mirror of
https://github.com/Poniverse/Pony.fm.git
synced 2024-11-25 14:37:59 +01:00
Switch admin check to Gate
This commit is contained in:
Josef Citrine
parent
7bc8852043
commit
fb7f291f31
3 changed files with 53 additions and 38 deletions
|
|
@ -22,6 +22,7 @@ namespace Poniverse\Ponyfm\Commands;
|
|||
|
||||
use Poniverse\Ponyfm\Models\Image;
|
||||
use Poniverse\Ponyfm\Models\User;
|
||||
use Gate;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
use Illuminate\Support\Facades\Validator;
|
||||
|
||||
|
|
@ -29,11 +30,15 @@ class SaveAccountSettingsCommand extends CommandBase
|
|||
{
|
||||
private $_input;
|
||||
private $_slug;
|
||||
private $_user;
|
||||
private $_current;
|
||||
|
||||
function __construct($input, $slug)
|
||||
{
|
||||
$this->_input = $input;
|
||||
$this->_slug = $slug;
|
||||
$this->_user = null;
|
||||
$this->_current = null;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -41,7 +46,25 @@ class SaveAccountSettingsCommand extends CommandBase
|
|||
*/
|
||||
public function authorize()
|
||||
{
|
||||
return Auth::user() != null || Auth::user()->hasRole('admin');
|
||||
if (Auth::user() != null) {
|
||||
$this->_current = Auth::user();
|
||||
|
||||
if ($this->_slug == $this->_current->slug) {
|
||||
$this->_user = $this->_current;
|
||||
} else {
|
||||
$this->_user = User::where('slug', $this->_slug)->whereNull('disabled_at')->first();
|
||||
}
|
||||
|
||||
if ($this->_user == null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (Gate::allows('edit', $this->_user)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -50,17 +73,8 @@ class SaveAccountSettingsCommand extends CommandBase
|
|||
*/
|
||||
public function execute()
|
||||
{
|
||||
$user = null;
|
||||
$current_user = Auth::user();
|
||||
|
||||
if ($this->_slug == -1 || $this->_slug == $current_user->slug) {
|
||||
$user = $current_user;
|
||||
} else if ($current_user->hasRole('admin')) {
|
||||
$user = User::where('slug', $this->_slug)->whereNull('disabled_at')->first();
|
||||
}
|
||||
|
||||
if ($user == null) {
|
||||
if ($current_user->hasRole('admin')) {
|
||||
if ($this->_user == null) {
|
||||
if ($_current->hasRole('admin')) {
|
||||
return CommandResponse::fail(['Not found']);
|
||||
} else {
|
||||
return CommandResponse::fail(['Permission denied']);
|
||||
|
|
@ -73,7 +87,7 @@ class SaveAccountSettingsCommand extends CommandBase
|
|||
];
|
||||
|
||||
if ($this->_input['sync_names'] == 'true') {
|
||||
$this->_input['display_name'] = $user->username;
|
||||
$this->_input['display_name'] = $this->_user->username;
|
||||
}
|
||||
|
||||
if ($this->_input['uses_gravatar'] == 'true') {
|
||||
|
|
@ -90,7 +104,7 @@ class SaveAccountSettingsCommand extends CommandBase
|
|||
}
|
||||
|
||||
if ($this->_input['uses_gravatar'] != 'true') {
|
||||
if ($user->avatar_id == null && !isset($this->_input['avatar']) && !isset($this->_input['avatar_id'])) {
|
||||
if ($this->_user->avatar_id == null && !isset($this->_input['avatar']) && !isset($this->_input['avatar_id'])) {
|
||||
$validator->messages()->add('avatar',
|
||||
'You must upload or select an avatar if you are not using gravatar!');
|
||||
|
||||
|
|
@ -98,26 +112,26 @@ class SaveAccountSettingsCommand extends CommandBase
|
|||
}
|
||||
}
|
||||
|
||||
$user->bio = $this->_input['bio'];
|
||||
$user->display_name = $this->_input['display_name'];
|
||||
$user->sync_names = $this->_input['sync_names'] == 'true';
|
||||
$user->can_see_explicit_content = $this->_input['can_see_explicit_content'] == 'true';
|
||||
$user->uses_gravatar = $this->_input['uses_gravatar'] == 'true';
|
||||
$this->_user->bio = $this->_input['bio'];
|
||||
$this->_user->display_name = $this->_input['display_name'];
|
||||
$this->_user->sync_names = $this->_input['sync_names'] == 'true';
