Prechádzať zdrojové kódy

Control & Promote administrator status via a method rather than a prop

Bubka 1 rok pred
rodič
commit
8b397750e8

+ 1 - 1
app/Extensions/RemoteUserProvider.php

@@ -63,7 +63,7 @@ class RemoteUserProvider implements UserProvider
             Log::info(sprintf('Remote user %s created with email address %s', var_export($user->name, true), var_export($user->email, true)));
             Log::info(sprintf('Remote user %s created with email address %s', var_export($user->name, true), var_export($user->email, true)));
 
 
             if (User::count() === 1) {
             if (User::count() === 1) {
-                $user->is_admin = true;
+                $user->promoteToAdministrator();
                 $user->save();
                 $user->save();
             }
             }
         } else {
         } else {

+ 9 - 4
app/Http/Controllers/Auth/LoginController.php

@@ -107,16 +107,21 @@ class LoginController extends Controller
     {
     {
         $this->clearLoginAttempts($request);
         $this->clearLoginAttempts($request);
 
 
-        $name = $this->guard()->user()?->name;
+        /**
+         * @var \App\Models\User|null
+         */
+        $user = $this->guard()->user();
+        $name = $user?->name;
 
 
         $this->authenticated($request, $this->guard()->user());
         $this->authenticated($request, $this->guard()->user());
 
 
         return response()->json([
         return response()->json([
             'message'     => 'authenticated',
             'message'     => 'authenticated',
+            'id'          => $user->id,
             'name'        => $name,
             'name'        => $name,
-            'email'       => $this->guard()->user()->email,
-            'preferences' => $this->guard()->user()->preferences,
-            'is_admin'    => $this->guard()->user()->is_admin,
+            'email'       => $user->email,
+            'preferences' => $user->preferences,
+            'is_admin'    => $user->isAdministrator(),
         ], Response::HTTP_OK);
         ], Response::HTTP_OK);
     }
     }
 
 

+ 7 - 3
app/Http/Controllers/Auth/RegisterController.php

@@ -43,13 +43,17 @@ class RegisterController extends Controller
         event(new Registered($user = $this->create($validated)));
         event(new Registered($user = $this->create($validated)));
 
 
         $this->guard()->login($user);
         $this->guard()->login($user);
+        /**
+         * @var \App\Models\User|null
+         */
+        $user = $this->guard()->user();
 
 
         return response()->json([
         return response()->json([
             'message'     => 'account created',
             'message'     => 'account created',
             'name'        => $user->name,
             'name'        => $user->name,
             'email'       => $user->email,
             'email'       => $user->email,
-            'preferences' => $this->guard()->user()->preferences,
-            'is_admin'    => $this->guard()->user()->is_admin,
+            'preferences' => $user->preferences,
+            'is_admin'    => $user->isAdministrator(),
         ], 201);
         ], 201);
     }
     }
 
 
@@ -69,7 +73,7 @@ class RegisterController extends Controller
         Log::info(sprintf('User ID #%s created', $user->id));
         Log::info(sprintf('User ID #%s created', $user->id));
 
 
         if (User::count() == 1) {
         if (User::count() == 1) {
-            $user->is_admin = true;
+            $user->promoteToAdministrator();
             $user->save();
             $user->save();
             Log::notice(sprintf('User ID #%s set as administrator', $user->id));
             Log::notice(sprintf('User ID #%s set as administrator', $user->id));
         }
         }

+ 1 - 1
app/Http/Controllers/Auth/SocialiteController.php

@@ -56,7 +56,7 @@ class SocialiteController extends Controller
             if (User::where('email', $socialiteEmail)->exists()) {
             if (User::where('email', $socialiteEmail)->exists()) {
                 return redirect('/error?err=sso_email_already_used');
                 return redirect('/error?err=sso_email_already_used');
             } elseif (User::count() === 0) {
             } elseif (User::count() === 0) {
-                $user->is_admin = true;
+                $user->promoteToAdministrator();
             } elseif (Settings::get('disableRegistration')) {
             } elseif (Settings::get('disableRegistration')) {
                 return redirect('/error?err=sso_no_register');
                 return redirect('/error?err=sso_no_register');
             }
             }

