($id) { $title = $calendar->title; $calendar->delete(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' removed the calendar event '.$title.'.'; - $audit->save(); + Audit::newAudit(' removed the calendar event '.$title.'.'); return redirect('/dashboard/admin/calendar')->with('success', 'The calendar event or news posting has been deleted.'); } @@ -772,11 +724,7 @@ public function toggleCalendarEventVisibility($id) { $calendar->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name . ' made ' . $calendar->title . ' ' . $type . '.'; - $audit->save(); + Audit::newAudit(' made ' . $calendar->title . ' ' . $type . '.'); return redirect('/dashboard/admin/calendar')->with('success', 'Changed ' . $calendar->title . ' to be ' . $type . '!'); } @@ -838,11 +786,7 @@ public function storeFile(Request $request) { $file->permalink = $permalink; $file->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' created the file '.$file->name.'.'; - $audit->save(); + Audit::newAudit(' created the file '.$file->name.'.'); return redirect('/dashboard/controllers/files')->with('success', 'The file has been successfully added.'); } @@ -860,11 +804,7 @@ public function fileSeparator(Request $request) { $file->row_separator = 1; $file->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' created the file separator '.$file->name.'.'; - $audit->save(); + Audit::newAudit(' created the file separator '.$file->name.'.'); return redirect('/dashboard/controllers/files')->with('success', 'The file separator has been successfully added.'); } @@ -892,11 +832,7 @@ public function saveFile(Request $request, $id) { $file->permalink = $permalink; $file->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' updated the file '.$file->name.'.'; - $audit->save(); + Audit::newAudit(' updated the file '.$file->name.'.'); return redirect('/dashboard/controllers/files')->with('success', 'The file has been edited successfully.'); } @@ -960,11 +896,7 @@ public function deleteFile($id) { $file_path = $file->path; $file->delete(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' deleted the file '.$file->name.'.'; - $audit->save(); + Audit::newAudit(' deleted the file '.$file->name.'.'); return redirect()->back()->with('success', 'The file has been deleted successfully.'); } @@ -1000,11 +932,7 @@ public function saveFeedback(Request $request, $id) { $feedback->status = 1; $feedback->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' saved feedback '.$feedback->id.' for '.$feedback->controller_name.'.'; - $audit->save(); + Audit::newAudit(' saved feedback '.$feedback->id.' for '.$feedback->controller_name.'.'); $controller = User::find($feedback->feedback_id); if (isset($controller)) { @@ -1022,11 +950,7 @@ public function hideFeedback(Request $request, $id) { $feedback->status = 2; $feedback->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' archived feedback '.$feedback->id.' for '.$feedback->controller_name.'.'; - $audit->save(); + Audit::newAudit(' archived feedback '.$feedback->id.' for '.$feedback->controller_name.'.'); return redirect()->back()->with('success', 'The feedback has been hidden.'); } @@ -1040,11 +964,7 @@ public function updateFeedback(Request $request, $id) { $feedback->status = $request->status; $feedback->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' updated feedback '.$feedback->id.' for '.$feedback->controller_name.'.'; - $audit->save(); + Audit::newAudit(' updated feedback '.$feedback->id.' for '.$feedback->controller_name.'.'); return redirect()->back()->with('success', 'The feedback has been updated.'); } @@ -1064,11 +984,7 @@ public function emailFeedback(Request $request, $id) { $body = $request->body; $sender = Auth::user(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' emailed the pilot for feedback '.$feedback->id.'.'; - $audit->save(); + Audit::newAudit(' emailed the pilot for feedback '.$feedback->id.'.'); Mail::to($feedback->pilot_email)->send(new PilotFeedback($feedback, $subject, $body, $sender, $replyToAddress, $replyToName)); @@ -1097,11 +1013,7 @@ public function saveTrainerFeedback(Request $request, $id) { $feedback->status = 1; $feedback->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' saved trainer feedback '.$feedback->id.' for '.$feedback->controller_name.'.'; - $audit->save(); + Audit::newAudit(' saved trainer feedback '.