Changeset View
Changeset View
Standalone View
Standalone View
src/app/Http/Controllers/API/UsersController.php
Show First 20 Lines • Show All 71 Lines • ▼ Show 20 Lines | class UsersController extends Controller | ||||
* | * | ||||
* @return \Illuminate\Http\JsonResponse | * @return \Illuminate\Http\JsonResponse | ||||
*/ | */ | ||||
public function info() | public function info() | ||||
{ | { | ||||
$user = $this->guard()->user(); | $user = $this->guard()->user(); | ||||
$response = $user->toArray(); | $response = $user->toArray(); | ||||
// Settings | |||||
// TODO: It might be reasonable to limit the list of settings here to these | |||||
// that are safe and are used in the UI | |||||
$response['settings'] = []; | |||||
foreach ($user->settings as $item) { | |||||
$response['settings'][$item->key] = $item->value; | |||||
} | |||||
// Status info | |||||
$response['statusInfo'] = self::statusInfo($user); | $response['statusInfo'] = self::statusInfo($user); | ||||
return response()->json($response); | return response()->json($response); | ||||
} | } | ||||
/** | /** | ||||
* Get a JWT token via given credentials. | * Get a JWT token via given credentials. | ||||
* | * | ||||
▲ Show 20 Lines • Show All 72 Lines • ▼ Show 20 Lines | class UsersController extends Controller | ||||
* Display information on the user account specified by $id. | * Display information on the user account specified by $id. | ||||
* | * | ||||
* @param int $id The account to show information for. | * @param int $id The account to show information for. | ||||
* | * | ||||
* @return \Illuminate\Http\JsonResponse|void | * @return \Illuminate\Http\JsonResponse|void | ||||
*/ | */ | ||||
public function show($id) | public function show($id) | ||||
{ | { | ||||
$user = Auth::user(); | if (!$this->hasAccess($id)) { | ||||
return $this->errorResponse(403); | |||||
if (!$user) { | |||||
return abort(403); | |||||
} | } | ||||
// TODO: check whether or not the user is allowed | $user = User::find($id); | ||||
// for now, only allow self. | |||||
if ($user->id != $id) { | if (empty($user)) { | ||||
return abort(404); | return $this->errorResponse(404); | ||||
} | } | ||||
return response()->json($user); | return response()->json($user); | ||||
} | } | ||||
/** | /** | ||||
* User status (extended) information | * User status (extended) information | ||||
* | * | ||||
Show All 21 Lines | public static function statusInfo(User $user): array | ||||
list ($local, $domain) = explode('@', $user->email); | list ($local, $domain) = explode('@', $user->email); | ||||
$domain = Domain::where('namespace', $domain)->first(); | $domain = Domain::where('namespace', $domain)->first(); | ||||
// If that is not a public domain, add domain specific steps | // If that is not a public domain, add domain specific steps | ||||
if (!$domain->isPublic()) { | if (!$domain->isPublic()) { | ||||
$steps['domain-new'] = true; | $steps['domain-new'] = true; | ||||
$steps['domain-ldap-ready'] = 'isLdapReady'; | $steps['domain-ldap-ready'] = 'isLdapReady'; | ||||
// $steps['domain-verified'] = 'isVerified'; | $steps['domain-verified'] = 'isVerified'; | ||||
$steps['domain-confirmed'] = 'isConfirmed'; | $steps['domain-confirmed'] = 'isConfirmed'; | ||||
} | } | ||||
// Create a process check list | // Create a process check list | ||||
foreach ($steps as $step_name => $func) { | foreach ($steps as $step_name => $func) { | ||||
$object = strpos($step_name, 'user-') === 0 ? $user : $domain; | $object = strpos($step_name, 'user-') === 0 ? $user : $domain; | ||||
$step = [ | $step = [ | ||||
Show All 11 Lines | public static function statusInfo(User $user): array | ||||
return [ | return [ | ||||
'process' => $process, | 'process' => $process, | ||||
'status' => $status, | 'status' => $status, | ||||
