mirror of
https://github.com/Poniverse/Pony.fm.git
synced 2024-11-28 23:57:59 +01:00
Switch admin check to Gate
This commit is contained in:
parent
7bc8852043
commit
fb7f291f31
3 changed files with 53 additions and 38 deletions
|
@ -22,6 +22,7 @@ namespace Poniverse\Ponyfm\Commands;
|
||||||
|
|
||||||
use Poniverse\Ponyfm\Models\Image;
|
use Poniverse\Ponyfm\Models\Image;
|
||||||
use Poniverse\Ponyfm\Models\User;
|
use Poniverse\Ponyfm\Models\User;
|
||||||
|
use Gate;
|
||||||
use Illuminate\Support\Facades\Auth;
|
use Illuminate\Support\Facades\Auth;
|
||||||
use Illuminate\Support\Facades\Validator;
|
use Illuminate\Support\Facades\Validator;
|
||||||
|
|
||||||
|
@ -29,11 +30,15 @@ class SaveAccountSettingsCommand extends CommandBase
|
||||||
{
|
{
|
||||||
private $_input;
|
private $_input;
|
||||||
private $_slug;
|
private $_slug;
|
||||||
|
private $_user;
|
||||||
|
private $_current;
|
||||||
|
|
||||||
function __construct($input, $slug)
|
function __construct($input, $slug)
|
||||||
{
|
{
|
||||||
$this->_input = $input;
|
$this->_input = $input;
|
||||||
$this->_slug = $slug;
|
$this->_slug = $slug;
|
||||||
|
$this->_user = null;
|
||||||
|
$this->_current = null;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -41,7 +46,25 @@ class SaveAccountSettingsCommand extends CommandBase
|
||||||
*/
|
*/
|
||||||
public function authorize()
|
public function authorize()
|
||||||
{
|
{
|
||||||
return Auth::user() != null || Auth::user()->hasRole('admin');
|
if (Auth::user() != null) {
|
||||||
|
$this->_current = Auth::user();
|
||||||
|
|
||||||
|
if ($this->_slug == $this->_current->slug) {
|
||||||
|
$this->_user = $this->_current;
|
||||||
|
} else {
|
||||||
|
$this->_user = User::where('slug', $this->_slug)->whereNull('disabled_at')->first();
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($this->_user == null) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (Gate::allows('edit', $this->_user)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -50,17 +73,8 @@ class SaveAccountSettingsCommand extends CommandBase
|
||||||
*/
|
*/
|
||||||
public function execute()
|
public function execute()
|
||||||
{
|
{
|
||||||
$user = null;
|
if ($this->_user == null) {
|
||||||
$current_user = Auth::user();
|
if ($_current->hasRole('admin')) {
|
||||||
|
|
||||||
if ($this->_slug == -1 || $this->_slug == $current_user->slug) {
|
|
||||||
$user = $current_user;
|
|
||||||
} else if ($current_user->hasRole('admin')) {
|
|
||||||
$user = User::where('slug', $this->_slug)->whereNull('disabled_at')->first();
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($user == null) {
|
|
||||||
if ($current_user->hasRole('admin')) {
|
|
||||||
return CommandResponse::fail(['Not found']);
|
return CommandResponse::fail(['Not found']);
|
||||||
} else {
|
} else {
|
||||||
return CommandResponse::fail(['Permission denied']);
|
return CommandResponse::fail(['Permission denied']);
|
||||||
|
@ -73,7 +87,7 @@ class SaveAccountSettingsCommand extends CommandBase
|
||||||
];
|
];
|
||||||
|
|
||||||
if ($this->_input['sync_names'] == 'true') {
|
if ($this->_input['sync_names'] == 'true') {
|
||||||
$this->_input['display_name'] = $user->username;
|
$this->_input['display_name'] = $this->_user->username;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($this->_input['uses_gravatar'] == 'true') {
|
if ($this->_input['uses_gravatar'] == 'true') {
|
||||||
|
@ -90,7 +104,7 @@ class SaveAccountSettingsCommand extends CommandBase
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($this->_input['uses_gravatar'] != 'true') {
|
if ($this->_input['uses_gravatar'] != 'true') {
|
||||||
if ($user->avatar_id == null && !isset($this->_input['avatar']) && !isset($this->_input['avatar_id'])) {
|
if ($this->_user->avatar_id == null && !isset($this->_input['avatar']) && !isset($this->_input['avatar_id'])) {
|
||||||
$validator->messages()->add('avatar',
|
$validator->messages()->add('avatar',
|
||||||
'You must upload or select an avatar if you are not using gravatar!');
|
'You must upload or select an avatar if you are not using gravatar!');
|
||||||
|
|
||||||
|
@ -98,26 +112,26 @@ class SaveAccountSettingsCommand extends CommandBase
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$user->bio = $this->_input['bio'];
|
$this->_user->bio = $this->_input['bio'];
|
||||||
$user->display_name = $this->_input['display_name'];
|
$this->_user->display_name = $this->_input['display_name'];
|
||||||
$user->sync_names = $this->_input['sync_names'] == 'true';
|
$this->_user->sync_names = $this->_input['sync_names'] == 'true';
|
||||||
$user->can_see_explicit_content = $this->_input['can_see_explicit_content'] == 'true';
|
$this->_user->can_see_explicit_content = $this->_input['can_see_explicit_content'] == 'true';
|
||||||
$user->uses_gravatar = $this->_input['uses_gravatar'] == 'true';
|
