Changeset View
Changeset View
Standalone View
Standalone View
src/app/Http/Controllers/API/UsersController.php
Show All 40 Lines | public static function logonResponse(User $user) | ||||
'status' => 'success', | 'status' => 'success', | ||||
'access_token' => $token, | 'access_token' => $token, | ||||
'token_type' => 'bearer', | 'token_type' => 'bearer', | ||||
'expires_in' => Auth::guard()->factory()->getTTL() * 60, | 'expires_in' => Auth::guard()->factory()->getTTL() * 60, | ||||
]); | ]); | ||||
} | } | ||||
/** | /** | ||||
* Display a listing of the resources. | * Delete a user. | ||||
* | * | ||||
* The user themself, and other user entitlements. | * @param int $id User identifier | ||||
* | * | ||||
* @return \Illuminate\Http\JsonResponse | * @return \Illuminate\Http\JsonResponse The response | ||||
*/ | */ | ||||
public function index() | public function destroy($id) | ||||
{ | { | ||||
$user = Auth::user(); | $user = User::find($id); | ||||
if (!$user) { | if (empty($user)) { | ||||
return response()->json(['error' => 'unauthorized'], 401); | return $this->errorResponse(404); | ||||
} | } | ||||
$result = [$user]; | $current_user = $this->guard()->user(); | ||||
$user->entitlements()->each( | // User can't remove himself until he's the controller | ||||
function ($entitlement) { | if ($user->controller()->id != $current_user->id) { | ||||
$result[] = User::find($entitlement->user_id); | return $this->errorResponse(403); | ||||
} | } | ||||
); | |||||
$user->delete(); | |||||
return response()->json([ | |||||
'status' => 'success', | |||||
'message' => __('app.user-delete-success'), | |||||
]); | |||||
} | |||||
/** | |||||
* Listing of users. | |||||
* | |||||
* The user-entitlements billed to the current user wallet(s) | |||||
* | |||||
* @return \Illuminate\Http\JsonResponse | |||||
*/ | |||||
public function index() | |||||
{ | |||||
$user = $this->guard()->user(); | |||||
$result = $user->users()->orderBy('email')->get(); | |||||
return response()->json($result); | return response()->json($result); | ||||
} | } | ||||
/** | /** | ||||
* Get the authenticated User | * Get the authenticated User | ||||
* | * | ||||
* @return \Illuminate\Http\JsonResponse | * @return \Illuminate\Http\JsonResponse | ||||
▲ Show 20 Lines • Show All 83 Lines • ▼ Show 20 Lines | class UsersController extends Controller | ||||
* Display information on the user account specified by $id. | * Display information on the user account specified by $id. | ||||
* | * | ||||
* @param int $id The account to show information for. | * @param int $id The account to show information for. | ||||
* | * | ||||
* @return \Illuminate\Http\JsonResponse|void | * @return \Illuminate\Http\JsonResponse|void | ||||
*/ | */ | ||||
public function show($id) | public function show($id) | ||||
{ | { | ||||
if (!$this->hasAccess($id)) { | |||||
return $this->errorResponse(403); | |||||
} | |||||
$user = User::find($id); | $user = User::find($id); | ||||
if (empty($user)) { | if (empty($user)) { | ||||
return $this->errorResponse(404); | return $this->errorResponse(404); | ||||
} | } | ||||
$current_user = $this->guard()->user(); | |||||
if ($current_user->id != $id && $user->controller()->id != $current_user->id) { | |||||
return $this->errorResponse(403); | |||||
} | |||||
$response = $this->userResponse($user); | $response = $this->userResponse($user); | ||||
return response()->json($response); | return response()->json($response); | ||||
} | } | ||||
/** | /** | ||||
* User status (extended) information | * User status (extended) information | ||||
* | * | ||||
▲ Show 20 Lines • Show All 57 Lines • ▼ Show 20 Lines | class UsersController extends Controller | ||||
* Create a new user record. | * Create a new user record. | ||||
* | * | ||||
* @param \Illuminate\Http\Request $request The API request. | * @param \Illuminate\Http\Request $request The API request. | ||||
* | * | ||||
* @return \Illuminate\Http\JsonResponse The response | * @return \Illuminate\Http\JsonResponse The response | ||||
*/ | */ | ||||
public function store(Request $request) | public function store(Request $request) | ||||
{ | { | ||||
if ($this->guard()->user()->controller()->id !== $this->guard()->user()->id) { | $current_user = $this->guard()->user(); | ||||
if ($current_user->controller()->id != $current_user->id) { | |||||
