Control & Promote administrator status via a method rather than a prop

2024-01-26 18:14:02 +01:00 · 2024-01-26 18:14:02 +01:00 · 8b397750e8
parent d96c943927
commit 8b397750e8
8 changed files with 43 additions and 12 deletions
--- a/app/Extensions/RemoteUserProvider.php
+++ b/app/Extensions/RemoteUserProvider.php
@ -63,7 +63,7 @@ class RemoteUserProvider implements UserProvider
            Log::info(sprintf('Remote user %s created with email address %s', var_export($user->name, true), var_export($user->email, true)));

            if (User::count() === 1) {
-                $user->is_admin = true;
+                $user->promoteToAdministrator();
                $user->save();
            }
        } else {
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@ -107,16 +107,21 @@ class LoginController extends Controller
    {
        $this->clearLoginAttempts($request);

-        $name = $this->guard()->user()?->name;
+        /**
+         * @var \App\Models\User|null
+         */
+        $user = $this->guard()->user();
+        $name = $user?->name;

        $this->authenticated($request, $this->guard()->user());

        return response()->json([
            'message'     => 'authenticated',
+            'id'          => $user->id,
            'name'        => $name,
-            'email'       => $this->guard()->user()->email,
-            'preferences' => $this->guard()->user()->preferences,
-            'is_admin'    => $this->guard()->user()->is_admin,
+            'email'       => $user->email,
+            'preferences' => $user->preferences,
+            'is_admin'    => $user->isAdministrator(),
        ], Response::HTTP_OK);
    }

--- a/app/Http/Controllers/Auth/RegisterController.php
+++ b/app/Http/Controllers/Auth/RegisterController.php
@ -43,13 +43,17 @@ class RegisterController extends Controller
        event(new Registered($user = $this->create($validated)));

        $this->guard()->login($user);
+        /**
+         * @var \App\Models\User|null
+         */
+        $user = $this->guard()->user();

        return response()->json([
            'message'     => 'account created',
            'name'        => $user->name,
            'email'       => $user->email,
-            'preferences' => $this->guard()->user()->preferences,
-            'is_admin'    => $this->guard()->user()->is_admin,
+            'preferences' => $user->preferences,
+            'is_admin'    => $user->isAdministrator(),
        ], 201);
    }

@ -69,7 +73,7 @@ class RegisterController extends Controller
        Log::info(sprintf('User ID #%s created', $user->id));

        if (User::count() == 1) {
-            $user->is_admin = true;
+            $user->promoteToAdministrator();
            $user->save();
            Log::notice(sprintf('User ID #%s set as administrator', $user->id));
        }
--- a/app/Http/Controllers/Auth/SocialiteController.php
+++ b/app/Http/Controllers/Auth/SocialiteController.php
@ -56,7 +56,7 @@ class SocialiteController extends Controller
            if (User::where('email', $socialiteEmail)->exists()) {
                return redirect('/error?err=sso_email_already_used');
            } elseif (User::count() === 0) {
-                $user->is_admin = true;
+                $user->promoteToAdministrator();
            } elseif (Settings::get('disableRegistration')) {
                return redirect('/error?err=sso_no_register');
            }
--- a/app/Http/Controllers/Auth/UserController.php
+++ b/app/Http/Controllers/Auth/UserController.php
@ -59,7 +59,7 @@ class UserController extends Controller

        Log::info(sprintf('Deletion of user ID #%s requested', $user->id));

-        if ($user->is_admin && User::admins()->count() == 1) {
+        if ($user->isAdministrator() && User::admins()->count() == 1) {
            return response()->json(['message' => __('errors.cannot_delete_the_only_admin')], 400);
        }

--- a/app/Http/Controllers/SystemController.php
+++ b/app/Http/Controllers/SystemController.php
@ -45,7 +45,7 @@ class SystemController extends Controller
            $infos['common']['Trusted proxies']            = config('2fauth.config.trustedProxies') ?: 'none';

            // Admin settings
-            if ($request->user()->is_admin == true) {
+            if ($request->user()->isAdministrator()) {
                $infos['admin_settings']['useEncryption']  = Settings::get('useEncryption');
                $infos['admin_settings']['lastRadarScan']  = Carbon::parse(Settings::get('lastRadarScan'))->format('Y-m-d H:i:s');
                $infos['admin_settings']['checkForUpdate'] = Settings::get('checkForUpdate');
--- a/app/Http/Middleware/AdminOnly.php
+++ b/app/Http/Middleware/AdminOnly.php
@ -16,7 +16,7 @@ class AdminOnly
     */
    public function handle($request, Closure $next)
    {
-        if (! Auth::user()->is_admin) {
+        if (! Auth::user()->isAdministrator()) {
            throw new AuthorizationException;
        }

--- a/app/Models/User.php
+++ b/app/Models/User.php
@ -8,6 +8,7 @@ use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Foundation\Auth\User as Authenticatable;
 use Illuminate\Notifications\Notifiable;
 use Illuminate\Support\Facades\Log;
+use Illuminate\Support\Str;
 use Laragear\WebAuthn\WebAuthnAuthentication;
 use Laravel\Passport\HasApiTokens;

@ -86,6 +87,27 @@ class User extends Authenticatable implements WebAuthnAuthenticatable
        return $query->where('is_admin', true);
    }

+    /**
+     * Determine if the user is an administrator.
+     *
+     * @return boolean
+     */
+    public function isAdministrator()
+    {
+        return $this->is_admin;
+    }
+
+    /**
+     * Grant administrator permissions to the user.
+     *
+     * @param  bool  $promote  
+     * @return void
+     */
+    public function promoteToAdministrator(bool $promote = true)
+    {
+        $this->is_admin = $promote;
+    }
+
    /**
     * Send the password reset notification.
     *