Switch admin check to Gate

This commit is contained in:
Josef Citrine 2016-05-17 13:00:57 +01:00
parent 7bc8852043
commit fb7f291f31
3 changed files with 53 additions and 38 deletions

View file

@ -22,6 +22,7 @@ namespace Poniverse\Ponyfm\Commands;
use Poniverse\Ponyfm\Models\Image;
use Poniverse\Ponyfm\Models\User;
use Gate;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Validator;
@ -29,11 +30,15 @@ class SaveAccountSettingsCommand extends CommandBase
{
private $_input;
private $_slug;
private $_user;
private $_current;
function __construct($input, $slug)
{
$this->_input = $input;
$this->_slug = $slug;
$this->_user = null;
$this->_current = null;
}
/**
@ -41,7 +46,25 @@ class SaveAccountSettingsCommand extends CommandBase
*/
public function authorize()
{
return Auth::user() != null || Auth::user()->hasRole('admin');
if (Auth::user() != null) {
$this->_current = Auth::user();
if ($this->_slug == $this->_current->slug) {
$this->_user = $this->_current;
} else {
$this->_user = User::where('slug', $this->_slug)->whereNull('disabled_at')->first();
}
if ($this->_user == null) {
return false;
}
if (Gate::allows('edit', $this->_user)) {
return true;
}
}
return false;
}
/**
@ -50,17 +73,8 @@ class SaveAccountSettingsCommand extends CommandBase
*/
public function execute()
{
$user = null;
$current_user = Auth::user();
if ($this->_slug == -1 || $this->_slug == $current_user->slug) {
$user = $current_user;
} else if ($current_user->hasRole('admin')) {
$user = User::where('slug', $this->_slug)->whereNull('disabled_at')->first();
}
if ($user == null) {
if ($current_user->hasRole('admin')) {
if ($this->_user == null) {
if ($_current->hasRole('admin')) {
return CommandResponse::fail(['Not found']);
} else {
return CommandResponse::fail(['Permission denied']);
@ -73,7 +87,7 @@ class SaveAccountSettingsCommand extends CommandBase
];
if ($this->_input['sync_names'] == 'true') {
$this->_input['display_name'] = $user->username;
$this->_input['display_name'] = $this->_user->username;
}
if ($this->_input['uses_gravatar'] == 'true') {
@ -90,7 +104,7 @@ class SaveAccountSettingsCommand extends CommandBase
}
if ($this->_input['uses_gravatar'] != 'true') {
if ($user->avatar_id == null && !isset($this->_input['avatar']) && !isset($this->_input['avatar_id'])) {
if ($this->_user->avatar_id == null && !isset($this->_input['avatar']) && !isset($this->_input['avatar_id'])) {
$validator->messages()->add('avatar',
'You must upload or select an avatar if you are not using gravatar!');
@ -98,26 +112,26 @@ class SaveAccountSettingsCommand extends CommandBase
}
}
$user->bio = $this->_input['bio'];
$user->display_name = $this->_input['display_name'];
$user->sync_names = $this->_input['sync_names'] == 'true';
$user->can_see_explicit_content = $this->_input['can_see_explicit_content'] == 'true';
$user->uses_gravatar = $this->_input['uses_gravatar'] == 'true';
$this->_user->bio = $this->_input['bio'];
$this->_user->display_name = $this->_input['display_name'];
$this->_user->sync_names = $this->_input['sync_names'] == 'true';
$this->_user->can_see_explicit_content = $this->_input['can_see_explicit_content'] == 'true';
$this->_user->uses_gravatar = $this->_input['uses_gravatar'] == 'true';
if ($user->uses_gravatar) {
$user->avatar_id = null;
$user->gravatar = $this->_input['gravatar'];
if ($this->_user->uses_gravatar) {
$this->_user->avatar_id = null;
$this->_user->gravatar = $this->_input['gravatar'];
} else {
if (isset($this->_input['avatar_id'])) {
$user->avatar_id = $this->_input['avatar_id'];
$this->_user->avatar_id = $this->_input['avatar_id'];
} else {
if (isset($this->_input['avatar'])) {
$user->avatar_id = Image::upload($this->_input['avatar'], $user)->id;
$this->_user->avatar_id = Image::upload($this->_input['avatar'], $this->_user)->id;
}
}
}
$user->save();
$this->_user->save();
return CommandResponse::succeed();
}

View file

@ -24,27 +24,30 @@ use Poniverse\Ponyfm\Http\Controllers\ApiControllerBase;
use Poniverse\Ponyfm\Commands\SaveAccountSettingsCommand;
use Poniverse\Ponyfm\Models\User;
use Cover;
use Gate;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Input;
use Illuminate\Support\Facades\Response;
class AccountController extends ApiControllerBase
{
public function getSettings($slug = -1)
public function getSettings($slug)
{
$user = null;
$current_user = Auth::user();
if ($slug == -1 || $slug == $current_user->slug) {
if ($current_user != null) {
if ($slug == $current_user->slug) {
$user = $current_user;
} else if ($current_user->hasRole('admin')) {
} else {
$user = User::where('slug', $slug)->whereNull('disabled_at')->first();
}
if ($user == null) {
if ($current_user->hasRole('admin')) {
return Response::json(['error' => 'User does not exist'], 404);
} else {
}
if (Gate::denies('edit', $user)) {
return Response::json(['error' => 'You cannot do that. So stop trying!'], 403);
}
}
@ -63,7 +66,7 @@ class AccountController extends ApiControllerBase
], 200);
}
public function postSave($slug = -1)
public function postSave($slug)
{
return $this->execute(new SaveAccountSettingsCommand(Input::all(), $slug));
}

View file

@ -123,7 +123,6 @@ Route::group(['prefix' => 'api/web'], function() {
Route::post('/comments/{type}/{id}', 'Api\Web\CommentsController@postCreate')->where('id', '\d+');
Route::post('/account/settings/save', 'Api\Web\AccountController@postSave');
Route::post('/account/settings/save/{slug}', 'Api\Web\AccountController@postSave');
Route::post('/favourites/toggle', 'Api\Web\FavouritesController@postToggle');
@ -134,7 +133,6 @@ Route::group(['prefix' => 'api/web'], function() {
});
Route::group(['middleware' => 'auth'], function() {
Route::get('/account/settings', 'Api\Web\AccountController@getSettings');
Route::get('/account/settings/{slug}', 'Api\Web\AccountController@getSettings');
Route::get('/tracks/owned', 'Api\Web\TracksController@getOwned');