Replace PUT by PATCH to promote admin permissions

app/Api/v1/Controllers/UserManagerController.php

@@ -3,7 +3,7 @@
 namespace App\Api\v1\Controllers;
 
 use App\Api\v1\Requests\UserManagerStoreRequest;
-use App\Api\v1\Requests\UserManagerUpdateRequest;
+use App\Api\v1\Requests\UserManagerPromoteRequest;
 use App\Api\v1\Resources\UserManagerResource;
 use App\Http\Controllers\Controller;
 use App\Models\User;
@@ -177,7 +177,7 @@ class UserManagerController extends Controller
      *
      * @return \App\Api\v1\Resources\UserManagerResource
      */
-    public function update(UserManagerUpdateRequest $request, User $user)
+    public function promote(UserManagerPromoteRequest $request, User $user)
     {
         $user->promoteToAdministrator($request->validated('is_admin'));
         $user->save();

app/Api/v1/Requests/UserManagerPromoteRequest.php

@@ -5,7 +5,7 @@ namespace App\Api\v1\Requests;
 use Illuminate\Foundation\Http\FormRequest;
 use Illuminate\Support\Facades\Auth;
 
-class UserManagerUpdateRequest extends FormRequest
+class UserManagerPromoteRequest extends FormRequest
 {
     /**
      * Determine if the user is authorized to make this request.

resources/js/services/userService.js

@@ -103,12 +103,12 @@ export default {
     },
 
     /**
-     * Update user
+     * Promote or demote user from the admin role
      * 
      * @returns promise
      */
-    update(id, payload, config = {}) {
-        return apiClient.patch('/users/' + id, payload, { ...config })
+    promote(id, payload, config = {}) {
+        return apiClient.patch('/users/' + id + '/promote', payload, { ...config })
     },
 
     /**

resources/js/views/admin/users/Manage.vue

@@ -100,7 +100,7 @@
             }
         }
 
-        userService.update(managedUser.value.info.id, { 'is_admin': isAdmin }).then(response => {
+        userService.promote(managedUser.value.info.id, { 'is_admin': isAdmin }).then(response => {
             managedUser.value.info.is_admin = response.data.info.is_admin
             notify.success({ text: trans('admin.user_role_updated') })
         })

routes/api/v1.php

@@ -61,9 +61,10 @@ Route::group(['middleware' => 'auth:api-guard'], function () {
  */
 Route::group(['middleware' => ['auth:api-guard', 'admin']], function () {
     Route::patch('users/{user}/password/reset', [UserManagerController::class, 'resetPassword'])->name('users.password.reset');
+    Route::patch('users/{user}/promote', [UserManagerController::class, 'promote'])->name('users.promote');
     Route::delete('users/{user}/pats', [UserManagerController::class, 'revokePATs'])->name('users.revoke.pats');
     Route::delete('users/{user}/credentials', [UserManagerController::class, 'revokeWebauthnCredentials'])->name('users.revoke.credentials');
-    Route::apiResource('users', UserManagerController::class);
+    Route::apiResource('users', UserManagerController::class, ['except' => ['update']]);
 
     Route::get('settings/{settingName}', [SettingController::class, 'show'])->name('settings.show');
     Route::get('settings', [SettingController::class, 'index'])->name('settings.index');

tests/Api/v1/Controllers/UserManagerControllerTest.php

@@ -452,10 +452,10 @@ class UserManagerControllerTest extends FeatureTestCase
     /**
      * @test
      */
-    public function test_update_changes_admin_status(): void
+    public function test_promote_changes_admin_status(): void
     {
         $this->actingAs($this->admin, 'api-guard')
-            ->json('PUT', '/api/v1/users/' . $this->user->id, [
+            ->json('PATCH', '/api/v1/users/' . $this->user->id . '/promote', [
                 'is_admin' => true
             ])
             ->assertOk();
@@ -468,13 +468,13 @@ class UserManagerControllerTest extends FeatureTestCase
     /**
      * @test
      */
-    public function test_update_returns_UserManagerResource(): void
+    public function test_promote_returns_UserManagerResource(): void
     {
-        $path = '/api/v1/users/' . $this->user->id;
+        $path = '/api/v1/users/' . $this->user->id . '/promote';
         $request  = Request::create($path, 'PUT');
 
         $response = $this->actingAs($this->admin, 'api-guard')
-            ->json('PUT', $path, [
+            ->json('PATCH', $path, [
                 'is_admin' => true
             ]);