banquise/pelican-panel-mirror
3
0
Fork 1
mirror of https://github.com/pelican-dev/panel.git synced 2025-05-20 06:24:44 +02:00
Code Issues Packages Projects Releases Wiki Activity
pelican-panel-mirror/app/Transformers/Api/Application/BaseTransformer.php
Boy132 fc643f57f9
Admin Roles (#502) 
* add spatie/permissions

* add policies

* add role resource

* add root admin role handling

* replace some "root_admin" with function

* add model specific permissions

* make permission selection nicer

* fix user creation

* fix tests

* add back subuser checks in server policy

* add custom model for role

* assign new users to role if root_admin is set

* add api for roles

* fix phpstan

* add permissions for settings page

* remove "restore" and "forceDelete" permissions

* add user count to list

* prevent deletion if role has users

* update user list

* fix server policy

* remove old `root_admin` column

* small refactor

* fix tests

* forgot can checks here

* forgot use

* disable editing own roles & disable assigning root admin

* don't allow to rename root admin role

* remove php bombing exception handler

* fix role assignment when creating a user

* fix disableOptionWhen

* fix missing `root_admin` attribute on react frontend

* add permission check for bulk delete

* rename viewAny to viewList

* improve canAccessPanel check

* fix admin not displaying for non-root admins

* make sure non root admins can't edit root admins

* fix import

* fix settings page permission check

* fix server permissions for non-subusers

* fix settings page permission check v2

* small cleanup

* cleanup config file

* move consts from resouce into enum & model

* Update database/migrations/2024_08_01_114538_remove_root_admin_column.php

Co-authored-by: Lance Pioch <lancepioch@gmail.com>

* fix config

* fix phpstan

* fix phpstan 2.0

---------

Co-authored-by: Lance Pioch <lancepioch@gmail.com>
2024-09-21 12:27:41 +02:00

117 lines
3.2 KiB
PHP
Raw Blame History

<?php
namespace App\Transformers\Api\Application;
use Carbon\CarbonImmutable;
use Carbon\CarbonInterface;
use Illuminate\Http\Request;
use Webmozart\Assert\Assert;
use App\Models\ApiKey;
use Illuminate\Container\Container;
use Illuminate\Database\Eloquent\Model;
use League\Fractal\TransformerAbstract;
use App\Services\Acl\Api\AdminAcl;
/**
* @method array transform(Model $model)
*/
abstract class BaseTransformer extends TransformerAbstract
{
public const RESPONSE_TIMEZONE = 'UTC';
protected Request $request;
/**
* BaseTransformer constructor.
*/
public function __construct()
{
// Transformers allow for dependency injection on the handle method.
if (method_exists($this, 'handle')) {
Container::getInstance()->call([$this, 'handle']);
}
}
/**
* Return the resource name for the JSONAPI output.
*/
abstract public function getResourceName(): string;
/**
* Sets the request on the instance.
*/
public function setRequest(Request $request): self
{
$this->request = $request;
return $this;
}
/**
* Returns a new transformer instance with the request set on the instance.
*
* @return static
*/
public static function fromRequest(Request $request): self
{
return app(static::class)->setRequest($request);
}
/**
* Determine if the API key loaded onto the transformer has permission
* to access a different resource. This is used when including other
* models on a transformation request.
*
* @deprecated — prefer $user->can/cannot methods
*/
protected function authorize(string $resource): bool
{
$allowed = [ApiKey::TYPE_ACCOUNT, ApiKey::TYPE_APPLICATION];
$token = $this->request->user()->currentAccessToken();
if (!$token instanceof ApiKey || !in_array($token->key_type, $allowed)) {
return false;
}
// If this is not a deprecated application token type we can only check that
// the user is a root admin at the moment. In a future release we'll be rolling
// out more specific permissions for keys.
if ($token->key_type === ApiKey::TYPE_ACCOUNT) {
return $this->request->user()->isRootAdmin();
}
return AdminAcl::check($token, $resource);
}
/**
* Create a new instance of the transformer and pass along the currently
* set API key.
*
* @template T of \App\Transformers\Api\Application\BaseTransformer
*
* @param class-string<T> $abstract
*
* @return T
*
* @throws \App\Exceptions\Transformer\InvalidTransformerLevelException
*
* @noinspection PhpDocSignatureInspection
*/
protected function makeTransformer(string $abstract)
{
Assert::subclassOf($abstract, self::class);
return $abstract::fromRequest($this->request);
}
/**
* Return an ISO-8601 formatted timestamp to use in the API response.
*/
protected function formatTimestamp(string $timestamp): string
{
return CarbonImmutable::createFromFormat(CarbonInterface::DEFAULT_TO_STRING_FORMAT, $timestamp)
->setTimezone(self::RESPONSE_TIMEZONE)
->toAtomString();
}
}
Reference in New Issue View Git Blame Copy Permalink