+ 1 - 1
app/Http/Controllers/Auth/UserController.php

@@ -59,7 +59,7 @@ class UserController extends Controller
 
 
         Log::info(sprintf('Deletion of user ID #%s requested', $user->id));
         Log::info(sprintf('Deletion of user ID #%s requested', $user->id));
 
 
-        if ($user->is_admin && User::admins()->count() == 1) {
+        if ($user->isAdministrator() && User::admins()->count() == 1) {
             return response()->json(['message' => __('errors.cannot_delete_the_only_admin')], 400);
             return response()->json(['message' => __('errors.cannot_delete_the_only_admin')], 400);
         }
         }
 
 

+ 1 - 1
app/Http/Controllers/SystemController.php

@@ -45,7 +45,7 @@ class SystemController extends Controller
             $infos['common']['Trusted proxies']            = config('2fauth.config.trustedProxies') ?: 'none';
             $infos['common']['Trusted proxies']            = config('2fauth.config.trustedProxies') ?: 'none';
 
 
             // Admin settings
             // Admin settings
-            if ($request->user()->is_admin == true) {
+            if ($request->user()->isAdministrator()) {
                 $infos['admin_settings']['useEncryption']  = Settings::get('useEncryption');
                 $infos['admin_settings']['useEncryption']  = Settings::get('useEncryption');
                 $infos['admin_settings']['lastRadarScan']  = Carbon::parse(Settings::get('lastRadarScan'))->format('Y-m-d H:i:s');
                 $infos['admin_settings']['lastRadarScan']  = Carbon::parse(Settings::get('lastRadarScan'))->format('Y-m-d H:i:s');
                 $infos['admin_settings']['checkForUpdate'] = Settings::get('checkForUpdate');
                 $infos['admin_settings']['checkForUpdate'] = Settings::get('checkForUpdate');

+ 1 - 1
app/Http/Middleware/AdminOnly.php

@@ -16,7 +16,7 @@ class AdminOnly
      */
      */
     public function handle($request, Closure $next)
     public function handle($request, Closure $next)
     {
     {
-        if (! Auth::user()->is_admin) {
+        if (! Auth::user()->isAdministrator()) {
             throw new AuthorizationException;
             throw new AuthorizationException;
         }
         }
 
 

+ 22 - 0
app/Models/User.php

@@ -8,6 +8,7 @@ use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Foundation\Auth\User as Authenticatable;
 use Illuminate\Foundation\Auth\User as Authenticatable;
 use Illuminate\Notifications\Notifiable;
 use Illuminate\Notifications\Notifiable;
 use Illuminate\Support\Facades\Log;
 use Illuminate\Support\Facades\Log;
+use Illuminate\Support\Str;
 use Laragear\WebAuthn\WebAuthnAuthentication;
 use Laragear\WebAuthn\WebAuthnAuthentication;
 use Laravel\Passport\HasApiTokens;
 use Laravel\Passport\HasApiTokens;
 
 
@@ -86,6 +87,27 @@ class User extends Authenticatable implements WebAuthnAuthenticatable
         return $query->where('is_admin', true);
         return $query->where('is_admin', true);
     }
     }
 
 
+    /**
+     * Determine if the user is an administrator.
+     *
+     * @return boolean
+     */
+    public function isAdministrator()
+    {
+        return $this->is_admin;
+    }
+
+    /**
+     * Grant administrator permissions to the user.
+     *
+     * @param  bool  $promote  
+     * @return void
+     */
+    public function promoteToAdministrator(bool $promote = true)
+    {
+        $this->is_admin = $promote;
+    }
+
     /**
     /**
      * Send the password reset notification.
      * Send the password reset notification.
      *
      *