From 838beac285deb5b1969f87ea18f6eaac2778080a Mon Sep 17 00:00:00 2001
From: James Brooks <james@alt-three.com>
Date: Wed, 10 Aug 2016 12:56:18 +0100
Subject: [PATCH] Don't allow redirecting to someones subscription. Closes
 #2047

---
 app/Http/Controllers/SubscribeController.php |  8 ++--
 resources/views/subscribe/manage.blade.php   | 48 +++++++++++++++-----
 2 files changed, 41 insertions(+), 15 deletions(-)

diff --git a/app/Http/Controllers/SubscribeController.php b/app/Http/Controllers/SubscribeController.php
index 953f7757..f8926c3c 100644
--- a/app/Http/Controllers/SubscribeController.php
+++ b/app/Http/Controllers/SubscribeController.php
@@ -69,12 +69,12 @@ class SubscribeController extends Controller
                 ->withErrors($e->getMessageBag());
         }
 
-        $message = $subscription->is_verified ?
-            trans('cachet.subscriber.email.already-subscribed', ['email' => $email]) :
-            trans('cachet.subscriber.email.subscribed');
+        if ($subscription->is_verified) {
+            return Redirect::route('status-page')->withSuccess(trans('cachet.subscriber.email.already-subscribed', ['email' => $email]));
+        }
 
         return Redirect::route('subscribe.manage', $subscription->verify_code)
-            ->withSuccess(sprintf('%s %s', trans('dashboard.notifications.awesome'), $message));
+            ->withSuccess(sprintf('%s %s', trans('dashboard.notifications.awesome'), trans('cachet.subscriber.email.subscribed')));
     }
 
     /**
diff --git a/resources/views/subscribe/manage.blade.php b/resources/views/subscribe/manage.blade.php
index 3bcade12..31c569cc 100644
--- a/resources/views/subscribe/manage.blade.php
+++ b/resources/views/subscribe/manage.blade.php
@@ -20,18 +20,44 @@
         </div>
         <form action="{{ route('subscribe.manage', $subscriber->verify_code) }}" method="post">
             <input type="hidden" name="_token" value="{{ csrf_token() }}">
-            <div class="panel panel-default">
-                <div class="panel-heading">
-                    {{ trans('cachet.subscriber.manage.my_subscriptions') }}
-                </div>
-                <div class="panel-body">
-                    @if(!$component_groups->isEmpty() || !$ungrouped_components->isEmpty())
-                    @include('partials.components_form')
-                    @else
-                        <p>{{ trans('cachet.subscriber.manage.no_subscriptions') }}</p>
-                    @endif
-                </div>
+            @if(!$component_groups->isEmpty() || !$ungrouped_components->isEmpty())
+            @if($component_groups->count() > 0)
+            @foreach($component_groups as $componentGroup)
+            <div class="list-group components">
+                @if($componentGroup->enabled_components->count() > 0)
+                    <div class="list-group-item group-name">
+                        <i class="{{ $componentGroup->collapse_class_with_subscriptions($subscriptions) }} group-toggle"></i>
+                        <strong>{{ $componentGroup->name }}</strong>
+                        <div class="pull-right text-muted small">
+                            <a href="#" class="select-group" id="select-all-{{$componentGroup->id}}">Select All</a>
+                            &nbsp;|&nbsp;
+                            <a href="#" class="deselect-group" id="deselect-all-{{$componentGroup->id}}">Deselect All</a>
+                        </div>
+                    </div>
+                    <div class="form-group group-items {{ $componentGroup->has_subscriber($subscriptions) ? null : "hide" }}">
+                        @foreach($componentGroup->enabled_components()->orderBy('order')->get() as $component)
+                        @include('partials.component_input', compact($component))
+                        @endforeach
+                    </div>
+                @endif
             </div>
+            @endforeach
+            @endif
+
+            @if($ungrouped_components->count() > 0)
+            <ul class="list-group components">
+                <div class="list-group-item group-name">
+                    <strong>{{ trans('cachet.components.group.other') }}</strong>
+                </div>
+                @foreach($ungrouped_components as $component)
+                @include('partials.component_input', compact($component))
+                @endforeach
+            </ul>
+            @endif
+            @else
+            <p>{{ trans('cachet.subscriber.manage.no_subscriptions') }}</p>
+            @endif
+
             <div class="text-right">
                 <button type="submit" class="btn btn-success">Update Subscription</button>
             </div>