selfhosted
/
2FAuth
mirror of https://github.com/Bubka/2FAuth.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Replace PUT by PATCH to promote admin permissions

This commit is contained in:
Bubka 2024-03-14 15:09:05 +01:00
parent e956959f69
commit 86e7601328
6 changed files with 14 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Api/v1/Controllers/UserManagerController.php
View File

@ -3,7 +3,7 @@
namespace App\Api\v1\Controllers; namespace App\Api\v1\Controllers;
use App\Api\v1\Requests\UserManagerStoreRequest; use App\Api\v1\Requests\UserManagerStoreRequest;
use App\Api\v1\Requests\UserManagerUpdateRequest; use App\Api\v1\Requests\UserManagerPromoteRequest;
use App\Api\v1\Resources\UserManagerResource; use App\Api\v1\Resources\UserManagerResource;
use App\Http\Controllers\Controller; use App\Http\Controllers\Controller;
use App\Models\User; use App\Models\User;
@ -177,7 +177,7 @@ class UserManagerController extends Controller
* *
* @return \App\Api\v1\Resources\UserManagerResource * @return \App\Api\v1\Resources\UserManagerResource
*/ */
public function update(UserManagerUpdateRequest $request, User $user) public function promote(UserManagerPromoteRequest $request, User $user)
{ {
$user->promoteToAdministrator($request->validated('is_admin')); $user->promoteToAdministrator($request->validated('is_admin'));
$user->save(); $user->save();

2
app/Api/v1/Requests/UserManagerUpdateRequest.php → app/Api/v1/Requests/UserManagerPromoteRequest.php
View File

@ -5,7 +5,7 @@ namespace App\Api\v1\Requests;
use Illuminate\Foundation\Http\FormRequest; use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Auth;
class UserManagerUpdateRequest extends FormRequest class UserManagerPromoteRequest extends FormRequest
{ {
/** /**
* Determine if the user is authorized to make this request. * Determine if the user is authorized to make this request.

6
resources/js/services/userService.js vendored
View File

@ -103,12 +103,12 @@ export default {
}, },
/** /**
* Update user * Promote or demote user from the admin role
* *
* @returns promise * @returns promise
*/ */
update(id, payload, config = {}) { promote(id, payload, config = {}) {
return apiClient.patch('/users/' + id, payload, { ...config }) return apiClient.patch('/users/' + id + '/promote', payload, { ...config })
}, },
/** /**

2
resources/js/views/admin/users/Manage.vue
View File

@ -100,7 +100,7 @@
} }
} }
userService.update(managedUser.value.info.id, { 'is_admin': isAdmin }).then(response => { userService.promote(managedUser.value.info.id, { 'is_admin': isAdmin }).then(response => {
managedUser.value.info.is_admin = response.data.info.is_admin managedUser.value.info.is_admin = response.data.info.is_admin
notify.success({ text: trans('admin.user_role_updated') }) notify.success({ text: trans('admin.user_role_updated') })
}) })

3
routes/api/v1.php
View File

@ -61,9 +61,10 @@ Route::group(['middleware' => 'auth:api-guard'], function () {
*/ */
Route::group(['middleware' => ['auth:api-guard', 'admin']], function () { Route::group(['middleware' => ['auth:api-guard', 'admin']], function () {
Route::patch('users/{user}/password/reset', [UserManagerController::class, 'resetPassword'])->name('users.password.reset'); Route::patch('users/{user}/password/reset', [UserManagerController::class, 'resetPassword'])->name('users.password.reset');
Route::patch('users/{user}/promote', [UserManagerController::class, 'promote'])->name('users.promote');
Route::delete('users/{user}/pats', [UserManagerController::class, 'revokePATs'])->name('users.revoke.pats'); Route::delete('users/{user}/pats', [UserManagerController::class, 'revokePATs'])->name('users.revoke.pats');
Route::delete('users/{user}/credentials', [UserManagerController::class, 'revokeWebauthnCredentials'])->name('users.revoke.credentials'); Route::delete('users/{user}/credentials', [UserManagerController::class, 'revokeWebauthnCredentials'])->name('users.revoke.credentials');
Route::apiResource('users', UserManagerController::class); Route::apiResource('users', UserManagerController::class, ['except' => ['update']]);
Route::get('settings/{settingName}', [SettingController::class, 'show'])->name('settings.show'); Route::get('settings/{settingName}', [SettingController::class, 'show'])->name('settings.show');
Route::get('settings', [SettingController::class, 'index'])->name('settings.index'); Route::get('settings', [SettingController::class, 'index'])->name('settings.index');

10
tests/Api/v1/Controllers/UserManagerControllerTest.php
View File

@ -452,10 +452,10 @@ class UserManagerControllerTest extends FeatureTestCase
/** /**
* @test * @test
*/ */
public function test_update_changes_admin_status(): void public function test_promote_changes_admin_status(): void
{ {
$this->actingAs($this->admin, 'api-guard') $this->actingAs($this->admin, 'api-guard')
->json('PUT', '/api/v1/users/' . $this->user->id, [ ->json('PATCH', '/api/v1/users/' . $this->user->id . '/promote', [
'is_admin' => true 'is_admin' => true
]) ])
->assertOk(); ->assertOk();
@ -468,13 +468,13 @@ class UserManagerControllerTest extends FeatureTestCase
/** /**
* @test * @test
*/ */
public function test_update_returns_UserManagerResource(): void public function test_promote_returns_UserManagerResource(): void
{ {
$path = '/api/v1/users/' . $this->user->id; $path = '/api/v1/users/' . $this->user->id . '/promote';
$request = Request::create($path, 'PUT'); $request = Request::create($path, 'PUT');
$response = $this->actingAs($this->admin, 'api-guard') $response = $this->actingAs($this->admin, 'api-guard')
->json('PUT', $path, [ ->json('PATCH', $path, [
'is_admin' => true 'is_admin' => true
]); ]);