Phase 4 – The Extras

Phase 4 – The Extras

Posted on by Hesham Saqqar

Adding User Profile Page

I added a new blade with corresponding controller and route to show some information about the current logged in user, along with his contribution to the site, how many results and how many flags (file) did he upload.

I did two SQL queries in the controller to know about these two values and passed them to the blade (view) as two variables $userresults & $userfiles: 

    public function show()
    {
        $userresults = Auth::user()->results()->count();
        $userfiles = DB::table('results')->where('user_id', 
                 Auth::id())->whereNotNull('image_path')->count();
        
        return view('profile.profile', ['userresults'=>$userresults, 
                                        'userfiles'=>$userfiles]);
    }

Adding two CTA buttons

To make things more useful I added the ability to the user to edit his own profile or even delete it entirely.

Nothing is fancy here, I only added a new blade with corresponding controller and route to edit Name, Email Address or Password of the user. Then I added the validation rules and the success message and tested the form.

Keeping the old password problem!

I faced the following problem, how to update the user profile if the user wants to keep his old password, while the password field is required.

I solved it by adding an if statement within the update method to check if there is a new password or not. If no new password then send the request EXCEPT the password value, Laravel will pass this property and save the rest.

$user->update($request->except(‘password’));

        $newPassword = $request->input('password');

        if (empty($newPassword)){
                // validation fields 
                // ...
                // then get form's normal input fields except password
                $user->name = request('name');
                $user->email = request('email');
                $user->update($request->except('password'));
        } else {
            // validation fields 
            // ...
            // get form's normal input fields as normal
            $user->name = request('name');
            $user->email = request('email');
            $user->password = Hash::make(request('password'));

            $user->save();
        }

Authorisation problem!

I tried to do the same authorisation steps as I did with results, unfortunately, this time didn’t work. It threw error 403 all the time, even the user couldn’t edit or delete his own account.

I did a Profile Policy and a User Policy both failed.

Then, I solved it by adding an if statement within the controller to check if the requested user’s id $userId matches the Auth::id() if so proceed, if not go back with an error message.

    public function edit($userId)
    {
        $user = User::findOrFail($userId);

        if ($user->id === Auth::id()) {
            return view('profile.edit', ['currentuser'=>$user]); 
        } else {
            return back()->with('error', 'You are not authorised to edit 
            that profile!'); 
        }
    }

This method works to prevent a user to edit or delete another user’s profile, although this is not the ideal method; but at least it works to secure that URL.

Deleting Account and Cascading

The last piece was to achieve the deleting process with cleaning up all the user’s results and uploaded files, this to make sure that no orphan data on the server, and to keep the space reflecting the actual needed data.

First, we need to find and delete all the files links and delete them from S3, then to delete the results, then the user himself and get back to all results page.

Here, I am finding the user’s results then if he has one I am finding if that result has a flag then delete that file if not then go to the next result and so on.

And because we added ->onDelete(‘cascade’); when we created the migration file add_user_id_to_results.php so any results made by that user will be deleted automatically when Laravel will delete that user.

    public function destroy($userId)
    {
        $user = User::findOrFail($userId);
        $userresults  = DB::table('results')->where('user_id', $userId)->get();

        // if the user (who we want to delete) has records
        if ($userresults) {
            // iterate through the results array
            foreach($userresults as $result){
                // Now if that records has file-paths
                if ($result->image_path != null){
                    // delete the files from AWS database
                    Storage::disk('s3')->delete($result->image_path);
                };
            }
        }
        // Then delete the User himself, this will also delete the 
        // records automatically due to ->onDelete('cascade');
        $user->delete();

        return redirect('/results')->with('success', 'Your account 
        		and related records has been deleted successfully!');
    }

I tested the functions of the profile page and everything was working just OK.