$feedback->id.' for '.$feedback->controller_name.'.'); $trainer = User::find($feedback->feedback_id); if (isset($trainer)) { @@ -1127,11 +1039,7 @@ public function hideTrainerFeedback(Request $request, $id) { $feedback->status = 2; $feedback->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' archived treainer feedback '.$feedback->id.' for '.$feedback->controller_name.'.'; - $audit->save(); + Audit::newAudit(' archived treainer feedback '.$feedback->id.' for '.$feedback->controller_name.'.'); return redirect()->back()->with('success', 'The trainer feedback has been hidden.'); } @@ -1152,11 +1060,7 @@ public function updateTrainerFeedback(Request $request, $id) { $feedback->status = $request->status; $feedback->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' updated trainer feedback '.$feedback->id.' for '.$feedback->controller_name.'.'; - $audit->save(); + Audit::newAudit(' updated trainer feedback '.$feedback->id.' for '.$feedback->controller_name.'.'); return redirect()->back()->with('success', 'The trainer feedback has been updated.'); } @@ -1176,11 +1080,7 @@ public function emailTrainerFeedback(Request $request, $id) { $body = $request->body; $sender = Auth::user(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' emailed the student for feedback '.$feedback->id.'.'; - $audit->save(); + Audit::newAudit(' emailed the student for feedback '.$feedback->id.'.'); Mail::to($feedback->student_email)->send(new PilotFeedback($feedback, $subject, $body, $sender, $replyToAddress, $replyToName)); @@ -1262,11 +1162,7 @@ public function sendEmail(Request $request) { Mail::to($sender->email)->send(new SendEmail($sender, $subject, $body, $reply_to, $name)); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' sent an email from the send email page.'; - $audit->save(); + Audit::newAudit(' sent an email from the send email page.'); return redirect('/dashboard/admin/email/send')->with('success', 'The email has been sent successfully and a copy has been sent to you as well.'); } @@ -1282,11 +1178,7 @@ public function saveAnnouncement(Request $request) { $announcement->staff_member = Auth::id(); $announcement->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' updated the announcement.'; - $audit->save(); + Audit::newAudit(' updated the announcement.'); return redirect('/dashboard/admin/announcement')->with('success', 'The announcement has been updated successfully.'); } @@ -1348,11 +1240,7 @@ public function setLocalHeroWinner($year, $month, $hours, $id) { $local_hero->month_hours = $hours; $local_hero->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' set the local hero winner for '.$month.'/'.$year.'.'; - $audit->save(); + Audit::newAudit(' set the local hero winner for '.$month.'/'.$year.'.'); return redirect('/dashboard/admin/bronze-mic/localsort/'.$year.'/'.$month)->with('success', 'The controller has been set as the local hero winner successfully.'); } @@ -1361,11 +1249,7 @@ public function removeLocalHeroWinner($id, $year, $month) { $local_hero = LocalHero::find($id); $local_hero->delete(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' removed the local hero winner for '.$month.'/'.$year.'.'; - $audit->save(); + Audit::newAudit(' removed the local hero winner for '.$month.'/'.$year.'.'); return redirect('/dashboard/admin/bronze-mic/localsort/'.$year.'/'.$month)->with('success', 'The local hero winner has been removed successfully.'); } @@ -1403,11 +1287,7 @@ public function updateLocalHeroChallenge(Request $request, $id) { $local_hero_challenge->news_id = $news->id; $local_hero_challenge->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' updated the local hero configuration for '.$request->month.'/'.$request->year.'.'; - $audit->save(); + Audit::newAudit(' updated the local hero configuration for '.$request->month.'/'.$request->year.'.'); return redirect('/dashboard/admin/bronze-mic/localsort/'.$request->year.'/'.$request->month)->with('success', 'Local hero configuration settings were saved.'); } @@ -1420,11 +1300,7 @@ public function setBronzeWinner(Request $request, $year, $month, $hours, $id) { $bronze->month_hours = $hours; $bronze->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' set the bronze mic winner for '.$month.'/'.$year.'.'; - $audit->save(); + Audit::newAudit(' set the bronze mic winner for '.