IntenseFinance/firefly-iii
3
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-02-25 18:45:27 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix for #2439

Browse Source
This commit is contained in:
James Cole 2019-08-22 17:06:43 +02:00
parent 10737d10a5
commit 2a4051fe92
5 changed files with 175 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
app/Api/V1/Controllers/UserController.php
View File

@ -24,7 +24,8 @@ declare(strict_types=1);
namespace FireflyIII\Api\V1\Controllers; namespace FireflyIII\Api\V1\Controllers;
use FireflyIII\Api\V1\Requests\UserRequest; use FireflyIII\Api\V1\Requests\UserStoreRequest;
use FireflyIII\Api\V1\Requests\UserUpdateRequest;
use FireflyIII\Exceptions\FireflyException; use FireflyIII\Exceptions\FireflyException;
use FireflyIII\Repositories\User\UserRepositoryInterface; use FireflyIII\Repositories\User\UserRepositoryInterface;
use FireflyIII\Transformers\UserTransformer; use FireflyIII\Transformers\UserTransformer;
@ -155,11 +156,11 @@ class UserController extends Controller
/** /**
* Store a new user. * Store a new user.
* *
* @param UserRequest $request * @param UserStoreRequest $request
* *
* @return JsonResponse * @return JsonResponse
*/ */
public function store(UserRequest $request): JsonResponse public function store(UserStoreRequest $request): JsonResponse
{ {
$data = $request->getAll(); $data = $request->getAll();
$user = $this->repository->store($data); $user = $this->repository->store($data);
@ -183,12 +184,12 @@ class UserController extends Controller
/** /**
* Update a user. * Update a user.
* *
* @param UserRequest $request * @param UserUpdateRequest $request
* @param User $user * @param User $user
* *
* @return JsonResponse * @return JsonResponse
*/ */
public function update(UserRequest $request, User $user): JsonResponse public function update(UserUpdateRequest $request, User $user): JsonResponse
{ {
$data = $request->getAll(); $data = $request->getAll();
$user = $this->repository->update($user, $data); $user = $this->repository->update($user, $data);

23
app/Api/V1/Requests/UserRequest.php → app/Api/V1/Requests/UserStoreRequest.php
View File

@ -1,7 +1,7 @@
<?php <?php
/** /**
* UserRequest.php * UserStoreRequest.php
* Copyright (c) 2018 thegrumpydictator@gmail.com * Copyright (c) 2018 thegrumpydictator@gmail.com
* *
* This file is part of Firefly III. * This file is part of Firefly III.
@ -30,11 +30,9 @@ use FireflyIII\User;
/** /**
* Class UserRequest * Class UserStoreRequest
* @codeCoverageIgnore
* TODO AFTER 4.8,0: split this into two request classes.
*/ */
class UserRequest extends Request class UserStoreRequest extends Request
{ {
/** /**
* Authorize logged in users. * Authorize logged in users.
@ -68,7 +66,7 @@ class UserRequest extends Request
public function getAll(): array public function getAll(): array
{ {
$blocked = false; $blocked = false;
if (null === $this->get('blocked')) { if (null !== $this->get('blocked')) {
$blocked = $this->boolean('blocked'); $blocked = $this->boolean('blocked');
} }
$data = [ $data = [
@ -88,23 +86,12 @@ class UserRequest extends Request
*/ */
public function rules(): array public function rules(): array
{ {
$rules = [ return [
'email' => 'required|email|unique:users,email,', 'email' => 'required|email|unique:users,email,',
'blocked' => [new IsBoolean], 'blocked' => [new IsBoolean],
'blocked_code' => 'in:email_changed', 'blocked_code' => 'in:email_changed',
'role' => 'in:owner,demo', 'role' => 'in:owner,demo',
]; ];
switch ($this->method()) {
default:
break;
case 'PUT':
case 'PATCH':
$user = $this->route()->parameter('user');
$rules['email'] = 'required|email|unique:users,email,' . $user->id;
break;
}
return $rules;
} }
} }

100
app/Api/V1/Requests/UserUpdateRequest.php Normal file
View File

@ -0,0 +1,100 @@
<?php
/**
* UserUpdateRequest.php
* Copyright (c) 2018 thegrumpydictator@gmail.com
*
* This file is part of Firefly III.
*
* Firefly III is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Firefly III is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Firefly III. If not, see <http://www.gnu.org/licenses/>.
*/
declare(strict_types=1);
namespace FireflyIII\Api\V1\Requests;
use FireflyIII\Repositories\User\UserRepositoryInterface;
use FireflyIII\Rules\IsBoolean;
use FireflyIII\User;
/**
* Class UserUpdateRequest
*/
class UserUpdateRequest extends Request
{
/**
* Authorize logged in users.
*
* @return bool
*/
public function authorize(): bool
{
$result = false;
// Only allow authenticated users
if (auth()->check()) {
/** @var User $user */
$user = auth()->user();
/** @var UserRepositoryInterface $repository */
$repository = app(UserRepositoryInterface::class);
if ($repository->hasRole($user, 'owner')) {
$result = true; // @codeCoverageIgnore
}
}
return $result;
}
/**
* Get all data from the request.
*
* @return array
*/
public function getAll(): array
{
$blocked = false;
if (null !== $this->get('blocked')) {
$blocked = $this->boolean('blocked');
}
$data = [
'email' => $this->string('email'),
'blocked' => $blocked,
'blocked_code' => $this->string('blocked_code'),
'role' => $this->string('role'),
];
return $data;
}
/**
* The rules that the incoming request must be matched against.
*
* @return array
*/
public function rules(): array
{
$user = $this->route()->parameter('user');
$rules = [
'email' => sprintf('email|unique:users,email,%d', $user->id),
'blocked' => [new IsBoolean],
'blocked_code' => 'in:email_changed',
'role' => 'in:owner,demo,',
];
return $rules;
}
}

