Allow users to hand out admin rights.

2025-02-25 18:45:27 -06:00 · 2020-03-23 17:54:49 +01:00 · 2020-03-23 17:54:49 +01:00 · d6797b8428
commit d6797b8428
parent 76c89a8efa
7 changed files with 30 additions and 8 deletions
--- a/app/Http/Controllers/Admin/UserController.php
+++ b/app/Http/Controllers/Admin/UserController.php
@ -106,6 +106,8 @@ class UserController extends Controller

        $subTitle     = (string) trans('firefly.edit_user', ['email' => $user->email]);
        $subTitleIcon = 'fa-user-o';
+        $currentUser  = auth()->user();
+        $isAdmin      = $this->repository->hasRole($user, 'owner');
        $codes        = [
            ''              => (string) trans('firefly.no_block_code'),
            'bounced'       => (string) trans('firefly.block_code_bounced'),
@ -113,7 +115,7 @@ class UserController extends Controller
            'email_changed' => (string) trans('firefly.block_code_email_changed'),
        ];

-        return view('admin.users.edit', compact('user', 'subTitle', 'subTitleIcon', 'codes'));
+        return view('admin.users.edit', compact('user', 'subTitle', 'subTitleIcon', 'codes', 'currentUser','isAdmin'));
    }

    /**
@ -183,6 +185,13 @@ class UserController extends Controller
        if ('' !== $data['password']) {
            $this->repository->changePassword($user, $data['password']);
        }
+        if (true === $data['is_owner']) {
+            $this->repository->attachRole($user, 'owner');
+            session()->flash('info', trans('firefly.give_admin_careful'));
+        }
+        if (false === $data['is_owner']) {
+            $this->repository->removeRole($user, 'owner');
+        }

        $this->repository->changeStatus($user, $data['blocked'], $data['blocked_code']);
        $this->repository->updateEmail($user, $data['email']);
--- a/app/Http/Requests/UserFormRequest.php
+++ b/app/Http/Requests/UserFormRequest.php
@ -52,6 +52,7 @@ class UserFormRequest extends Request
            'blocked'      => 1 === $this->integer('blocked'),
            'blocked_code' => $this->string('blocked_code'),
            'password'     => $this->string('password'),
+            'is_owner'     => 1 === $this->integer('is_owner'),
        ];
    }

@ -68,6 +69,7 @@ class UserFormRequest extends Request
            'password'     => 'confirmed|secure_password',
            'blocked_code' => 'between:0,30|nullable',
            'blocked'      => 'between:0,1|numeric',
+            'is_owner'     => 'between:0,1|numeric',
        ];
    }
 }
--- a/app/Repositories/User/UserRepository.php
+++ b/app/Repositories/User/UserRepository.php
@ -293,11 +293,16 @@ class UserRepository implements UserRepositoryInterface
    /**
     * Remove any role the user has.
     *
-     * @param User $user
+     * @param User   $user
+     * @param string $role
     */
-    public function removeRole(User $user): void
+    public function removeRole(User $user, string $role): void
    {
-        $user->roles()->sync([]);
+        $roleObj = $this->getRole($role);
+        if (null === $roleObj) {
+            return;
+        }
+        $user->roles()->detach($roleObj->id);
    }

    /**
@ -364,7 +369,8 @@ class UserRepository implements UserRepositoryInterface
            $user->blocked_code = $data['blocked_code'];
        }
        if (isset($data['role']) && '' === $data['role']) {
-            $this->removeRole($user);
+            $this->removeRole($user, 'owner');
+            $this->removeRole($user, 'demo');
        }

        $user->save();
--- a/app/Repositories/User/UserRepositoryInterface.php
+++ b/app/Repositories/User/UserRepositoryInterface.php
@ -157,9 +157,10 @@ interface UserRepositoryInterface
    /**
     * Remove any role the user has.
     *
-     * @param User $user
+     * @param User   $user
+     * @param string $role
     */
-    public function removeRole(User $user): void;
+    public function removeRole(User $user, string $role): void;

    /**
     * Set MFA code.
--- a/resources/lang/en_US/firefly.php
+++ b/resources/lang/en_US/firefly.php
@ -1351,6 +1351,7 @@ return [
    'send_test_email_text'             => 'To see if your installation is capable of sending email, please press this button. You will not see an error here (if any), <strong>the log files will reflect any errors</strong>. You can press this button as many times as you like. There is no spam control. The message will be sent to <code>:email</code> and should arrive shortly.',
    'send_message'                     => 'Send message',
    'send_test_triggered'              => 'Test was triggered. Check your inbox and the log files.',
+    'give_admin_careful'               => 'Users who are given admin rights can take away yours. Be careful.',

    'split_transaction_title'               => 'Description of the split transaction',
    'split_transaction_title_help'          => 'If you create a split transaction, there must be a global description for all splits of the transaction.',
--- a/resources/lang/en_US/form.php
+++ b/resources/lang/en_US/form.php
@ -194,6 +194,7 @@ return [
    'blocked'               => 'Is blocked?',
    'blocked_code'          => 'Reason for block',
    'login_name'            => 'Login',
+    'is_owner'              => 'Is admin?',

    // import
    'apply_rules'           => 'Apply rules',
--- a/resources/views/v1/admin/users/edit.twig
+++ b/resources/views/v1/admin/users/edit.twig
@ -22,7 +22,9 @@
                    {{ ExpandedForm.password('password_confirmation') }}
                    {{ ExpandedForm.checkbox('blocked') }}
                    {{ ExpandedForm.select('blocked_code', codes, user.blocked_code) }}
-
+                    {% if user.id != currentUser.id %}
+                        {{ ExpandedForm.checkbox('is_owner',1,isAdmin) }}
+                    {% endif %}
                </div>
            </div>
        </div>