mirror of
https://github.com/pelican-dev/panel.git
synced 2025-05-20 05:14:46 +02:00
fc643f57f9
* add spatie/permissions * add policies * add role resource * add root admin role handling * replace some "root_admin" with function * add model specific permissions * make permission selection nicer * fix user creation * fix tests * add back subuser checks in server policy * add custom model for role * assign new users to role if root_admin is set * add api for roles * fix phpstan * add permissions for settings page * remove "restore" and "forceDelete" permissions * add user count to list * prevent deletion if role has users * update user list * fix server policy * remove old `root_admin` column * small refactor * fix tests * forgot can checks here * forgot use * disable editing own roles & disable assigning root admin * don't allow to rename root admin role * remove php bombing exception handler * fix role assignment when creating a user * fix disableOptionWhen * fix missing `root_admin` attribute on react frontend * add permission check for bulk delete * rename viewAny to viewList * improve canAccessPanel check * fix admin not displaying for non-root admins * make sure non root admins can't edit root admins * fix import * fix settings page permission check * fix server permissions for non-subusers * fix settings page permission check v2 * small cleanup * cleanup config file * move consts from resouce into enum & model * Update database/migrations/2024_08_01_114538_remove_root_admin_column.php Co-authored-by: Lance Pioch <lancepioch@gmail.com> * fix config * fix phpstan * fix phpstan 2.0 --------- Co-authored-by: Lance Pioch <lancepioch@gmail.com>
119 lines
4.2 KiB
PHP
119 lines
4.2 KiB
PHP
<?php
|
|
|
|
namespace App\Transformers\Api\Client;
|
|
|
|
use Illuminate\Support\Str;
|
|
use App\Models\User;
|
|
use App\Models\ActivityLog;
|
|
use Illuminate\Database\Eloquent\Model;
|
|
|
|
class ActivityLogTransformer extends BaseClientTransformer
|
|
{
|
|
protected array $availableIncludes = ['actor'];
|
|
|
|
public function getResourceName(): string
|
|
{
|
|
return ActivityLog::RESOURCE_NAME;
|
|
}
|
|
|
|
public function transform(ActivityLog $model): array
|
|
{
|
|
return [
|
|
// This is not for security, it is only to provide a unique identifier to
|
|
// the front-end for each entry to improve rendering performance since there
|
|
// is nothing else sufficiently unique to key off at this point.
|
|
'id' => sha1((string) $model->id),
|
|
'batch' => $model->batch,
|
|
'event' => $model->event,
|
|
'is_api' => !is_null($model->api_key_id),
|
|
'ip' => $this->canViewIP($model->actor) ? $model->ip : null,
|
|
'description' => $model->description,
|
|
'properties' => $this->properties($model),
|
|
'has_additional_metadata' => $this->hasAdditionalMetadata($model),
|
|
'timestamp' => $model->timestamp->toAtomString(),
|
|
];
|
|
}
|
|
|
|
public function includeActor(ActivityLog $model)
|
|
{
|
|
if (!$model->actor instanceof User) {
|
|
return $this->null();
|
|
}
|
|
|
|
return $this->item($model->actor, $this->makeTransformer(UserTransformer::class), User::RESOURCE_NAME);
|
|
}
|
|
|
|
/**
|
|
* Transforms any array values in the properties into a countable field for easier
|
|
* use within the translation outputs.
|
|
*/
|
|
protected function properties(ActivityLog $model): object
|
|
{
|
|
if (!$model->properties || $model->properties->isEmpty()) {
|
|
return (object) [];
|
|
}
|
|
|
|
$properties = $model->properties
|
|
->mapWithKeys(function ($value, $key) use ($model) {
|
|
if ($key === 'ip' && $model->actor instanceof User && !$model->actor->is($this->request->user())) {
|
|
return [$key => '[hidden]'];
|
|
}
|
|
|
|
if (!is_array($value)) {
|
|
// Perform some directory normalization at this point.
|
|
if ($key === 'directory') {
|
|
$value = str_replace('//', '/', '/' . trim($value, '/') . '/');
|
|
}
|
|
|
|
return [$key => $value];
|
|
}
|
|
|
|
return [$key => $value, "{$key}_count" => count($value)];
|
|
});
|
|
|
|
$keys = $properties->keys()->filter(fn ($key) => Str::endsWith($key, '_count'))->values();
|
|
if ($keys->containsOneItem()) {
|
|
$properties = $properties->merge(['count' => $properties->get($keys[0])])->except([$keys[0]]);
|
|
}
|
|
|
|
return (object) $properties->toArray();
|
|
}
|
|
|
|
/**
|
|
* Determines if there are any log properties that we've not already exposed
|
|
* in the response language string and that are not just the IP address or
|
|
* the browser useragent.
|
|
*
|
|
* This is used by the front-end to selectively display an "additional metadata"
|
|
* button that is pointless if there is nothing the user can't already see from
|
|
* the event description.
|
|
*/
|
|
protected function hasAdditionalMetadata(ActivityLog $model): bool
|
|
{
|
|
if (is_null($model->properties) || $model->properties->isEmpty()) {
|
|
return false;
|
|
}
|
|
|
|
$str = trans('activity.' . str_replace(':', '.', $model->event));
|
|
preg_match_all('/:(?<key>[\w.-]+\w)(?:[^\w:]?|$)/', $str, $matches);
|
|
|
|
$exclude = array_merge($matches['key'], ['ip', 'useragent', 'using_sftp']);
|
|
foreach ($model->properties->keys() as $key) {
|
|
if (!in_array($key, $exclude, true)) {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Determines if the user can view the IP address in the output either because they are the
|
|
* actor that performed the action, or because they are an administrator on the Panel.
|
|
*/
|
|
protected function canViewIP(Model $actor = null): bool
|
|
{
|
|
return $actor?->is($this->request->user()) || $this->request->user()->isRootAdmin();
|
|
}
|
|
}
|