Add disciplinary controller for banning and unbanning members

HACManchester · Mar 29, 2024 · 4f64e3a · 4f64e3a
1 parent ce1efc1
commit 4f64e3a
Show file tree

Hide file tree

Showing 8 changed files with 127 additions and 5 deletions.
diff --git a/app/Entities/User.php b/app/Entities/User.php
@@ -109,7 +109,10 @@ class User extends Model implements AuthenticatableContract, AuthorizableContrac
         'postFob',
         'gift',
         'seen_at',
-        'pronouns'
+        'pronouns',
+        'banned',
+        'banned_reason',
+        'banned_date',
     ];
 
 
@@ -139,7 +142,7 @@ class User extends Model implements AuthenticatableContract, AuthorizableContrac
         // 'key_holder' => 'boolean',
         // 'induction_completed' => 'boolean',
         // 'profile_private' => 'boolean',
-        // 'banned' => 'boolean',
+        'banned' => 'boolean',
     ];
 
 

diff --git a/app/Http/Controllers/DisciplinaryController.php b/app/Http/Controllers/DisciplinaryController.php
@@ -0,0 +1,53 @@
+<?php
+
+namespace BB\Http\Controllers;
+
+use BB\Entities\User;
+use BB\Helpers\GoCardlessHelper;
+use Illuminate\Http\Request;
+
+class DisciplinaryController extends Controller
+{
+    protected $goCardlessHelper;
+    public function __construct(GoCardlessHelper $goCardlessHelper) {
+        $this->goCardlessHelper = $goCardlessHelper;
+    }
+
+    public function ban(User $user, Request $request)
+    {
+        $this->authorize('ban', $user);
+
+        // validation
+        $this->validate($request, [
+            'reason' => 'required|string|max:255',
+        ]);
+
+        $user->update([
+            'active' => false,
+            'status' => 'left',
+            'banned' => true,
+            'banned_reason' => $request->get('reason'),
+            'banned_date' => \Carbon\Carbon::now(),
+        ]);
+
+        // Cancel the user's subscription (if they have one)
+        if ($user->subscription_id) {
+            $this->goCardlessHelper->cancelSubscription($user->subscription_id);
+        }
+
+        return redirect()->back();
+    }
+
+    public function unban(User $user)
+    {
+        $this->authorize('unban', $user);
+
+        $user->update([
+            'banned' => false,
+            'banned_reason' => null,
+            'banned_date' => null,
+        ]);
+
+        return redirect()->back();
+    }
+}
diff --git a/app/Http/Middleware/HasRole.php b/app/Http/Middleware/HasRole.php
@@ -34,7 +34,6 @@ public function handle($request, Closure $next, $role = 'guest')
         } elseif (\Auth::user()->isBanned()) {
 
             throw new AuthenticationException();
-
         }
 
         return $next($request);

diff --git a/app/Observer/UserObserver.php b/app/Observer/UserObserver.php
@@ -49,7 +49,7 @@ public function saved($user)
         }
 
         //User left
-        if (($original['status'] != 'left') && ($user->status == 'left')) {
+        if (($original['status'] != 'left') && ($user->status == 'left') && $user->isBanned() == false) {
             $this->userLeft($user);
         }
     }

diff --git a/app/Policies/UserPolicy.php b/app/Policies/UserPolicy.php
@@ -0,0 +1,28 @@
+<?php
+
+namespace BB\Policies;
+
+use BB\Entities\User;
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+class UserPolicy
+{
+    use HandlesAuthorization;
+
+    public function ban(User $authedUser, User $user)
+    {
+        // Can't ban yourself
+        if ($authedUser->id == $user->id) {
+            return false;
+        }
+
+        // Admins can ban others
+        return $authedUser->isAdmin();
+    }
+
+    public function unban(User $authedUser, User $user)
+    {
+        // Admins can ban others
+        return $authedUser->isAdmin();
+    }
+}
diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php
@@ -6,8 +6,10 @@
 
 use BB\Entities\Equipment;
 use BB\Entities\KeyFob;
+use BB\Entities\User;
 use BB\Policies\EquipmentPolicy;
 use BB\Policies\KeyFobPolicy;
+use BB\Policies\UserPolicy;
 use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
 
 class AuthServiceProvider extends ServiceProvider
@@ -20,6 +22,7 @@ class AuthServiceProvider extends ServiceProvider
     protected $policies = [
         Equipment::class => EquipmentPolicy::class,
         KeyFob::class => KeyFobPolicy::class,
+        User::class => UserPolicy::class,
     ];
 
     /**

diff --git a/resources/views/account/partials/member-admin-action-bar.blade.php b/resources/views/account/partials/member-admin-action-bar.blade.php
@@ -240,6 +240,35 @@
                         </div>
                     @endif
 
+                    <div class="infobox__grid-item infobox__grid-item--main alert-danger">
+                        <h4>Disciplinary actions</h4>
+                        @if ($user->isBanned())
+                            <p>User was banned on {{ $user->banned_date }} for the reason:</p>
+                            <p style="padding-left: 2em">{{ nl2br($user->banned_reason) }}</p>
+
+                            {!! Form::open(array('method'=>'POST', 'class'=>'form-horizontal', 'route' => ['disciplinary.unban', $user->id])) !!}
+                                {!! Form::submit('Unban member', array('class'=>'btn btn-default')) !!}
+                            {!! Form::close() !!}
+                        @else
+                            <div>
+                                <h3>Ban member</h3>
+                                <p>By banning a member, we will:</p>
+                                <ul>
+                                    <li>Immediately mark them as left on the system</li>
+                                    <li>Cancel their GoCardless subscription (if they have one set up)</li>
+                                    <li>Stop them being able to access the members system</li>
+                                </li>
+                                <p>We will not send any automated emails to the member, you should do this yourself from the board email address.</p>
+
+                                {!! Form::open(array('method'=>'POST', 'class'=>'form-horizontal', 'route' => ['disciplinary.ban', $user->id])) !!}
+                                    {!! Form::label('reason', 'Reason for the ban (255 characters)', array('class'=>'control-label')) !!}
+                                    {!! Form::text('reason', null, array('class'=>'form-control')) !!}
+                                    {!! Form::submit('Ban member', array('class'=>'btn btn-default')) !!}
+                                {!! Form::close() !!}
+                            </div>
+                        @endif
+                    </div>
+
 
                     <div class="infobox__grid-item infobox__grid-item--footer">
                         <h4>Member subscription and DD info</h4>

diff --git a/routes/web.php b/routes/web.php
@@ -122,7 +122,6 @@
 Route::post('account/payment/migrate-direct-debit', ['as' => 'account.payment.gocardless-migrate', 'uses' => 'PaymentController@migrateDD', 'middleware' => 'role:member']);
 
 
-
 ##########################
 # Inductions
 ##########################
@@ -259,6 +258,14 @@
 });
 
 
+##########################
+# Disciplinary
+##########################
+
+Route::group(array('middleware' => 'role:admin'), function () {
+    Route::post('disciplinary/{user}/ban', ['uses' => 'DisciplinaryController@ban', 'as' => 'disciplinary.ban']);
+    Route::post('disciplinary/{user}/unban', ['uses' => 'DisciplinaryController@unban', 'as' => 'disciplinary.unban']);
+});
 
 ##########################
 # Resources
-Original file line number
+Diff line change
@@ Expand Up @@
             } elseif (\Auth::user()->isBanned()) {
                 throw new AuthenticationException();
             }
             return $next($request);
@@ Expand Down @@