]; | ]; | ||||
} | } | ||||
/** | /** | ||||
* Create a new user record. | |||||
* | |||||
* @param \Illuminate\Http\Request $request The API request. | |||||
* | |||||
* @return \Illuminate\Http\JsonResponse The response | |||||
*/ | |||||
public function store(Request $request) | |||||
{ | |||||
// TODO | |||||
} | |||||
/** | |||||
* Update user data. | |||||
* | |||||
* @param \Illuminate\Http\Request $request The API request. | |||||
* @params string $id User identifier | |||||
* | |||||
* @return \Illuminate\Http\JsonResponse The response | |||||
vanmeeuwen: phpstan tells me `update()` may also return void... which is from the `abort()` returns? | |||||
Done Inline ActionsI'll fix all API controllers code to always respond with JSON, and not use abort(). machniak: I'll fix all API controllers code to always respond with JSON, and not use `abort()`. | |||||
*/ | |||||
public function update(Request $request, $id) | |||||
{ | |||||
if (!$this->hasAccess($id)) { | |||||
return $this->errorResponse(403); | |||||
} | |||||
$user = User::find($id); | |||||
if (empty($user)) { | |||||
return $this->errorResponse(404); | |||||
} | |||||
$rules = [ | |||||
'external_email' => 'nullable|email', | |||||
'phone' => 'string|nullable|max:64|regex:/^[0-9+() -]+$/', | |||||
'first_name' => 'string|nullable|max:512', | |||||
'last_name' => 'string|nullable|max:512', | |||||
'billing_address' => 'string|nullable|max:1024', | |||||
'country' => 'string|nullable|alpha|size:2', | |||||
'currency' => 'string|nullable|alpha|size:3', | |||||
]; | |||||
if (!empty($request->password) || !empty($request->password_confirmation)) { | |||||
$rules['password'] = 'required|min:4|max:2048|confirmed'; | |||||
} | |||||
Not Done Inline ActionsCan these both just be if (!empty())? vanmeeuwen: Can these both just be `if (!empty())`? | |||||
Done Inline ActionsCould work untill we want to support passwords like "000000000" and other "nullable" strings. machniak: Could work untill we want to support passwords like "000000000" and other "nullable" strings. | |||||
// Validate input | |||||
$v = Validator::make($request->all(), $rules); | |||||
if ($v->fails()) { | |||||
return response()->json(['status' => 'error', 'errors' => $v->errors()], 422); | |||||
} | |||||
// Update user settings | |||||
$settings = $request->only(array_keys($rules)); | |||||
unset($settings['password']); | |||||
if (!empty($settings)) { | |||||
$user->setSettings($settings); | |||||
} | |||||
// Update user password | |||||
if (!empty($rules['password'])) { | |||||
$user->password = $request->password; | |||||
$user->save(); | |||||
} | |||||
return response()->json([ | |||||
'status' => 'success', | |||||
'message' => __('app.user-update-success'), | |||||
]); | |||||
} | |||||
/** | |||||
* Get the guard to be used during authentication. | * Get the guard to be used during authentication. | ||||
* | * | ||||
* @return \Illuminate\Contracts\Auth\Guard | * @return \Illuminate\Contracts\Auth\Guard | ||||
*/ | */ | ||||
public function guard() | public function guard() | ||||
{ | { | ||||
return Auth::guard(); | return Auth::guard(); | ||||
} | } | ||||
/** | |||||
* Check if the current user has access to the specified user | |||||
* | |||||
* @param int $user_id User identifier | |||||
* | |||||
* @return bool True if current user has access, False otherwise | |||||
*/ | |||||
protected function hasAccess($user_id): bool | |||||
{ | |||||
$current_user = $this->guard()->user(); | |||||
// TODO: Admins, other users | |||||
// FIXME: This probably should be some kind of middleware/guard | |||||
return $current_user->id == $user_id; | |||||
} | |||||
} | } |
phpstan tells me update() may also return void... which is from the abort() returns?