Replace PUT by PATCH to promote admin permissions

This commit is contained in:
Bubka 2024-03-14 15:09:05 +01:00
parent e956959f69
commit 86e7601328
6 changed files with 14 additions and 13 deletions

View File

@ -3,7 +3,7 @@
namespace App\Api\v1\Controllers;
use App\Api\v1\Requests\UserManagerStoreRequest;
use App\Api\v1\Requests\UserManagerUpdateRequest;
use App\Api\v1\Requests\UserManagerPromoteRequest;
use App\Api\v1\Resources\UserManagerResource;
use App\Http\Controllers\Controller;
use App\Models\User;
@ -177,7 +177,7 @@ public function destroy(Request $request, User $user)
*
* @return \App\Api\v1\Resources\UserManagerResource
*/
public function update(UserManagerUpdateRequest $request, User $user)
public function promote(UserManagerPromoteRequest $request, User $user)
{
$user->promoteToAdministrator($request->validated('is_admin'));
$user->save();

View File

@ -5,7 +5,7 @@
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Support\Facades\Auth;
class UserManagerUpdateRequest extends FormRequest
class UserManagerPromoteRequest extends FormRequest
{
/**
* Determine if the user is authorized to make this request.

View File

@ -103,12 +103,12 @@ export default {
},
/**
* Update user
* Promote or demote user from the admin role
*
* @returns promise
*/
update(id, payload, config = {}) {
return apiClient.patch('/users/' + id, payload, { ...config })
promote(id, payload, config = {}) {
return apiClient.patch('/users/' + id + '/promote', payload, { ...config })
},
/**

View File

@ -100,7 +100,7 @@
}
}
userService.update(managedUser.value.info.id, { 'is_admin': isAdmin }).then(response => {
userService.promote(managedUser.value.info.id, { 'is_admin': isAdmin }).then(response => {
managedUser.value.info.is_admin = response.data.info.is_admin
notify.success({ text: trans('admin.user_role_updated') })
})

View File

@ -61,9 +61,10 @@
*/
Route::group(['middleware' => ['auth:api-guard', 'admin']], function () {
Route::patch('users/{user}/password/reset', [UserManagerController::class, 'resetPassword'])->name('users.password.reset');
Route::patch('users/{user}/promote', [UserManagerController::class, 'promote'])->name('users.promote');
Route::delete('users/{user}/pats', [UserManagerController::class, 'revokePATs'])->name('users.revoke.pats');
Route::delete('users/{user}/credentials', [UserManagerController::class, 'revokeWebauthnCredentials'])->name('users.revoke.credentials');
Route::apiResource('users', UserManagerController::class);
Route::apiResource('users', UserManagerController::class, ['except' => ['update']]);
Route::get('settings/{settingName}', [SettingController::class, 'show'])->name('settings.show');
Route::get('settings', [SettingController::class, 'index'])->name('settings.index');

View File

@ -452,10 +452,10 @@ public function test_destroy_the_only_admin_returns_forbidden()
/**
* @test
*/
public function test_update_changes_admin_status(): void
public function test_promote_changes_admin_status(): void
{
$this->actingAs($this->admin, 'api-guard')
->json('PUT', '/api/v1/users/' . $this->user->id, [
->json('PATCH', '/api/v1/users/' . $this->user->id . '/promote', [
'is_admin' => true
])
->assertOk();
@ -468,13 +468,13 @@ public function test_update_changes_admin_status(): void
/**
* @test
*/
public function test_update_returns_UserManagerResource(): void
public function test_promote_returns_UserManagerResource(): void
{
$path = '/api/v1/users/' . $this->user->id;
$path = '/api/v1/users/' . $this->user->id . '/promote';
$request = Request::create($path, 'PUT');
$response = $this->actingAs($this->admin, 'api-guard')
->json('PUT', $path, [
->json('PATCH', $path, [
'is_admin' => true
]);