Switch admin check to Gate

This commit is contained in:
Josef Citrine 2016-05-17 13:00:57 +01:00
parent 7bc8852043
commit fb7f291f31
3 changed files with 53 additions and 38 deletions

View file

@ -22,6 +22,7 @@ namespace Poniverse\Ponyfm\Commands;
use Poniverse\Ponyfm\Models\Image; use Poniverse\Ponyfm\Models\Image;
use Poniverse\Ponyfm\Models\User; use Poniverse\Ponyfm\Models\User;
use Gate;
use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Validator; use Illuminate\Support\Facades\Validator;
@ -29,11 +30,15 @@ class SaveAccountSettingsCommand extends CommandBase
{ {
private $_input; private $_input;
private $_slug; private $_slug;
private $_user;
private $_current;
function __construct($input, $slug) function __construct($input, $slug)
{ {
$this->_input = $input; $this->_input = $input;
$this->_slug = $slug; $this->_slug = $slug;
$this->_user = null;
$this->_current = null;
} }
/** /**
@ -41,7 +46,25 @@ class SaveAccountSettingsCommand extends CommandBase
*/ */
public function authorize() public function authorize()
{ {
return Auth::user() != null || Auth::user()->hasRole('admin'); if (Auth::user() != null) {
$this->_current = Auth::user();
if ($this->_slug == $this->_current->slug) {
$this->_user = $this->_current;
} else {
$this->_user = User::where('slug', $this->_slug)->whereNull('disabled_at')->first();
}
if ($this->_user == null) {
return false;
}
if (Gate::allows('edit', $this->_user)) {
return true;
}
}
return false;
} }
/** /**
@ -50,17 +73,8 @@ class SaveAccountSettingsCommand extends CommandBase
*/ */
public function execute() public function execute()
{ {
$user = null; if ($this->_user == null) {
$current_user = Auth::user(); if ($_current->hasRole('admin')) {
if ($this->_slug == -1 || $this->_slug == $current_user->slug) {
$user = $current_user;
} else if ($current_user->hasRole('admin')) {
$user = User::where('slug', $this->_slug)->whereNull('disabled_at')->first();
}
if ($user == null) {
if ($current_user->hasRole('admin')) {
return CommandResponse::fail(['Not found']); return CommandResponse::fail(['Not found']);
} else { } else {
return CommandResponse::fail(['Permission denied']); return CommandResponse::fail(['Permission denied']);
@ -73,7 +87,7 @@ class SaveAccountSettingsCommand extends CommandBase
]; ];
if ($this->_input['sync_names'] == 'true') { if ($this->_input['sync_names'] == 'true') {
$this->_input['display_name'] = $user->username; $this->_input['display_name'] = $this->_user->username;
} }
if ($this->_input['uses_gravatar'] == 'true') { if ($this->_input['uses_gravatar'] == 'true') {
@ -90,7 +104,7 @@ class SaveAccountSettingsCommand extends CommandBase
} }
if ($this->_input['uses_gravatar'] != 'true') { if ($this->_input['uses_gravatar'] != 'true') {
if ($user->avatar_id == null && !isset($this->_input['avatar']) && !isset($this->_input['avatar_id'])) { if ($this->_user->avatar_id == null && !isset($this->_input['avatar']) && !isset($this->_input['avatar_id'])) {
$validator->messages()->add('avatar', $validator->messages()->add('avatar',
'You must upload or select an avatar if you are not using gravatar!'); 'You must upload or select an avatar if you are not using gravatar!');
@ -98,26 +112,26 @@ class SaveAccountSettingsCommand extends CommandBase
} }
} }
$user->bio = $this->_input['bio']; $this->_user->bio = $this->_input['bio'];
$user->display_name = $this->_input['display_name']; $this->_user->display_name = $this->_input['display_name'];
$user->sync_names = $this->_input['sync_names'] == 'true'; $this->_user->sync_names = $this->_input['sync_names'] == 'true';
$user->can_see_explicit_content = $this->_input['can_see_explicit_content'] == 'true'; $this->_user->can_see_explicit_content = $this->_input['can_see_explicit_content'] == 'true';
$user->uses_gravatar = $this->_input['uses_gravatar'] == 'true'; $this->_user->uses_gravatar = $this->_input['uses_gravatar'] == 'true';
if ($user->uses_gravatar) { if ($this->_user->uses_gravatar) {
$user->avatar_id = null; $this->_user->avatar_id = null;
$user->gravatar = $this->_input['gravatar']; $this->_user->gravatar = $this->_input['gravatar'];
} else { } else {
if (isset($this->_input['avatar_id'])) { if (isset($this->_input['avatar_id'])) {
$user->avatar_id = $this->_input['avatar_id']; $this->_user->avatar_id = $this->_input['avatar_id'];
} else { } else {
if (isset($this->_input['avatar'])) { if (isset($this->_input['avatar'])) {
$user->avatar_id = Image::upload($this->_input['avatar'], $user)->id; $this->_user->avatar_id = Image::upload($this->_input['avatar'], $this->_user)->id;
} }
} }
} }
$user->save(); $this->_user->save();
return CommandResponse::succeed(); return CommandResponse::succeed();
} }

