From b37a3539b0e96d82f6d2199c909c2d2105f35dc0 Mon Sep 17 00:00:00 2001
From: Kurniandha Sukma Yunastrian <13516106@std.stei.itb.ac.id>
Date: Thu, 7 May 2020 23:10:17 +0700
Subject: [PATCH] fix role functionality

---
 app/Http/Controllers/LearnController.php | 22 ++++++++++++++++++++++
 resources/views/course.blade.php         |  7 +++++++
 2 files changed, 29 insertions(+)

diff --git a/app/Http/Controllers/LearnController.php b/app/Http/Controllers/LearnController.php
index 1f5193d..021bfba 100644
--- a/app/Http/Controllers/LearnController.php
+++ b/app/Http/Controllers/LearnController.php
@@ -4,6 +4,7 @@ namespace App\Http\Controllers;
 
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Auth;
 use Google_Client;
 
 class LearnController extends Controller
@@ -25,6 +26,10 @@ class LearnController extends Controller
      */
     public function index($id_course, $id_topic)
     {
+        if (Auth::user()->role == 1) {
+            return redirect()->route('course', ['id_course' => $id_course, 'msg' => 6]);
+        }
+
         $topic = DB::table('topics')->where('id', $id_topic)->first();
         $cells = DB::table('spreadsheets')->where('id', $id_topic)->get();
         $ranges = [];
@@ -127,7 +132,24 @@ class LearnController extends Controller
      */
     public function edit($id_course, $id_topic)
     {
+        if (Auth::user()->role == 0) {
+            return redirect()->route('course', ['id_course' => $id_course, 'msg' => 6]);
+        }
+
+        $enrolled = DB::table('user_course')->where('id_user', Auth::id())->get();
+        
+        $flag = 0;
         $topic = DB::table('topics')->where('id', $id_topic)->first();
+        foreach($enrolled as $enroll) {
+            if ($enroll->id_course == $id_course and $topic->id_course == $enroll->id_course) {
+                $flag = 1;
+            }
+        }
+
+        if ($flag == 0) {
+            return redirect()->route('course', ['id_course' => $id_course, 'msg' => 6]);
+        }
+
         $cells = DB::table('spreadsheets')->where('id', $id_topic)->get();
 
         return view('edit', ['cells' => $cells, 'id_course' => $id_course, 'id_spreadsheet' => $topic->id_spreadsheet, 'topic' => $topic]);
diff --git a/resources/views/course.blade.php b/resources/views/course.blade.php
index d1e60c6..0b6169e 100644
--- a/resources/views/course.blade.php
+++ b/resources/views/course.blade.php
@@ -38,6 +38,13 @@
                 <span aria-hidden="true">&times;</span>
             </button>
         </div>
+    @elseif( request()->get('msg') == 6 )
+        <div class="alert alert-warning alert-dismissible fade show" role="alert">
+            Akses Tidak Diperbolehkan
+            <button type="button" class="close" data-dismiss="alert" aria-label="Close">
+                <span aria-hidden="true">&times;</span>
+            </button>
+        </div>
     @else
         <div class="alert alert-danger alert-dismissible fade show" role="alert">
             Pembuatan Materi Gagal
-- 
GitLab