$month.'/'.$year.'.'); return redirect('/dashboard/admin/bronze-mic/bronzesort/'.$year.'/'.$month)->with('success', 'The controller has been set as the bronze mic winner successfully.'); } @@ -1433,11 +1309,7 @@ public function removeBronzeWinner($id, $year, $month) { $bronze = Bronze::find($id); $bronze->delete(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' removed the bronze mic winner for '.$month.'/'.$year.'.'; - $audit->save(); + Audit::newAudit(' removed the bronze mic winner for '.$month.'/'.$year.'.'); return redirect('/dashboard/admin/bronze-mic/bronzesort/'.$year.'/'.$month)->with('success', 'The bronze mic winner has been removed successfully.'); } @@ -1468,11 +1340,7 @@ public function setPyriteWinner(Request $request, $year, $hours, $id) { $bronze->year_hours = $hours; $bronze->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' set the pyrite mic winner for 20'.$year.'.'; - $audit->save(); + Audit::newAudit(' set the pyrite mic winner for 20'.$year.'.'); return redirect('/dashboard/admin/pyrite-mic/'.$year)->with('success', 'The controller has been set as the pyrite mic winner successfully.'); } @@ -1481,11 +1349,7 @@ public function removePyriteWinner($id, $year) { $bronze = Pyrite::find($id); $bronze->delete(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' removed the pyrite mic winner for 20'.$year.'.'; - $audit->save(); + Audit::newAudit(' removed the pyrite mic winner for 20'.$year.'.'); return redirect('/dashboard/admin/pyrite-mic/'.$year)->with('success', 'The winner has been removed successfully.'); } @@ -1556,11 +1420,7 @@ public function saveNewEvent(Request $request) { return redirect('/dashboard/controllers/events/view/'.$event->id)->with('error', 'The event has been created successfully, but the banner image appears to be corrupt. Please re-save the image and ensure that it is not an animated image.'); } - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' created the event '.$event->name.'.'; - $audit->save(); + Audit::newAudit(' created the event '.$event->name.'.'); return redirect('/dashboard/controllers/events/view/'.$event->id)->with('success', 'The event has been created successfully.'); } @@ -1645,11 +1505,7 @@ public function saveEvent(Request $request, $id) { return redirect('/dashboard/controllers/events/view/'.$event->id)->with('error', 'The event has been created successfully, but the banner image appears to be corrupt. Please re-save the image and ensure that it is not an animated image.'); } - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' edited the event '.$event->name.'.'; - $audit->save(); + Audit::newAudit(' edited the event '.$event->name.'.'); return redirect('/dashboard/controllers/events/view/'.$event->id)->with('success', 'The event has been edited successfully.'); } @@ -1676,11 +1532,7 @@ public function deleteEvent($id, Request $request) { $event->delete(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' deleted the event '.$name.'.'; - $audit->save(); + Audit::newAudit(' deleted the event '.$name.'.'); return redirect('/dashboard/controllers/events')->with('success', 'The event has been deleted successfully.'); } @@ -1691,11 +1543,7 @@ public function denylistEvent($event) { $event_denylist->event_name = $event->name; $event_denylist->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' denylisted event with name '.$event->name.'.'; - $audit->save(); + Audit::newAudit(' denylisted event with name '.$event->name.'.'); } public function viewEventDenylist() { @@ -1708,11 +1556,7 @@ public function deleteEventDenylist($id) { $vatsim_id = $event_denylists->vatim_id; $event_denylists->delete(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' deleted the event denylist with id '.$vatsim_id.'.'; - $audit->save(); + Audit::newAudit(' deleted the event denylist with id '.$vatsim_id.'.'); return redirect('/dashboard/admin/events/denylist')->with('success', 'The event denylist has been removed successfully.'); } @@ -1825,11 +1669,7 @@ public function setEventActive($id) { $event->status = 1; $event->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' set the event '.$event->name.' as active.'; - $audit->save(); + Audit::newAudit(' set the event '.