From 98033bcc567b4305a22549829d147e3a543c3085 Mon Sep 17 00:00:00 2001 From: Bubka <858858+Bubka@users.noreply.github.com> Date: Wed, 19 Feb 2025 15:51:33 +0100 Subject: [PATCH] Allow viewing of the All group, with matching twofaccount count --- app/Api/v1/Controllers/GroupController.php | 24 +++++++++++++++++++--- app/Policies/GroupPolicy.php | 2 +- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/app/Api/v1/Controllers/GroupController.php b/app/Api/v1/Controllers/GroupController.php index 4131c6d2..b42b002a 100644 --- a/app/Api/v1/Controllers/GroupController.php +++ b/app/Api/v1/Controllers/GroupController.php @@ -60,10 +60,18 @@ class GroupController extends Controller * * @return \App\Api\v1\Resources\GroupResource */ - public function show(Group $group) + public function show(Request $request, Group $group) { $this->authorize('view', $group); + // group with id==0 is the 'All' virtual group. + // Eloquent specifically returns a non-persisted Group instance + // with just the name property. The twofaccounts_count has to be + // set here. + if ($group->id === 0) { + $group->twofaccounts_count = $request->user()->twofaccounts->count(); + } + return new GroupResource($group); } @@ -108,11 +116,21 @@ class GroupController extends Controller * * @return \App\Api\v1\Resources\TwoFAccountCollection */ - public function accounts(Group $group) + public function accounts(Request $request, Group $group) { $this->authorize('view', $group); - return new TwoFAccountCollection($group->twofaccounts); + // group with id==0 is the 'All' virtual group that lists + // all the user's twofaccounts. From the db pov the accounts + // are not assigned to any group record. + if ($group->id === 0) { + $twofaccounts = $request->user()->twofaccounts; + } + else { + $twofaccounts = $group->twofaccounts; + } + + return new TwoFAccountCollection($twofaccounts); } /** diff --git a/app/Policies/GroupPolicy.php b/app/Policies/GroupPolicy.php index 74b979ea..66f8674f 100644 --- a/app/Policies/GroupPolicy.php +++ b/app/Policies/GroupPolicy.php @@ -28,7 +28,7 @@ class GroupPolicy */ public function view(User $user, Group $group) { - $can = $this->isOwnerOf($user, $group); + $can = $this->isOwnerOf($user, $group) || $group->id === 0; if (! $can) { Log::notice(sprintf('User ID #%s cannot view group %s (ID #%s)', $user->id, var_export($group->name, true), $group->id));