From 953d29827162123120f32bccee08d94f7d0d6e07 Mon Sep 17 00:00:00 2001
From: Jon <jonhasacat8@gmail.com>
Date: Wed, 6 Mar 2024 19:58:26 -0800
Subject: [PATCH] Fix training permissions so Senior Staff can see training
 records.

---
 app/Http/Controllers/TrainingController.php    | 13 ++++---------
 resources/views/layout.blade.php               | 18 ++++++++----------
 .../mgt/controller/training/training.blade.php |  7 ++++---
 3 files changed, 16 insertions(+), 22 deletions(-)

diff --git a/app/Http/Controllers/TrainingController.php b/app/Http/Controllers/TrainingController.php
index 2ae15f42..b338596e 100644
--- a/app/Http/Controllers/TrainingController.php
+++ b/app/Http/Controllers/TrainingController.php
@@ -51,8 +51,7 @@ function getOTSEval(
             ->has('perfcats.indicators')->withAll()->find($form)
             : OTSEvalForm::has('perfcats')->has('perfcats.indicators')
                 ->withAll()->where('rating_id', $student->rating + 1)->first();
-        if (!RoleHelper::isInstructor(Auth::user()->cid,
-                $student->facility) && !RoleHelper::isInstructor(Auth::user()->cid, $form->facility)) {
+        if (!RoleHelper::isInstructor() && !RoleHelper::isFacilitySeniorStaff()) {
             abort(403);
         }
         if (!$student || !$form) {
@@ -77,10 +76,7 @@ function viewOTSEval(
             abort(404, "The OTS evaluation form is invalid.");
         }
         $student = $eval->student;
-        if (!RoleHelper::isInstructor(Auth::user()->cid,
-                $student->facility) && !RoleHelper::isInstructor(Auth::user()->cid,
-                $eval->facility) && !RoleHelper::isFacilitySeniorStaff(Auth::user()->cid,
-                $student->facility) && !RoleHelper::isFacilitySeniorStaff(Auth::user()->cid, $eval->facility)) {
+        if (!RoleHelper::isInstructor() && !RoleHelper::isFacilitySeniorStaff()) {
             abort(403);
         }
         $attempt = Helper::numToOrdinalWord(OTSEval::where([
@@ -165,7 +161,7 @@ function seconds_to_string($seconds): string
         foreach ($insByRole as $ins) {
             $instructors[$ins->cid] = $ins->user;
         }
-        foreach($insByRating as $ins) {
+        foreach ($insByRating as $ins) {
             $instructors[$ins->cid] = $ins;
         }
 
@@ -662,8 +658,7 @@ function viewOTSEvalStatistics(
         if (!$interval) {
             abort(400);
         }
-        if (!RoleHelper::isInstructor(Auth::user()->cid,
-                $facility) || ($instructor && !RoleHelper::isInstructor($instructor, $facility))) {
+        if (!RoleHelper::isInstructor() && !RoleHelper::isFacilitySeniorStaff()) {
             abort(403);
         }
 
diff --git a/resources/views/layout.blade.php b/resources/views/layout.blade.php
index 3d8037c6..1a475612 100644
--- a/resources/views/layout.blade.php
+++ b/resources/views/layout.blade.php
@@ -323,7 +323,7 @@ class="fas fa-sign-out-alt"></i> Logout</a>
                                         <li><a href="{{url("mgt/transfer") }}">Submit Transfer Request</a></li>
                                     @endif
 
-                                    @if(\App\Classes\RoleHelper::isInstructor() || \App\Classes\RoleHelper::isFacilitySeniorStaff() || \App\Classes\RoleHelper::isAcademyStaff())
+                                    @if(\App\Classes\RoleHelper::isInstructor() || \App\Classes\RoleHelper::isFacilitySeniorStaff())
                                         <!-- Training -->
                                         <li class="nav-divider"></li>
                                         <li class="dropdown-header">
@@ -332,15 +332,13 @@ class="fas fa-sign-out-alt"></i> Logout</a>
                                         </li>
 
                                         <!-- Training Statistics [INS/ATM/DATM/TA/VATUSA] -->
-                                        @if (\App\Classes\RoleHelper::isTrainingStaff())
-                                            <li><a href="{{ url("/mgt/facility/training/stats") }}">Training
-                                                    Statistics</a>
-                                            </li>
-                                            <li><a href="{{ url("/mgt/facility/training/evals") }}">OTS
-                                                    Evaluations</a>
-                                            </li>
-                                            <!--This is exactly like the Training tab of records, but with OTS Evals. ARTCC select, position groups, and everything. -->
-                                        @endif
+                                        <li>
+                                            <a href="{{ url("/mgt/facility/training/stats") }}">Training Statistics</a>
+                                        </li>
+                                        <li>
+                                            <a href="{{ url("/mgt/facility/training/evals") }}">OTS Evaluations</a>
+                                        </li>
+                                        <!--This is exactly like the Training tab of records, but with OTS Evals. ARTCC select, position groups, and everything. -->
                                     @endif
 
                                     <!-- Division -->
diff --git a/resources/views/mgt/controller/training/training.blade.php b/resources/views/mgt/controller/training/training.blade.php
index ea7a5e46..762436f0 100644
--- a/resources/views/mgt/controller/training/training.blade.php
+++ b/resources/views/mgt/controller/training/training.blade.php
@@ -108,9 +108,8 @@ class="glyphicon @if($i > $record->score) glyphicon-star-empty @else glyphicon-s
                                             <button class="btn btn-primary view-tr"
                                                     data-id="{{ $record->id }}"><span
                                                     class="glyphicon glyphicon-eye-open"></span></button>
-                                            @php $canModify = \App\Classes\RoleHelper::isFacilitySeniorStaff(Auth::user()->cid, $trainingfac) ||
-                                                                  (\App\Classes\RoleHelper::isTrainingStaff(Auth::user()->cid, true, $trainingfac)
-                                                                   && $record->instructor_id == Auth::user()->cid);
+                                            @php $canModify = \App\Classes\RoleHelper::isTrainingStaff(Auth::user()->cid, true, $trainingfac)
+                                                                   && $record->instructor_id == Auth::user()->cid;
                                                  $isUSAStaff = \App\Classes\RoleHelper::isVATUSAStaff();
                                                  $ownRecord = $record->student_id == Auth::user()->cid;
                                                  $canEditDelete = !in_array($record->ots_status, [1, 2]); @endphp
@@ -119,6 +118,8 @@ class="glyphicon glyphicon-eye-open"></span></button>
                                                         data-id="{{ $record->id }}"><span
                                                         class="glyphicon glyphicon-pencil"></span>
                                                 </button>
+                                            @endif
+                                            @if($isUSAStaff)
                                                 <button class="btn btn-danger delete-tr"
                                                         data-id="{{ $record->id }}"><span
                                                         class="glyphicon glyphicon-remove"></span></button>