57
app/Repositories/User/UserRepository.php
View File

@ -86,10 +86,10 @@ class UserRepository implements UserRepositoryInterface
* @param User $user * @param User $user
* @param string $newEmail * @param string $newEmail
* *
* @see updateEmail
*
* @return bool * @return bool
* @throws \Exception * @throws \Exception
* @see updateEmail
*
*/ */
public function changeEmail(User $user, string $newEmail): bool public function changeEmail(User $user, string $newEmail): bool
{ {
@ -291,6 +291,28 @@ class UserRepository implements UserRepositoryInterface
return false; return false;
} }
/**
* Remove any role the user has.
*
* @param User $user
*/
public function removeRole(User $user): void
{
$user->roles()->sync([]);
}
/**
* Set MFA code.
*
* @param User $user
* @param string|null $code
*/
public function setMFACode(User $user, ?string $code): void
{
$user->mfa_secret = $code;
$user->save();
}
/** /**
* @param array $data * @param array $data
* *
@ -335,9 +357,17 @@ class UserRepository implements UserRepositoryInterface
*/ */
public function update(User $user, array $data): User public function update(User $user, array $data): User
{ {
$this->updateEmail($user, $data['email']); $this->updateEmail($user, $data['email'] ?? '');
$user->blocked = $data['blocked'] ?? false; if (isset($data['blocked']) && is_bool($data['blocked'])) {
$user->blocked_code = $data['blocked_code'] ?? null; $user->blocked = $data['blocked'];
}
if (isset($data['blocked_code']) && '' !== $data['blocked_code'] && is_string($data['blocked_code'])) {
$user->blocked_code = $data['blocked_code'];
}
if (isset($data['role']) && '' === $data['role']) {
$this->removeRole($user);
}
$user->save(); $user->save();
return $user; return $user;
@ -350,12 +380,15 @@ class UserRepository implements UserRepositoryInterface
* @param User $user * @param User $user
* @param string $newEmail * @param string $newEmail
* *
* @return bool
* @see changeEmail * @see changeEmail
* *
* @return bool
*/ */
public function updateEmail(User $user, string $newEmail): bool public function updateEmail(User $user, string $newEmail): bool
{ {
if ('' === $newEmail) {
return true;
}
$oldEmail = $user->email; $oldEmail = $user->email;
// save old email as pref // save old email as pref
@ -367,16 +400,4 @@ class UserRepository implements UserRepositoryInterface
return true; return true;
} }
/**
* Set MFA code.
*
* @param User $user
* @param string|null $code
*/
public function setMFACode(User $user, ?string $code): void
{
$user->mfa_secret = $code;
$user->save();
}
} }

27
app/Repositories/User/UserRepositoryInterface.php
View File

@ -39,14 +39,6 @@ interface UserRepositoryInterface
*/ */
public function all(): Collection; public function all(): Collection;
/**
* Set MFA code.
*
* @param User $user
* @param string|null $code
*/
public function setMFACode(User $user, ?string $code): void;
/** /**
* Gives a user a role. * Gives a user a role.
* *
@ -64,9 +56,9 @@ interface UserRepositoryInterface
* @param User $user * @param User $user
* @param string $newEmail * @param string $newEmail
* *
* @return bool
* @see updateEmail * @see updateEmail
* *
* @return bool
*/ */
public function changeEmail(User $user, string $newEmail): bool; public function changeEmail(User $user, string $newEmail): bool;
@ -162,6 +154,21 @@ interface UserRepositoryInterface
*/ */
public function hasRole(User $user, string $role): bool; public function hasRole(User $user, string $role): bool;
/**
* Remove any role the user has.
*
* @param User $user
*/
public function removeRole(User $user): void;
/**
* Set MFA code.
*
* @param User $user
* @param string|null $code
*/
public function setMFACode(User $user, ?string $code): void;
/** /**
* @param array $data * @param array $data
* *
@ -191,9 +198,9 @@ interface UserRepositoryInterface
* @param User $user * @param User $user
* @param string $newEmail * @param string $newEmail
* *
* @return bool
* @see changeEmail * @see changeEmail
* *
* @return bool
*/ */
public function updateEmail(User $user, string $newEmail): bool; public function updateEmail(User $user, string $newEmail): bool;
} }