|
||||
$this->_user->can_see_explicit_content = $this->_input['can_see_explicit_content'] == 'true';
|
||||
$this->_user->uses_gravatar = $this->_input['uses_gravatar'] == 'true';
|
||||
|
||||
if ($user->uses_gravatar) {
|
||||
$user->avatar_id = null;
|
||||
$user->gravatar = $this->_input['gravatar'];
|
||||
if ($this->_user->uses_gravatar) {
|
||||
$this->_user->avatar_id = null;
|
||||
$this->_user->gravatar = $this->_input['gravatar'];
|
||||
} else {
|
||||
if (isset($this->_input['avatar_id'])) {
|
||||
$user->avatar_id = $this->_input['avatar_id'];
|
||||
$this->_user->avatar_id = $this->_input['avatar_id'];
|
||||
} else {
|
||||
if (isset($this->_input['avatar'])) {
|
||||
$user->avatar_id = Image::upload($this->_input['avatar'], $user)->id;
|
||||
$this->_user->avatar_id = Image::upload($this->_input['avatar'], $this->_user)->id;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$user->save();
|
||||
$this->_user->save();
|
||||
|
||||
return CommandResponse::succeed();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -24,27 +24,30 @@ use Poniverse\Ponyfm\Http\Controllers\ApiControllerBase;
|
|||
use Poniverse\Ponyfm\Commands\SaveAccountSettingsCommand;
|
||||
use Poniverse\Ponyfm\Models\User;
|
||||
use Cover;
|
||||
use Gate;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
use Illuminate\Support\Facades\Input;
|
||||
use Illuminate\Support\Facades\Response;
|
||||
|
||||
class AccountController extends ApiControllerBase
|
||||
{
|
||||
public function getSettings($slug = -1)
|
||||
public function getSettings($slug)
|
||||
{
|
||||
$user = null;
|
||||
$current_user = Auth::user();
|
||||
|
||||
if ($slug == -1 || $slug == $current_user->slug) {
|
||||
$user = $current_user;
|
||||
} else if ($current_user->hasRole('admin')) {
|
||||
$user = User::where('slug', $slug)->whereNull('disabled_at')->first();
|
||||
}
|
||||
|
||||
if ($user == null) {
|
||||
if ($current_user->hasRole('admin')) {
|
||||
return Response::json(['error' => 'User does not exist'], 404);
|
||||
if ($current_user != null) {
|
||||
if ($slug == $current_user->slug) {
|
||||
$user = $current_user;
|
||||
} else {
|
||||
$user = User::where('slug', $slug)->whereNull('disabled_at')->first();
|
||||
}
|
||||
|
||||
if ($user == null) {
|
||||
return Response::json(['error' => 'User does not exist'], 404);
|
||||
}
|
||||
|
||||
if (Gate::denies('edit', $user)) {
|
||||
return Response::json(['error' => 'You cannot do that. So stop trying!'], 403);
|
||||
}
|
||||
}
|
||||
|
|
@ -63,7 +66,7 @@ class AccountController extends ApiControllerBase
|
|||
], 200);
|
||||
}
|
||||
|
||||
public function postSave($slug = -1)
|
||||
public function postSave($slug)
|
||||
{
|
||||
return $this->execute(new SaveAccountSettingsCommand(Input::all(), $slug));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -123,7 +123,6 @@ Route::group(['prefix' => 'api/web'], function() {
|
|||
|
||||
Route::post('/comments/{type}/{id}', 'Api\Web\CommentsController@postCreate')->where('id', '\d+');
|
||||
|
||||
Route::post('/account/settings/save', 'Api\Web\AccountController@postSave');
|
||||
Route::post('/account/settings/save/{slug}', 'Api\Web\AccountController@postSave');
|
||||
|
||||
Route::post('/favourites/toggle', 'Api\Web\FavouritesController@postToggle');
|
||||
|
|
@ -134,7 +133,6 @@ Route::group(['prefix' => 'api/web'], function() {
|
|||
});
|
||||
|
||||
Route::group(['middleware' => 'auth'], function() {
|
||||
Route::get('/account/settings', 'Api\Web\AccountController@getSettings');
|
||||
Route::get('/account/settings/{slug}', 'Api\Web\AccountController@getSettings');
|
||||
|
||||
Route::get('/tracks/owned', 'Api\Web\TracksController@getOwned');
|
||||
|
|
|
|||
Loading…
Reference in a new issue