From 1f3badb7313860edd5e59c91305af97fb753260f Mon Sep 17 00:00:00 2001 From: James Cole Date: Wed, 9 Feb 2022 17:31:30 +0100 Subject: [PATCH] Update various routes --- .../Models/Recurrence/ShowController.php | 2 +- .../V1/Requests/System/UserUpdateRequest.php | 24 ++++++++++++++++++- routes/api.php | 2 +- 3 files changed, 25 insertions(+), 3 deletions(-) diff --git a/app/Api/V1/Controllers/Models/Recurrence/ShowController.php b/app/Api/V1/Controllers/Models/Recurrence/ShowController.php index bad3f2fbc5..ecb7438755 100644 --- a/app/Api/V1/Controllers/Models/Recurrence/ShowController.php +++ b/app/Api/V1/Controllers/Models/Recurrence/ShowController.php @@ -77,7 +77,7 @@ class ShowController extends Controller $pageSize = (int)app('preferences')->getForUser(auth()->user(), 'listPageSize', 50)->data; // get list of budgets. Count it and split it. - $collection = $this->repository->getAll(); + $collection = $this->repository->get(); $count = $collection->count(); $piggyBanks = $collection->slice(($this->parameters->get('page') - 1) * $pageSize, $pageSize); diff --git a/app/Api/V1/Requests/System/UserUpdateRequest.php b/app/Api/V1/Requests/System/UserUpdateRequest.php index e3a707c00f..7e94a3ad96 100644 --- a/app/Api/V1/Requests/System/UserUpdateRequest.php +++ b/app/Api/V1/Requests/System/UserUpdateRequest.php @@ -28,6 +28,7 @@ use FireflyIII\Rules\IsBoolean; use FireflyIII\Support\Request\ChecksLogin; use FireflyIII\Support\Request\ConvertsDataTypes; use Illuminate\Foundation\Http\FormRequest; +use Illuminate\Validation\Validator; /** * Class UserUpdateRequest @@ -43,7 +44,7 @@ class UserUpdateRequest extends FormRequest */ public function authorize(): bool { - return auth()->check() && auth()->user()->hasRole('owner'); + return auth()->check(); } /** @@ -83,4 +84,25 @@ class UserUpdateRequest extends FormRequest ]; } + /** + * Configure the validator instance. + * + * @param Validator $validator + * + * @return void + */ + public function withValidator(Validator $validator): void + { + $current = $this->route()->parameter('user'); + $validator->after( + static function (Validator $validator) use($current) { + $isAdmin = auth()->user()->hasRole('owner'); + // not admin, and not own user? + if (auth()->check() && false === $isAdmin && $current?->id !== auth()->user()->id) { + $validator->errors()->add('email', (string) trans('validation.invalid_selection')); + } + } + ); + } + } diff --git a/routes/api.php b/routes/api.php index 1e938b26b6..08f39771ce 100644 --- a/routes/api.php +++ b/routes/api.php @@ -525,7 +525,7 @@ Route::group( ); // Users API routes: Route::group( - ['middleware' => ['auth:api', 'bindings', IsAdmin::class], 'namespace' => 'FireflyIII\Api\V1\Controllers\System', 'prefix' => 'users', + ['middleware' => ['auth:api,sanctum', 'bindings'], 'namespace' => 'FireflyIII\Api\V1\Controllers\System', 'prefix' => 'users', 'as' => 'api.v1.users.',], static function () {