$event->name.' as active.'); return redirect()->back()->with('success', 'The event has been unhidden successfully.'); } @@ -1839,11 +1679,7 @@ public function hideEvent($id) { $event->status = 0; $event->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' hid the event '.$event->name.'.'; - $audit->save(); + Audit::newAudit(' hid the event '.$event->name.'.'); return redirect()->back()->with('success', 'The event has been hidden successfully.'); } @@ -1973,11 +1809,7 @@ public function archiveIncident($id) { $incident->status = 1; $incident->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' archived incident report '.$id.'.'; - $audit->save(); + Audit::newAudit(' archived incident report '.$id.'.'); return redirect()->back()->with('success', 'The incident has been reported successfully.'); } @@ -1986,11 +1818,7 @@ public function deleteIncident($id) { $incident = Incident::find($id); $incident->delete(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' deleted incident report '.$id.'.'; - $audit->save(); + Audit::newAudit(' deleted incident report '.$id.'.'); return redirect()->back()->with('success', 'The incident has been deleted successfully.'); } @@ -2075,11 +1903,7 @@ public function saveLiveEventInfo(Request $request) { $live_event_info->publish = ($request->publish == '1') ? true : false; $live_event_info->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' updated the live event info.'; - $audit->save(); + Audit::newAudit(' updated the live event info.'); return redirect('/dashboard/admin/live')->with('success', 'The live event info has been updated successfully.'); } @@ -2117,11 +1941,7 @@ public function removeSoloCertifications(Request $request) { } } - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' revoked solo certs for '.$user->full_name.'.'; - + Audit::newAudit(' revoked solo certs for '.$user->full_name.'.'); return redirect('/dashboard/controllers/roster')->with('success', 'Solo certifications removed.'); } } diff --git a/app/Http/Controllers/ImpersonationController.php b/app/Http/Controllers/ImpersonationController.php new file mode 100644 index 000000000..15e2ef124 --- /dev/null +++ b/app/Http/Controllers/ImpersonationController.php @@ -0,0 +1,30 @@ +user_id); + if (is_null($user)) { + return redirect()->back()->with('error', 'That user does not exist'); + } + + session()->put('impersonate', $user->id); + + Audit::newAudit('started impersonating user ' . $user->impersonation_name . '.'); + return redirect('/dashboard')->with('warning', 'Successfully started impersonationg ' . $user->full_name . '. CAUTION: Impersonating actively logs you into the user\'s REAL account. Changes made while impersonating will be reflected on the user\'s actual account. PROCEED WITH CARE.'); + } + + public function stop() { + Audit::newAudit('impersonation session ending...'); + + session()->forget('impersonate'); + session()->forget('impersonating_user'); + + return redirect('/dashboard'); + } +} diff --git a/app/Http/Controllers/MerchStore.php b/app/Http/Controllers/MerchStore.php index d9dc5bdeb..0f11927fa 100644 --- a/app/Http/Controllers/MerchStore.php +++ b/app/Http/Controllers/MerchStore.php @@ -4,7 +4,6 @@ use App\Audit; use App\Merch; -use Auth; use Carbon\Carbon; use Config; use Illuminate\Http\Request; @@ -60,11 +59,7 @@ public function saveItem(Request $request, $id = null) { $store_item->flag = $request->input('flag'); $store_item->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' modified a store item.'; - $audit->save(); + Audit::newAudit(' modified a store item.'); return redirect('/dashboard/admin/store')->with('success', 'Store item modified successfully.'); } @@ -73,11 +68,7 @@ public function deleteItem($id) { $store_item = Merch::find($id); $store_item->delete(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name.' removed a store item.'; - $audit->save(); + Audit::newAudit(' removed a store item.'); return redirect('/dashboard/admin/store')->with('success', 'Store item deleted successfully.'); } diff --git a/app/Http/Controllers/TrainingDash.php b/app/Http/Controllers/TrainingDash.php index 16fe1d46a..6fbf895d4 100644 --- a/app/Http/Controllers/TrainingDash.php +++ b/app/Http/Controllers/TrainingDash.php @@ -470,11 +470,7 @@ public function deleteTicket($id) { $ticket->delete(); if (! $draft) { - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name . ' deleted a training ticket for ' . User::find($controller_id)->full_name . '.'; - $audit->save(); + Audit::newAudit(' deleted a training ticket for ' . User::find($controller_id)->full_name . '.'); } return redirect('/dashboard/training/tickets?id=' . $controller_id)->with('success', 'The ticket has been deleted successfully.'); @@ -499,11 +495,7 @@ public function acceptRecommendation($id) { $ots->ins_id = Auth::id(); $ots->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name . ' accepted an OTS for ' . User::find($ots->controller_id)->full_name . '.'; - $audit->save(); + Audit::newAudit(' accepted an OTS for ' . User::find($ots->controller_id)->full_name . '.'); return redirect()->back()->with('success', 'You have sucessfully accepted this OTS. Please email the controller at ' . User::find($ots->controller_id)->email . ' in order to schedule the OTS.'); } @@ -533,11 +525,7 @@ public function assignRecommendation(Request $request, $id) { Mail::to($ins->email)->cc('training@ztlartcc.org')->send(new OtsAssignment($ots, $controller, $ins)); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name . ' assigned an OTS for ' . User::find($ots->controller_id)->full_name . ' to ' . User::find($ots->ins_id)->full_name . '.'; - $audit->save(); + Audit::newAudit(' assigned an OTS for ' . User::find($ots->controller_id)->full_name . ' to ' . User::find($ots->ins_id)->full_name . '.'); return redirect()->back()->with('success', 'The OTS has been assigned successfully and the instructor has been notified.'); } @@ -554,11 +542,7 @@ public function completeOTS(Request $request, $id) { $ots->status = $request->result; $ots->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name . ' updated an OTS for ' . User::find($ots->controller_id)->full_name . '.'; - $audit->save(); + Audit::newAudit(' updated an OTS for ' . User::find($ots->controller_id)->full_name . '.'); return redirect()->back()->with('success', 'The OTS has been updated successfully!'); } else { @@ -572,11 +556,7 @@ public function otsCancel($id) { $ots->status = 0; $ots->save(); - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name . ' cancelled an OTS for ' . User::find($ots->controller_id)->full_name . '.'; - $audit->save(); + Audit::newAudit(' cancelled an OTS for ' . User::find($ots->controller_id)->full_name . '.'); return redirect()->back()->with('success', 'The OTS has been unassigned from you and cancelled successfully.'); } @@ -943,14 +923,12 @@ private function saveNewTicket(Request $request, $id) { $student->save(); } - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name . ' added a training ticket for ' . User::find($ticket->controller_id)->full_name . '.'; + + $audit_msg = ' added a training ticket for ' . User::find($ticket->controller_id)->full_name . '.'; if ($promotion) { - $audit->what .= ' A promotion was pushed to VATUSA.'; + $audit_msg .= ' A promotion was pushed to VATUSA.'; } - $audit->save(); + Audit::newAudit($audit_msg); return redirect('/dashboard/training/tickets?id=' . $ticket->controller_id)->with('success', 'The training ticket has been submitted successfully' . $extra . '.'); } @@ -1045,14 +1023,12 @@ private function saveTicket(Request $request, $id) { $student->rating_id = 2; // Needed to prevent data discontinuity $student->save(); } - $audit = new Audit; - $audit->cid = Auth::id(); - $audit->ip = $_SERVER['REMOTE_ADDR']; - $audit->what = Auth::user()->full_name . ' edited a training ticket for ' . User::find($request->controller)->full_name . '.'; + + $audit_msg = ' edited a training ticket for ' . User::find($request->controller)->full_name . '.'; if ($promotion) { - $audit->what .= ' A promotion was pushed to VATUSA.'; + $audit_msg .= ' A promotion was pushed to VATUSA.'; } - $audit->save(); + Audit::newAudit($audit_msg); return redirect('/dashboard/training/tickets/view/' . $ticket->id)->with('success', 'The ticket has been updated successfully' . $extra . '.'); } else { diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index 869e64d7e..a86084528 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -35,6 +35,7 @@ class Kernel extends HttpKernel { \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \App\Http\Middleware\VerifyCsrfToken::class, \Illuminate\Routing\Middleware\SubstituteBindings::class, + \App\Http\Middleware\Impersonation::class, ], 'api' => [ diff --git