From 3ec90264bd08d8dd40f8358c75f442667f7643e5 Mon Sep 17 00:00:00 2001 From: Boy132 Date: Tue, 8 Oct 2024 23:46:28 +0200 Subject: [PATCH] Update API for roles (#611) * remove `guard_name` from api and add id to transformer * disallow update/ delete for root admin role via api * disallow assigning root admin via api * add api to remove user roles * fix assignRoles & removeRoles --- .../Api/Application/Roles/RoleController.php | 13 ++++++-- .../Api/Application/Users/UserController.php | 30 +++++++++++++++++-- .../Application/Roles/StoreRoleRequest.php | 1 - .../Users/AssignUserRolesRequest.php | 2 +- .../Application/RolePermissionTransformer.php | 1 - .../Api/Application/RoleTransformer.php | 2 +- routes/api-application.php | 3 +- 7 files changed, 43 insertions(+), 9 deletions(-) diff --git a/app/Http/Controllers/Api/Application/Roles/RoleController.php b/app/Http/Controllers/Api/Application/Roles/RoleController.php index 9a776c442..82fd99edd 100644 --- a/app/Http/Controllers/Api/Application/Roles/RoleController.php +++ b/app/Http/Controllers/Api/Application/Roles/RoleController.php @@ -2,6 +2,7 @@ namespace App\Http\Controllers\Api\Application\Roles; +use App\Exceptions\PanelException; use Illuminate\Http\Response; use Illuminate\Http\JsonResponse; use App\Models\Role; @@ -21,8 +22,8 @@ class RoleController extends ApplicationApiController public function index(GetRoleRequest $request): array { $roles = QueryBuilder::for(Role::query()) - ->allowedFilters(['name']) - ->allowedSorts(['name']) + ->allowedFilters(['id', 'name']) + ->allowedSorts(['id', 'name']) ->paginate($request->query('per_page') ?? 10); return $this->fractal->collection($roles) @@ -67,6 +68,10 @@ class RoleController extends ApplicationApiController */ public function update(UpdateRoleRequest $request, Role $role): array { + if ($role->isRootAdmin()) { + throw new PanelException('Can\'t update root admin role!'); + } + $role->update($request->validated()); return $this->fractal->item($role) @@ -81,6 +86,10 @@ class RoleController extends ApplicationApiController */ public function delete(DeleteRoleRequest $request, Role $role): Response { + if ($role->isRootAdmin()) { + throw new PanelException('Can\'t delete root admin role!'); + } + $role->delete(); return $this->returnNoContent(); diff --git a/app/Http/Controllers/Api/Application/Users/UserController.php b/app/Http/Controllers/Api/Application/Users/UserController.php index f7ed42496..32bfca730 100644 --- a/app/Http/Controllers/Api/Application/Users/UserController.php +++ b/app/Http/Controllers/Api/Application/Users/UserController.php @@ -14,6 +14,7 @@ use App\Http\Requests\Api\Application\Users\DeleteUserRequest; use App\Http\Requests\Api\Application\Users\UpdateUserRequest; use App\Http\Controllers\Api\Application\ApplicationApiController; use App\Http\Requests\Api\Application\Users\AssignUserRolesRequest; +use App\Models\Role; class UserController extends ApplicationApiController { @@ -79,9 +80,34 @@ class UserController extends ApplicationApiController /** * Assign roles to a user. */ - public function roles(AssignUserRolesRequest $request, User $user): array + public function assignRoles(AssignUserRolesRequest $request, User $user): array { - $user->syncRoles($request->input('roles')); + foreach ($request->input('roles') as $role) { + if ($role === Role::getRootAdmin()->id) { + continue; + } + + $user->assignRole($role); + } + + $response = $this->fractal->item($user) + ->transformWith($this->getTransformer(UserTransformer::class)); + + return $response->toArray(); + } + + /** + * Removes roles from a user. + */ + public function removeRoles(AssignUserRolesRequest $request, User $user): array + { + foreach ($request->input('roles') as $role) { + if ($role === Role::getRootAdmin()->id) { + continue; + } + + $user->removeRole($role); + } $response = $this->fractal->item($user) ->transformWith($this->getTransformer(UserTransformer::class)); diff --git a/app/Http/Requests/Api/Application/Roles/StoreRoleRequest.php b/app/Http/Requests/Api/Application/Roles/StoreRoleRequest.php index 4a9aa21f6..7968449a7 100644 --- a/app/Http/Requests/Api/Application/Roles/StoreRoleRequest.php +++ b/app/Http/Requests/Api/Application/Roles/StoreRoleRequest.php @@ -15,7 +15,6 @@ class StoreRoleRequest extends ApplicationApiRequest { return [ 'name' => 'required|string', - 'guard_name' => 'nullable|string', ]; } } diff --git a/app/Http/Requests/Api/Application/Users/AssignUserRolesRequest.php b/app/Http/Requests/Api/Application/Users/AssignUserRolesRequest.php index b04228966..c0af95102 100644 --- a/app/Http/Requests/Api/Application/Users/AssignUserRolesRequest.php +++ b/app/Http/Requests/Api/Application/Users/AssignUserRolesRequest.php @@ -11,7 +11,7 @@ class AssignUserRolesRequest extends StoreUserRequest { return [ 'roles' => 'array', - 'roles.*' => 'string', + 'roles.*' => 'int', ]; } } diff --git a/app/Transformers/Api/Application/RolePermissionTransformer.php b/app/Transformers/Api/Application/RolePermissionTransformer.php index 968a54f8f..16d9cc6cb 100644 --- a/app/Transformers/Api/Application/RolePermissionTransformer.php +++ b/app/Transformers/Api/Application/RolePermissionTransformer.php @@ -15,7 +15,6 @@ class RolePermissionTransformer extends BaseTransformer { return [ 'name' => $model->name, - 'guard_name' => $model->guard_name, 'created_at' => $model->created_at->toAtomString(), 'updated_at' => $model->updated_at->toAtomString(), ]; diff --git a/app/Transformers/Api/Application/RoleTransformer.php b/app/Transformers/Api/Application/RoleTransformer.php index d77b04e57..fd57a3ee1 100644 --- a/app/Transformers/Api/Application/RoleTransformer.php +++ b/app/Transformers/Api/Application/RoleTransformer.php @@ -26,8 +26,8 @@ class RoleTransformer extends BaseTransformer public function transform(Role $model): array { return [ + 'id' => $model->id, 'name' => $model->name, - 'guard_name' => $model->guard_name, 'created_at' => $model->created_at->toAtomString(), 'updated_at' => $model->updated_at->toAtomString(), ]; diff --git a/routes/api-application.php b/routes/api-application.php index cf5cbb9df..1d7b8b8be 100644 --- a/routes/api-application.php +++ b/routes/api-application.php @@ -19,7 +19,8 @@ Route::prefix('/users')->group(function () { Route::post('/', [Application\Users\UserController::class, 'store']); Route::patch('/{user:id}', [Application\Users\UserController::class, 'update']); - Route::patch('/{user:id}/roles', [Application\Users\UserController::class, 'roles']); + Route::patch('/{user:id}/roles/assign', [Application\Users\UserController::class, 'assignRoles']); + Route::patch('/{user:id}/roles/remove', [Application\Users\UserController::class, 'removeRoles']); Route::delete('/{user:id}', [Application\Users\UserController::class, 'delete']); });