$this->_user->uses_gravatar = $this->_input['uses_gravatar'] == 'true';
|
||||||
|
|
||||||
if ($user->uses_gravatar) {
|
if ($this->_user->uses_gravatar) {
|
||||||
$user->avatar_id = null;
|
$this->_user->avatar_id = null;
|
||||||
$user->gravatar = $this->_input['gravatar'];
|
$this->_user->gravatar = $this->_input['gravatar'];
|
||||||
} else {
|
} else {
|
||||||
if (isset($this->_input['avatar_id'])) {
|
if (isset($this->_input['avatar_id'])) {
|
||||||
$user->avatar_id = $this->_input['avatar_id'];
|
$this->_user->avatar_id = $this->_input['avatar_id'];
|
||||||
} else {
|
} else {
|
||||||
if (isset($this->_input['avatar'])) {
|
if (isset($this->_input['avatar'])) {
|
||||||
$user->avatar_id = Image::upload($this->_input['avatar'], $user)->id;
|
$this->_user->avatar_id = Image::upload($this->_input['avatar'], $this->_user)->id;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$user->save();
|
$this->_user->save();
|
||||||
|
|
||||||
return CommandResponse::succeed();
|
return CommandResponse::succeed();
|
||||||
}
|
}
|
||||||
|
|
|
@ -24,27 +24,30 @@ use Poniverse\Ponyfm\Http\Controllers\ApiControllerBase;
|
||||||
use Poniverse\Ponyfm\Commands\SaveAccountSettingsCommand;
|
use Poniverse\Ponyfm\Commands\SaveAccountSettingsCommand;
|
||||||
use Poniverse\Ponyfm\Models\User;
|
use Poniverse\Ponyfm\Models\User;
|
||||||
use Cover;
|
use Cover;
|
||||||
|
use Gate;
|
||||||
use Illuminate\Support\Facades\Auth;
|
use Illuminate\Support\Facades\Auth;
|
||||||
use Illuminate\Support\Facades\Input;
|
use Illuminate\Support\Facades\Input;
|
||||||
use Illuminate\Support\Facades\Response;
|
use Illuminate\Support\Facades\Response;
|
||||||
|
|
||||||
class AccountController extends ApiControllerBase
|
class AccountController extends ApiControllerBase
|
||||||
{
|
{
|
||||||
public function getSettings($slug = -1)
|
public function getSettings($slug)
|
||||||
{
|
{
|
||||||
$user = null;
|
$user = null;
|
||||||
$current_user = Auth::user();
|
$current_user = Auth::user();
|
||||||
|
|
||||||
if ($slug == -1 || $slug == $current_user->slug) {
|
if ($current_user != null) {
|
||||||
|
if ($slug == $current_user->slug) {
|
||||||
$user = $current_user;
|
$user = $current_user;
|
||||||
} else if ($current_user->hasRole('admin')) {
|
} else {
|
||||||
$user = User::where('slug', $slug)->whereNull('disabled_at')->first();
|
$user = User::where('slug', $slug)->whereNull('disabled_at')->first();
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($user == null) {
|
if ($user == null) {
|
||||||
if ($current_user->hasRole('admin')) {
|
|
||||||
return Response::json(['error' => 'User does not exist'], 404);
|
return Response::json(['error' => 'User does not exist'], 404);
|
||||||
} else {
|
}
|
||||||
|
|
||||||
|
if (Gate::denies('edit', $user)) {
|
||||||
return Response::json(['error' => 'You cannot do that. So stop trying!'], 403);
|
return Response::json(['error' => 'You cannot do that. So stop trying!'], 403);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -63,7 +66,7 @@ class AccountController extends ApiControllerBase
|
||||||
], 200);
|
], 200);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function postSave($slug = -1)
|
public function postSave($slug)
|
||||||
{
|
{
|
||||||
return $this->execute(new SaveAccountSettingsCommand(Input::all(), $slug));
|
return $this->execute(new SaveAccountSettingsCommand(Input::all(), $slug));
|
||||||
}
|
}
|
||||||
|
|
|
@ -123,7 +123,6 @@ Route::group(['prefix' => 'api/web'], function() {
|
||||||
|
|
||||||
Route::post('/comments/{type}/{id}', 'Api\Web\CommentsController@postCreate')->where('id', '\d+');
|
Route::post('/comments/{type}/{id}', 'Api\Web\CommentsController@postCreate')->where('id', '\d+');
|
||||||
|
|
||||||
Route::post('/account/settings/save', 'Api\Web\AccountController@postSave');
|
|
||||||
Route::post('/account/settings/save/{slug}', 'Api\Web\AccountController@postSave');
|
Route::post('/account/settings/save/{slug}', 'Api\Web\AccountController@postSave');
|
||||||
|
|
||||||
Route::post('/favourites/toggle', 'Api\Web\FavouritesController@postToggle');
|
Route::post('/favourites/toggle', 'Api\Web\FavouritesController@postToggle');
|
||||||
|
@ -134,7 +133,6 @@ Route::group(['prefix' => 'api/web'], function() {
|
||||||
});
|
});
|
||||||
|
|
||||||
Route::group(['middleware' => 'auth'], function() {
|
Route::group(['middleware' => 'auth'], function() {
|
||||||
Route::get('/account/settings', 'Api\Web\AccountController@getSettings');
|
|
||||||
Route::get('/account/settings/{slug}', 'Api\Web\AccountController@getSettings');
|
Route::get('/account/settings/{slug}', 'Api\Web\AccountController@getSettings');
|
||||||
|
|
||||||
Route::get('/tracks/owned', 'Api\Web\TracksController@getOwned');
|
Route::get('/tracks/owned', 'Api\Web\TracksController@getOwned');
|
||||||
|
|
Loading…
Reference in a new issue