View file

@ -24,27 +24,30 @@ use Poniverse\Ponyfm\Http\Controllers\ApiControllerBase;
use Poniverse\Ponyfm\Commands\SaveAccountSettingsCommand; use Poniverse\Ponyfm\Commands\SaveAccountSettingsCommand;
use Poniverse\Ponyfm\Models\User; use Poniverse\Ponyfm\Models\User;
use Cover; use Cover;
use Gate;
use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Input; use Illuminate\Support\Facades\Input;
use Illuminate\Support\Facades\Response; use Illuminate\Support\Facades\Response;
class AccountController extends ApiControllerBase class AccountController extends ApiControllerBase
{ {
public function getSettings($slug = -1) public function getSettings($slug)
{ {
$user = null; $user = null;
$current_user = Auth::user(); $current_user = Auth::user();
if ($slug == -1 || $slug == $current_user->slug) { if ($current_user != null) {
if ($slug == $current_user->slug) {
$user = $current_user; $user = $current_user;
} else if ($current_user->hasRole('admin')) { } else {
$user = User::where('slug', $slug)->whereNull('disabled_at')->first(); $user = User::where('slug', $slug)->whereNull('disabled_at')->first();
} }
if ($user == null) { if ($user == null) {
if ($current_user->hasRole('admin')) {
return Response::json(['error' => 'User does not exist'], 404); return Response::json(['error' => 'User does not exist'], 404);
} else { }
if (Gate::denies('edit', $user)) {
return Response::json(['error' => 'You cannot do that. So stop trying!'], 403); return Response::json(['error' => 'You cannot do that. So stop trying!'], 403);
} }
} }
@ -63,7 +66,7 @@ class AccountController extends ApiControllerBase
], 200); ], 200);
} }
public function postSave($slug = -1) public function postSave($slug)
{ {
return $this->execute(new SaveAccountSettingsCommand(Input::all(), $slug)); return $this->execute(new SaveAccountSettingsCommand(Input::all(), $slug));
} }

View file

@ -123,7 +123,6 @@ Route::group(['prefix' => 'api/web'], function() {
Route::post('/comments/{type}/{id}', 'Api\Web\CommentsController@postCreate')->where('id', '\d+'); Route::post('/comments/{type}/{id}', 'Api\Web\CommentsController@postCreate')->where('id', '\d+');
Route::post('/account/settings/save', 'Api\Web\AccountController@postSave');
Route::post('/account/settings/save/{slug}', 'Api\Web\AccountController@postSave'); Route::post('/account/settings/save/{slug}', 'Api\Web\AccountController@postSave');
Route::post('/favourites/toggle', 'Api\Web\FavouritesController@postToggle'); Route::post('/favourites/toggle', 'Api\Web\FavouritesController@postToggle');
@ -134,7 +133,6 @@ Route::group(['prefix' => 'api/web'], function() {
}); });
Route::group(['middleware' => 'auth'], function() { Route::group(['middleware' => 'auth'], function() {
Route::get('/account/settings', 'Api\Web\AccountController@getSettings');
Route::get('/account/settings/{slug}', 'Api\Web\AccountController@getSettings'); Route::get('/account/settings/{slug}', 'Api\Web\AccountController@getSettings');
Route::get('/tracks/owned', 'Api\Web\TracksController@getOwned'); Route::get('/tracks/owned', 'Api\Web\TracksController@getOwned');