YoLo Trust me, I'm an engineer!... What the f*ck did just happened here?

This commit is contained in:
Kekskurse 2019-09-25 10:54:46 +02:00
parent 5361185173
commit b5c329481b
3 changed files with 26 additions and 1 deletions

View file

@ -4,6 +4,7 @@ namespace App\Http\Controllers\API;
use App\Entity\Token; use App\Entity\Token;
use App\Exceptions\HTTPException; use App\Exceptions\HTTPException;
use App\Exceptions\NoPermissionException;
use App\Exceptions\NotLoggedInException; use App\Exceptions\NotLoggedInException;
use App\Exceptions\ResourceNotFound; use App\Exceptions\ResourceNotFound;
use App\Http\Resources\API\AppAccessDetails; use App\Http\Resources\API\AppAccessDetails;
@ -105,7 +106,7 @@ class oAuthController extends BaseController
} }
public function listAccess(Response $response) { public function listAccess(Response $response) {
if(!Auth::check()) { if(!Auth::check()) {
abort(401); throw new NotLoggedInException();
} }
$access = AppAccess::query()->where("user_id", "=", Auth::user()->id)->get(); $access = AppAccess::query()->where("user_id", "=", Auth::user()->id)->get();
@ -118,4 +119,26 @@ class oAuthController extends BaseController
return $response->withData(AppAccessDetails::collection(collect($visibleAccess))); return $response->withData(AppAccessDetails::collection(collect($visibleAccess)));
} }
public function removeAccess($id, Response $response) {
if(!Auth::check()) {
throw new NotLoggedInException();
}
$access = AppAccess::query()->where("id", "=", $id)->firstOrFail();
if($access->user_id != Auth::user()->id) {
throw new NoPermissionException();
}
if($access->getApp()->user_cant_remove_app) {
throw new NoPermissionException();
}
RefreshToken::query()->where("access_id", "=", $access->id)->delete();
\App\Models\AccessToken::query()->where("access_id", "=", $access->id)->delete();
AppCode::query()->where("access_id", "=", $access->id)->delete();
$access->delete();
return $response;
}
} }

View file

@ -16,6 +16,7 @@ class AppAccessDetails extends JsonResource
{ {
$app = $this->getApp(); $app = $this->getApp();
return [ return [
'id' => $this->id,
'app' => new App($app), 'app' => new App($app),
'status' => $this->status, 'status' => $this->status,
'created' => $this->created_at->format('Y-m-d H:i:s e'), 'created' => $this->created_at->format('Y-m-d H:i:s e'),

View file

@ -62,6 +62,7 @@ $router->group(['prefix' => 'api'], function () use ($router) {
}); });
$router->group(["prefix" => "access"], function () use ($router) { $router->group(["prefix" => "access"], function () use ($router) {
$router->get("", ["uses" => "API\oAuthController@listAccess"]); $router->get("", ["uses" => "API\oAuthController@listAccess"]);
$router->delete("/{id}", ["uses" => "API\oAuthController@removeAccess"]);
}); });
$router->group(['prefix' => 'account'], function () use ($router) { $router->group(['prefix' => 'account'], function () use ($router) {
$router->get("/", ['uses' => 'API\AccountController@getUsers']); $router->get("/", ['uses' => 'API\AccountController@getUsers']);