a/app/Http/Middleware/Impersonation.php b/app/Http/Middleware/Impersonation.php new file mode 100644 index 000000000..880b45299 --- /dev/null +++ b/app/Http/Middleware/Impersonation.php @@ -0,0 +1,24 @@ +has('impersonate') && Auth::user()->isAbleTo('snrStaff')) { + session()->put('impersonating_user', Auth::id()); + Auth::onceUsingId(session('impersonate')); + } + + return $next($request); + } +} diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php index 01e6b2750..d25d7db14 100644 --- a/app/Providers/AppServiceProvider.php +++ b/app/Providers/AppServiceProvider.php @@ -2,11 +2,13 @@ namespace App\Providers; +use App\View\Composers\ImpersonationComposer; use Illuminate\Pagination\LengthAwarePaginator; use Illuminate\Pagination\Paginator; use Illuminate\Support\Collection; use Illuminate\Support\Facades\Blade; use Illuminate\Support\Facades\Schema; +use Illuminate\Support\Facades\View; use Illuminate\Support\Facades\Vite; use Illuminate\Support\ServiceProvider; @@ -24,6 +26,8 @@ public function boot(): void { return toggleEnabled($toggle_name); }); + View::composer('inc.dashboard_head', ImpersonationComposer::class); + /** * Paginate a standard Laravel Collection. * diff --git a/app/User.php b/app/User.php index 08bb784ff..837ac01e4 100644 --- a/app/User.php +++ b/app/User.php @@ -73,6 +73,22 @@ public function getFullNameRatingAttribute() { return $this->full_name . ' - ' . $this->rating_short; } + public function getImpersonationNameAttribute() { + $roles = array_reduce($this->roles->toArray(), function ($role_string, $role) { + return $role_string . $role['name'] . ', '; + }, ''); + + if ($this->visitor) { + $roles = 'visitor'; + } + + if ($roles != '') { + $roles = ' (' . trim($roles, ', ') . ')'; + } + + return $this->backwards_name . ' ' . $this->id . ' - ' . $this->rating_short . $roles; + } + public static $RatingShort = [ 0 => 'N/A', 1 => 'OBS', 2 => 'S1', diff --git a/app/View/Composers/ImpersonationComposer.php b/app/View/Composers/ImpersonationComposer.php new file mode 100644 index 000000000..97e347e53 --- /dev/null +++ b/app/View/Composers/ImpersonationComposer.php @@ -0,0 +1,32 @@ +has('impersonate'); + + if (Auth::user()->isAbleTo('snrStaff')) { + $users = User::where('status', 1)->orderBy('lname', 'ASC')->get()->pluck('impersonation_name', 'id'); + } + + $view->with('users', $users)->with('is_impersonating', $is_impersonating); + } + } +} diff --git a/database/migrations/2026_02_10_154100_audit_table_add_impersonated_by_id.php b/database/migrations/2026_02_10_154100_audit_table_add_impersonated_by_id.php new file mode 100644 index 000000000..9eb4550ee --- /dev/null +++ b/database/migrations/2026_02_10_154100_audit_table_add_impersonated_by_id.php @@ -0,0 +1,26 @@ +integer('impersonated_by_id')->nullable(); + + $table->foreign('impersonated_by_id')->references('id')->on('roster')->nullOnDelete(); + }); + } + + /** + * Reverse the migrations. + */ + public function down(): void { + Schema::table('audits', function ($table) { + $table->dropColumn('impersonated_by_id'); + }); + } +}; diff --git a/resources/views/inc/dashboard_head.blade.php b/resources/views/inc/dashboard_head.blade.php index 4efd8d2aa..ddfbcd3f5 100644 --- a/resources/views/inc/dashboard_head.blade.php +++ b/resources/views/inc/dashboard_head.blade.php @@ -1,26 +1,30 @@ - + @else + {{ Auth::user()->full_name }} - {{ Auth::user()->rating_short }} + @endif + + + diff --git a/resources/views/inc/messages.blade.php b/resources/views/inc/messages.blade.php index 35a72786d..d50b64a62 100644 --- a/resources/views/inc/messages.blade.php +++ b/resources/views/inc/messages.blade.php @@ -17,6 +17,13 @@ @endif + @if(session('warning')) +
+
+ {{ session('warning') }} +
+ @endif + @if(session('error'))
diff --git a/routes/web.php b/routes/web.php index 43187ccaa..3a6a1e7f5 100644 --- a/routes/web.php +++ b/routes/web.php @@ -333,6 +333,11 @@ Route::prefix('monitor')->middleware('permission:staff')->group(function () { Route::get('/', 'AdminDash@backgroundMonitor'); }); + + Route::prefix('impersonation')->middleware('toggle:impersonation')->group(function () { + Route::post('/', 'ImpersonationController@start')->middleware('permission:snrStaff')->name('startImpersonation'); + Route::get('/stop', 'ImpersonationController@stop')->name('stopImpersonation'); + }); }); }); /*