return $this->errorResponse(403); | return $this->errorResponse(403); | ||||
} | } | ||||
if ($error_response = $this->validateUserRequest($request, null, $settings)) { | if ($error_response = $this->validateUserRequest($request, null, $settings)) { | ||||
return $error_response; | return $error_response; | ||||
} | } | ||||
$user_name = !empty($settings['first_name']) ? $settings['first_name'] : ''; | $user_name = !empty($settings['first_name']) ? $settings['first_name'] : ''; | ||||
Show All 34 Lines | class UsersController extends Controller | ||||
* | * | ||||
* @param \Illuminate\Http\Request $request The API request. | * @param \Illuminate\Http\Request $request The API request. | ||||
* @params string $id User identifier | * @params string $id User identifier | ||||
* | * | ||||
* @return \Illuminate\Http\JsonResponse The response | * @return \Illuminate\Http\JsonResponse The response | ||||
*/ | */ | ||||
public function update(Request $request, $id) | public function update(Request $request, $id) | ||||
{ | { | ||||
if (!$this->hasAccess($id)) { | |||||
return $this->errorResponse(403); | |||||
} | |||||
$user = User::find($id); | $user = User::find($id); | ||||
if (empty($user)) { | if (empty($user)) { | ||||
return $this->errorResponse(404); | return $this->errorResponse(404); | ||||
} | } | ||||
$current_user = $this->guard()->user(); | |||||
// TODO: Decide what attributes a user can change on his own profile | |||||
if ($current_user->id != $id && $user->controller()->id != $current_user->id) { | |||||
return $this->errorResponse(403); | |||||
} | |||||
if ($error_response = $this->validateUserRequest($request, $user, $settings)) { | if ($error_response = $this->validateUserRequest($request, $user, $settings)) { | ||||
return $error_response; | return $error_response; | ||||
} | } | ||||
DB::beginTransaction(); | DB::beginTransaction(); | ||||
if (!empty($settings)) { | if (!empty($settings)) { | ||||
$user->setSettings($settings); | $user->setSettings($settings); | ||||
Show All 24 Lines | class UsersController extends Controller | ||||
* @return \Illuminate\Contracts\Auth\Guard | * @return \Illuminate\Contracts\Auth\Guard | ||||
*/ | */ | ||||
public function guard() | public function guard() | ||||
{ | { | ||||
return Auth::guard(); | return Auth::guard(); | ||||
} | } | ||||
/** | /** | ||||
* Check if the current user has access to the specified user | |||||
* | |||||
* @param int $user_id User identifier | |||||
* | |||||
* @return bool True if current user has access, False otherwise | |||||
*/ | |||||
protected function hasAccess($user_id): bool | |||||
{ | |||||
$current_user = $this->guard()->user(); | |||||
// TODO: Admins, other users | |||||
// FIXME: This probably should be some kind of middleware/guard | |||||
return $current_user->id == $user_id; | |||||
} | |||||
/** | |||||
* Create a response data array for specified user. | * Create a response data array for specified user. | ||||
* | * | ||||
* @param \App\User $user User object | * @param \App\User $user User object | ||||
* | * | ||||
* @return array Response data | * @return array Response data | ||||
*/ | */ | ||||
protected function userResponse(User $user): array | protected function userResponse(User $user): array | ||||
{ | { | ||||
Show All 11 Lines | protected function userResponse(User $user): array | ||||
$response['aliases'] = []; | $response['aliases'] = []; | ||||
foreach ($user->aliases as $item) { | foreach ($user->aliases as $item) { | ||||
$response['aliases'][] = $item->alias; | $response['aliases'][] = $item->alias; | ||||
} | } | ||||
// Status info | // Status info | ||||
$response['statusInfo'] = self::statusInfo($user); | $response['statusInfo'] = self::statusInfo($user); | ||||
// Information about wallets and controller for access checks | |||||
$response['wallets'] = $user->wallets->toArray(); | |||||
$response['wallet'] = $user->wallet()->toArray(); | |||||
return $response; | return $response; | ||||
} | } | ||||
/** | /** | ||||
* Validate user input | * Validate user input | ||||
* | * | ||||
* @param \Illuminate\Http\Request $request The API request. | * @param \Illuminate\Http\Request $request The API request. | ||||
* @param \App\User|null $user User identifier | * @param \App\User|null $user User identifier | ||||
▲ Show 20 Lines • Show All 141 Lines • Show Last 20 Lines |