mirror of
https://github.com/Bubka/2FAuth.git
synced 2024-11-26 10:15:40 +01:00
Replace PUT by PATCH to promote admin permissions
This commit is contained in:
parent
e956959f69
commit
86e7601328
@ -3,7 +3,7 @@
|
||||
namespace App\Api\v1\Controllers;
|
||||
|
||||
use App\Api\v1\Requests\UserManagerStoreRequest;
|
||||
use App\Api\v1\Requests\UserManagerUpdateRequest;
|
||||
use App\Api\v1\Requests\UserManagerPromoteRequest;
|
||||
use App\Api\v1\Resources\UserManagerResource;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Models\User;
|
||||
@ -177,7 +177,7 @@ public function destroy(Request $request, User $user)
|
||||
*
|
||||
* @return \App\Api\v1\Resources\UserManagerResource
|
||||
*/
|
||||
public function update(UserManagerUpdateRequest $request, User $user)
|
||||
public function promote(UserManagerPromoteRequest $request, User $user)
|
||||
{
|
||||
$user->promoteToAdministrator($request->validated('is_admin'));
|
||||
$user->save();
|
||||
|
@ -5,7 +5,7 @@
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
|
||||
class UserManagerUpdateRequest extends FormRequest
|
||||
class UserManagerPromoteRequest extends FormRequest
|
||||
{
|
||||
/**
|
||||
* Determine if the user is authorized to make this request.
|
6
resources/js/services/userService.js
vendored
6
resources/js/services/userService.js
vendored
@ -103,12 +103,12 @@ export default {
|
||||
},
|
||||
|
||||
/**
|
||||
* Update user
|
||||
* Promote or demote user from the admin role
|
||||
*
|
||||
* @returns promise
|
||||
*/
|
||||
update(id, payload, config = {}) {
|
||||
return apiClient.patch('/users/' + id, payload, { ...config })
|
||||
promote(id, payload, config = {}) {
|
||||
return apiClient.patch('/users/' + id + '/promote', payload, { ...config })
|
||||
},
|
||||
|
||||
/**
|
||||
|
@ -100,7 +100,7 @@
|
||||
}
|
||||
}
|
||||
|
||||
userService.update(managedUser.value.info.id, { 'is_admin': isAdmin }).then(response => {
|
||||
userService.promote(managedUser.value.info.id, { 'is_admin': isAdmin }).then(response => {
|
||||
managedUser.value.info.is_admin = response.data.info.is_admin
|
||||
notify.success({ text: trans('admin.user_role_updated') })
|
||||
})
|
||||
|
@ -61,9 +61,10 @@
|
||||
*/
|
||||
Route::group(['middleware' => ['auth:api-guard', 'admin']], function () {
|
||||
Route::patch('users/{user}/password/reset', [UserManagerController::class, 'resetPassword'])->name('users.password.reset');
|
||||
Route::patch('users/{user}/promote', [UserManagerController::class, 'promote'])->name('users.promote');
|
||||
Route::delete('users/{user}/pats', [UserManagerController::class, 'revokePATs'])->name('users.revoke.pats');
|
||||
Route::delete('users/{user}/credentials', [UserManagerController::class, 'revokeWebauthnCredentials'])->name('users.revoke.credentials');
|
||||
Route::apiResource('users', UserManagerController::class);
|
||||
Route::apiResource('users', UserManagerController::class, ['except' => ['update']]);
|
||||
|
||||
Route::get('settings/{settingName}', [SettingController::class, 'show'])->name('settings.show');
|
||||
Route::get('settings', [SettingController::class, 'index'])->name('settings.index');
|
||||
|
@ -452,10 +452,10 @@ public function test_destroy_the_only_admin_returns_forbidden()
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public function test_update_changes_admin_status(): void
|
||||
public function test_promote_changes_admin_status(): void
|
||||
{
|
||||
$this->actingAs($this->admin, 'api-guard')
|
||||
->json('PUT', '/api/v1/users/' . $this->user->id, [
|
||||
->json('PATCH', '/api/v1/users/' . $this->user->id . '/promote', [
|
||||
'is_admin' => true
|
||||
])
|
||||
->assertOk();
|
||||
@ -468,13 +468,13 @@ public function test_update_changes_admin_status(): void
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public function test_update_returns_UserManagerResource(): void
|
||||
public function test_promote_returns_UserManagerResource(): void
|
||||
{
|
||||
$path = '/api/v1/users/' . $this->user->id;
|
||||
$path = '/api/v1/users/' . $this->user->id . '/promote';
|
||||
$request = Request::create($path, 'PUT');
|
||||
|
||||
$response = $this->actingAs($this->admin, 'api-guard')
|
||||
->json('PUT', $path, [
|
||||
->json('PATCH', $path, [
|
||||
'is_admin' => true
|
||||
]);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user