mirror of
https://github.com/Bubka/2FAuth.git
synced 2025-06-22 13:01:31 +02:00
Allow viewing of the All group, with matching twofaccount count
This commit is contained in:
parent
166b39beea
commit
98033bcc56
@ -60,10 +60,18 @@ class GroupController extends Controller
|
|||||||
*
|
*
|
||||||
* @return \App\Api\v1\Resources\GroupResource
|
* @return \App\Api\v1\Resources\GroupResource
|
||||||
*/
|
*/
|
||||||
public function show(Group $group)
|
public function show(Request $request, Group $group)
|
||||||
{
|
{
|
||||||
$this->authorize('view', $group);
|
$this->authorize('view', $group);
|
||||||
|
|
||||||
|
// group with id==0 is the 'All' virtual group.
|
||||||
|
// Eloquent specifically returns a non-persisted Group instance
|
||||||
|
// with just the name property. The twofaccounts_count has to be
|
||||||
|
// set here.
|
||||||
|
if ($group->id === 0) {
|
||||||
|
$group->twofaccounts_count = $request->user()->twofaccounts->count();
|
||||||
|
}
|
||||||
|
|
||||||
return new GroupResource($group);
|
return new GroupResource($group);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -108,11 +116,21 @@ class GroupController extends Controller
|
|||||||
*
|
*
|
||||||
* @return \App\Api\v1\Resources\TwoFAccountCollection
|
* @return \App\Api\v1\Resources\TwoFAccountCollection
|
||||||
*/
|
*/
|
||||||
public function accounts(Group $group)
|
public function accounts(Request $request, Group $group)
|
||||||
{
|
{
|
||||||
$this->authorize('view', $group);
|
$this->authorize('view', $group);
|
||||||
|
|
||||||
return new TwoFAccountCollection($group->twofaccounts);
|
// group with id==0 is the 'All' virtual group that lists
|
||||||
|
// all the user's twofaccounts. From the db pov the accounts
|
||||||
|
// are not assigned to any group record.
|
||||||
|
if ($group->id === 0) {
|
||||||
|
$twofaccounts = $request->user()->twofaccounts;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$twofaccounts = $group->twofaccounts;
|
||||||
|
}
|
||||||
|
|
||||||
|
return new TwoFAccountCollection($twofaccounts);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -28,7 +28,7 @@ class GroupPolicy
|
|||||||
*/
|
*/
|
||||||
public function view(User $user, Group $group)
|
public function view(User $user, Group $group)
|
||||||
{
|
{
|
||||||
$can = $this->isOwnerOf($user, $group);
|
$can = $this->isOwnerOf($user, $group) || $group->id === 0;
|
||||||
|
|
||||||
if (! $can) {
|
if (! $can) {
|
||||||
Log::notice(sprintf('User ID #%s cannot view group %s (ID #%s)', $user->id, var_export($group->name, true), $group->id));
|
Log::notice(sprintf('User ID #%s cannot view group %s (ID #%s)', $user->id, var_export($group->name, true), $group->id));
|
||||||
|
Loading…
x
Reference in New Issue
Block a user