From 86e7601328a2695a9d843441cb1840947b200d59 Mon Sep 17 00:00:00 2001 From: Bubka <858858+Bubka@users.noreply.github.com> Date: Thu, 14 Mar 2024 15:09:05 +0100 Subject: [PATCH] Replace PUT by PATCH to promote admin permissions --- app/Api/v1/Controllers/UserManagerController.php | 4 ++-- ...UpdateRequest.php => UserManagerPromoteRequest.php} | 2 +- resources/js/services/userService.js | 6 +++--- resources/js/views/admin/users/Manage.vue | 2 +- routes/api/v1.php | 3 ++- tests/Api/v1/Controllers/UserManagerControllerTest.php | 10 +++++----- 6 files changed, 14 insertions(+), 13 deletions(-) rename app/Api/v1/Requests/{UserManagerUpdateRequest.php => UserManagerPromoteRequest.php} (91%) diff --git a/app/Api/v1/Controllers/UserManagerController.php b/app/Api/v1/Controllers/UserManagerController.php index 9d237189..e45d1c93 100644 --- a/app/Api/v1/Controllers/UserManagerController.php +++ b/app/Api/v1/Controllers/UserManagerController.php @@ -3,7 +3,7 @@ namespace App\Api\v1\Controllers; use App\Api\v1\Requests\UserManagerStoreRequest; -use App\Api\v1\Requests\UserManagerUpdateRequest; +use App\Api\v1\Requests\UserManagerPromoteRequest; use App\Api\v1\Resources\UserManagerResource; use App\Http\Controllers\Controller; use App\Models\User; @@ -177,7 +177,7 @@ class UserManagerController extends Controller * * @return \App\Api\v1\Resources\UserManagerResource */ - public function update(UserManagerUpdateRequest $request, User $user) + public function promote(UserManagerPromoteRequest $request, User $user) { $user->promoteToAdministrator($request->validated('is_admin')); $user->save(); diff --git a/app/Api/v1/Requests/UserManagerUpdateRequest.php b/app/Api/v1/Requests/UserManagerPromoteRequest.php similarity index 91% rename from app/Api/v1/Requests/UserManagerUpdateRequest.php rename to app/Api/v1/Requests/UserManagerPromoteRequest.php index a333e5bf..4e0117e6 100644 --- a/app/Api/v1/Requests/UserManagerUpdateRequest.php +++ b/app/Api/v1/Requests/UserManagerPromoteRequest.php @@ -5,7 +5,7 @@ namespace App\Api\v1\Requests; use Illuminate\Foundation\Http\FormRequest; use Illuminate\Support\Facades\Auth; -class UserManagerUpdateRequest extends FormRequest +class UserManagerPromoteRequest extends FormRequest { /** * Determine if the user is authorized to make this request. diff --git a/resources/js/services/userService.js b/resources/js/services/userService.js index fe60fac3..55078345 100644 --- a/resources/js/services/userService.js +++ b/resources/js/services/userService.js @@ -103,12 +103,12 @@ export default { }, /** - * Update user + * Promote or demote user from the admin role * * @returns promise */ - update(id, payload, config = {}) { - return apiClient.patch('/users/' + id, payload, { ...config }) + promote(id, payload, config = {}) { + return apiClient.patch('/users/' + id + '/promote', payload, { ...config }) }, /** diff --git a/resources/js/views/admin/users/Manage.vue b/resources/js/views/admin/users/Manage.vue index 1d4011b6..510546e8 100644 --- a/resources/js/views/admin/users/Manage.vue +++ b/resources/js/views/admin/users/Manage.vue @@ -100,7 +100,7 @@ } } - userService.update(managedUser.value.info.id, { 'is_admin': isAdmin }).then(response => { + userService.promote(managedUser.value.info.id, { 'is_admin': isAdmin }).then(response => { managedUser.value.info.is_admin = response.data.info.is_admin notify.success({ text: trans('admin.user_role_updated') }) }) diff --git a/routes/api/v1.php b/routes/api/v1.php index d56a4ad1..8b91c6df 100644 --- a/routes/api/v1.php +++ b/routes/api/v1.php @@ -61,9 +61,10 @@ Route::group(['middleware' => 'auth:api-guard'], function () { */ Route::group(['middleware' => ['auth:api-guard', 'admin']], function () { Route::patch('users/{user}/password/reset', [UserManagerController::class, 'resetPassword'])->name('users.password.reset'); + Route::patch('users/{user}/promote', [UserManagerController::class, 'promote'])->name('users.promote'); Route::delete('users/{user}/pats', [UserManagerController::class, 'revokePATs'])->name('users.revoke.pats'); Route::delete('users/{user}/credentials', [UserManagerController::class, 'revokeWebauthnCredentials'])->name('users.revoke.credentials'); - Route::apiResource('users', UserManagerController::class); + Route::apiResource('users', UserManagerController::class, ['except' => ['update']]); Route::get('settings/{settingName}', [SettingController::class, 'show'])->name('settings.show'); Route::get('settings', [SettingController::class, 'index'])->name('settings.index'); diff --git a/tests/Api/v1/Controllers/UserManagerControllerTest.php b/tests/Api/v1/Controllers/UserManagerControllerTest.php index 6a48ee2a..4c80760f 100644 --- a/tests/Api/v1/Controllers/UserManagerControllerTest.php +++ b/tests/Api/v1/Controllers/UserManagerControllerTest.php @@ -452,10 +452,10 @@ class UserManagerControllerTest extends FeatureTestCase /** * @test */ - public function test_update_changes_admin_status(): void + public function test_promote_changes_admin_status(): void { $this->actingAs($this->admin, 'api-guard') - ->json('PUT', '/api/v1/users/' . $this->user->id, [ + ->json('PATCH', '/api/v1/users/' . $this->user->id . '/promote', [ 'is_admin' => true ]) ->assertOk(); @@ -468,13 +468,13 @@ class UserManagerControllerTest extends FeatureTestCase /** * @test */ - public function test_update_returns_UserManagerResource(): void + public function test_promote_returns_UserManagerResource(): void { - $path = '/api/v1/users/' . $this->user->id; + $path = '/api/v1/users/' . $this->user->id . '/promote'; $request = Request::create($path, 'PUT'); $response = $this->actingAs($this->admin, 'api-guard') - ->json('PUT', $path, [ + ->json('PATCH', $path, [ 'is_admin' => true ]);