Page MenuHomePhorge
Differential D1000 Diff 2512 src/app/Http/Controllers/API/UsersController.php

Changeset View

Standalone View

View Options

src/app/Http/Controllers/API/UsersController.php

Show All 40 Lines public static function logonResponse(User $user)
'status' => 'success', 'status' => 'success',
'access_token' => $token, 'access_token' => $token,
'token_type' => 'bearer', 'token_type' => 'bearer',
'expires_in' => Auth::guard()->factory()->getTTL() * 60, 'expires_in' => Auth::guard()->factory()->getTTL() * 60,
]); ]);
} }
/** /**
* Display a listing of the resources. * Delete a user.
* *
* The user themself, and other user entitlements. * @param int $id User identifier
* *
* @return \Illuminate\Http\JsonResponse * @return \Illuminate\Http\JsonResponse The response
*/ */
public function index() public function destroy($id)
{ {
$user = Auth::user(); $user = User::find($id);
if (!$user) { if (empty($user)) {
return response()->json(['error' => 'unauthorized'], 401); return $this->errorResponse(404);
} }
$result = [$user]; $current_user = $this->guard()->user();
$user->entitlements()->each( // User can't remove himself until he's the controller
function ($entitlement) { if ($user->controller()->id != $current_user->id) {
$result[] = User::find($entitlement->user_id); return $this->errorResponse(403);
} }
);
$user->delete();
return response()->json([
'status' => 'success',
'message' => __('app.user-delete-success'),
]);
}
/**
* Listing of users.
*
* The user-entitlements billed to the current user wallet(s)
*
* @return \Illuminate\Http\JsonResponse
*/
public function index()
{
$user = $this->guard()->user();
$result = $user->users()->orderBy('email')->get();
return response()->json($result); return response()->json($result);
} }
/** /**
* Get the authenticated User * Get the authenticated User
* *
* @return \Illuminate\Http\JsonResponse * @return \Illuminate\Http\JsonResponse
▲ Show 20 LinesShow All 83 Lines▼ Show 20 Linesclass UsersController extends Controller
* Display information on the user account specified by $id. * Display information on the user account specified by $id.
* *
* @param int $id The account to show information for. * @param int $id The account to show information for.
* *
* @return \Illuminate\Http\JsonResponse|void * @return \Illuminate\Http\JsonResponse|void
*/ */
public function show($id) public function show($id)
{ {
if (!$this->hasAccess($id)) {
return $this->errorResponse(403);
}
$user = User::find($id); $user = User::find($id);
if (empty($user)) { if (empty($user)) {
return $this->errorResponse(404); return $this->errorResponse(404);
} }
$current_user = $this->guard()->user();
if ($current_user->id != $id && $user->controller()->id != $current_user->id) {
return $this->errorResponse(403);
}
$response = $this->userResponse($user); $response = $this->userResponse($user);
return response()->json($response); return response()->json($response);
} }
/** /**
* User status (extended) information * User status (extended) information
* *
▲ Show 20 LinesShow All 57 Lines▼ Show 20 Linesclass UsersController extends Controller
* Create a new user record. * Create a new user record.
* *
* @param \Illuminate\Http\Request $request The API request. * @param \Illuminate\Http\Request $request The API request.
* *
* @return \Illuminate\Http\JsonResponse The response * @return \Illuminate\Http\JsonResponse The response
*/ */
public function store(Request $request) public function store(Request $request)
{ {
if ($this->guard()->user()->controller()->id !== $this->guard()->user()->id) { $current_user = $this->guard()->user();
if ($current_user->controller()->id != $current_user->id) {
return $this->errorResponse(403); return $this->errorResponse(403);
} }
if ($error_response = $this->validateUserRequest($request, null, $settings)) { if ($error_response = $this->validateUserRequest($request, null, $settings)) {
return $error_response; return $error_response;
} }
$user_name = !empty($settings['first_name']) ? $settings['first_name'] : ''; $user_name = !empty($settings['first_name']) ? $settings['first_name'] : '';
Show All 34 Linesclass UsersController extends Controller
* *
* @param \Illuminate\Http\Request $request The API request. * @param \Illuminate\Http\Request $request The API request.
* @params string $id User identifier * @params string $id User identifier
* *
* @return \Illuminate\Http\JsonResponse The response * @return \Illuminate\Http\JsonResponse The response
*/ */
public function update(Request $request, $id) public function update(Request $request, $id)
{ {
if (!$this->hasAccess($id)) {
return $this->errorResponse(403);
}
$user = User::find($id); $user = User::find($id);
if (empty($user)) { if (empty($user)) {
return $this->errorResponse(404); return $this->errorResponse(404);
} }
$current_user = $this->guard()->user();
// TODO: Decide what attributes a user can change on his own profile
if ($current_user->id != $id && $user->controller()->id != $current_user->id) {
return $this->errorResponse(403);
}
if ($error_response = $this->validateUserRequest($request, $user, $settings)) { if ($error_response = $this->validateUserRequest($request, $user, $settings)) {
return $error_response; return $error_response;
} }
DB::beginTransaction(); DB::beginTransaction();
if (!empty($settings)) { if (!empty($settings)) {
$user->setSettings($settings); $user->setSettings($settings);
Show All 24 Linesclass UsersController extends Controller
* @return \Illuminate\Contracts\Auth\Guard * @return \Illuminate\Contracts\Auth\Guard
*/ */
public function guard() public function guard()
{ {
return Auth::guard(); return Auth::guard();
} }
/** /**
* Check if the current user has access to the specified user
*
* @param int $user_id User identifier
*
* @return bool True if current user has access, False otherwise
*/
protected function hasAccess($user_id): bool
{
$current_user = $this->guard()->user();
// TODO: Admins, other users
// FIXME: This probably should be some kind of middleware/guard
return $current_user->id == $user_id;
}
/**
* Create a response data array for specified user. * Create a response data array for specified user.
* *
* @param \App\User $user User object * @param \App\User $user User object
* *
* @return array Response data * @return array Response data
*/ */
protected function userResponse(User $user): array protected function userResponse(User $user): array
{ {
Show All 11 Lines protected function userResponse(User $user): array
$response['aliases'] = []; $response['aliases'] = [];
foreach ($user->aliases as $item) { foreach ($user->aliases as $item) {
$response['aliases'][] = $item->alias; $response['aliases'][] = $item->alias;
} }
// Status info // Status info
$response['statusInfo'] = self::statusInfo($user); $response['statusInfo'] = self::statusInfo($user);
// Information about wallets and controller for access checks
$response['wallets'] = $user->wallets->toArray();
$response['wallet'] = $user->wallet()->toArray();
return $response; return $response;
} }
/** /**
* Validate user input * Validate user input
* *
* @param \Illuminate\Http\Request $request The API request. * @param \Illuminate\Http\Request $request The API request.
* @param \App\User|null $user User identifier * @param \App\User|null $user User identifier
▲ Show 20 LinesShow All 141 LinesShow Last 20 Lines