2FAuth/app/Api/v1/Controllers/SettingController.php

122 lines
3.7 KiB
PHP

<?php
namespace App\Api\v1\Controllers;
use App\Api\v1\Requests\SettingStoreRequest;
use App\Api\v1\Requests\SettingUpdateRequest;
use App\Facades\Settings;
use App\Http\Controllers\Controller;
use Illuminate\Validation\ValidationException;
class SettingController extends Controller
{
/**
* List all settings
*
* @return \Illuminate\Http\JsonResponse
*/
public function index()
{
$settings = Settings::all();
$settingsResources = collect([]);
$settings->each(function (mixed $item, string $key) use ($settingsResources) {
$settingsResources->push([
'key' => $key,
'value' => $item,
]);
});
return response()->json($settingsResources->all(), 200);
}
/**
* Display a setting
*
* @param string $settingName
* @return \Illuminate\Http\JsonResponse
*/
public function show($settingName)
{
$setting = Settings::get($settingName);
if (is_null($setting)) {
abort(404);
}
return response()->json([
'key' => $settingName,
'value' => $setting,
], 200);
}
/**
* Store a setting
*
* @return \Illuminate\Http\JsonResponse
*/
public function store(SettingStoreRequest $request)
{
$validated = $request->validated();
Settings::set($validated['key'], $validated['value']);
return response()->json([
'key' => $validated['key'],
'value' => $validated['value'],
], 201);
}
/**
* Update a setting
*
* @return \Illuminate\Http\JsonResponse
*/
public function update(SettingUpdateRequest $request, string $settingName)
{
$validated = $request->validated();
Settings::set($settingName, $validated['value']);
return response()->json([
'key' => $settingName,
'value' => $validated['value'],
], 200);
}
/**
* Delete a setting
*
* @return \Illuminate\Http\JsonResponse
*/
public function destroy(string $settingName)
{
$setting = Settings::get($settingName);
if (is_null($setting)) {
abort(404);
}
$defaultAppSettings = config('2fauth.settings');
// When deleting a setting, it may be an original or an additional one:
// - Additional settings are created by administrators to extend 2FAuth, they are not registered in the laravel config object.
// They are not nullable so empty string is not allowed.They only exist in the Options table, so it is possible to delete them.
// - Original settings are part of 2FAuth, they are registered in the laravel config object with their default value.
// When set by an admin, their custom value is stored in the Options table too. Deleting a custom value in the Options table from here
// won't delete the setting at all, so we reject all requests that ask for.
// But there is an exception with the restrictRule and restrictList settings:
// Unlike other settings, these two have to support empty strings. Because the Options table does not allow empty strings,
// the only way to set them like so is to restore their original value, an empty string.
if (array_key_exists($settingName, $defaultAppSettings) && $defaultAppSettings[$settingName] !== '') {
return response()->json(
['message' => 'bad request',
'reason' => [__('errors.delete_user_setting_only')],
], 400);
}
Settings::delete($settingName);
return response()->json(null, 204);
}
}