Mas validaciones
This commit is contained in:
@@ -21,11 +21,7 @@ class UsuariosController extends Controller {
|
||||
* Obtiene de forma paginada los usuarios registrados en el backend
|
||||
*/
|
||||
public function all(Request $request) {
|
||||
if($request->user->isGlobalAdmin()) {
|
||||
$usuarios = Usuario::all();
|
||||
} else {
|
||||
$usuarios = Restaurante::all()->intersect($request->user->restaurantes);
|
||||
}
|
||||
$usuarios = $request->user->colegas();
|
||||
|
||||
$paginate = app(PaginatorService::class)->paginate(
|
||||
perPage: $request->input('per_page', 15),
|
||||
|
||||
30
backend/app/Http/Middleware/IsColegaMiddleware.php
Normal file
30
backend/app/Http/Middleware/IsColegaMiddleware.php
Normal file
@@ -0,0 +1,30 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
use App\Exceptions\ModelNotFoundException;
|
||||
use App\Models\Usuario;
|
||||
|
||||
class IsColegaMiddleware {
|
||||
public function handle($request, Closure $next) {
|
||||
$loged_user = $request->user;
|
||||
$user = Usuario::findOrFail($request->route('id'));
|
||||
|
||||
if(!$loged_user->isColega($user)) {
|
||||
Log::debug('El usuario intento acceder a los datos de otro usuario que no es su colega', [
|
||||
'loged_user' => $loged_user->id,
|
||||
'user' => $user->id
|
||||
]);
|
||||
throw new ModelNotFoundException('usuario', $user->id);
|
||||
} else {
|
||||
Log::debug('El usuario accedio a los datos de otro usuario que si es su colega', [
|
||||
'loged_user' => $loged_user->id,
|
||||
'user' => $user->id
|
||||
]);
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
@@ -49,6 +49,23 @@ class Usuario extends Model {
|
||||
return $this->restaurantes()->where('id', $restaurante->id)->count() > 0;
|
||||
}
|
||||
|
||||
public function isColega($usuario) {
|
||||
return $this->colegas()->contains($usuario);
|
||||
}
|
||||
|
||||
public function colegas() {
|
||||
if($this->isGlobalAdmin()) return Usuario::all();
|
||||
|
||||
$restaurantes = $this->restaurantes;
|
||||
$colegas = collect([]);
|
||||
|
||||
foreach($restaurantes as $restaurant) {
|
||||
$colegas = $colegas->merge($restaurant->usuarios);
|
||||
}
|
||||
|
||||
return $colegas->unique('id');
|
||||
}
|
||||
|
||||
public function restaurantes() {
|
||||
return $this->belongsToMany(Restaurante::class, 'usuarios_restaurantes', 'usuario_id', 'restaurante_id');
|
||||
}
|
||||
|
||||
@@ -78,7 +78,8 @@ $app->routeMiddleware([
|
||||
'auth' => App\Http\Middleware\Auth0Middleware::class,
|
||||
'log_endpoint' => App\Http\Middleware\LogEndpointHitMiddleware::class,
|
||||
'role' => App\Http\Middleware\RoleMiddleware::class,
|
||||
'in_restaurante' => App\Http\Middleware\InRestauranteMiddleware::class
|
||||
'in_restaurante' => App\Http\Middleware\InRestauranteMiddleware::class,
|
||||
'is_colega' => App\Http\Middleware\IsColegaMiddleware::class
|
||||
]);
|
||||
|
||||
$app->middleware([
|
||||
|
||||
@@ -9,13 +9,13 @@ $router->get('/', function () use ($router) {
|
||||
$router->group(['prefix' => 'api/v1', 'middleware' => ['auth', 'log_endpoint']], function () use ($router) {
|
||||
$router->group(['prefix' => '/users'], function () use ($router) {
|
||||
$router->get( '/', ['as' => 'users.all', 'uses' => 'UsuariosController@all', 'middleware' => ['role:admin|global_admin']]);
|
||||
$router->get( '/{id}', ['as' => 'users.get', 'uses' => 'UsuariosController@get', 'middleware' => ['role:admin|global_admin']]);
|
||||
$router->get( '/{id}', ['as' => 'users.get', 'uses' => 'UsuariosController@get', 'middleware' => ['role:admin|global_admin', 'is_colega']]);
|
||||
$router->post( '/', ['as' => 'users.create', 'uses' => 'UsuariosController@create', 'middleware' => ['role:admin|global_admin']]);
|
||||
$router->put( '/{id}', ['as' => 'users.update', 'uses' => 'UsuariosController@update', 'middleware' => ['role:admin|global_admin']]);
|
||||
$router->delete('/{id}', ['as' => 'users.delete', 'uses' => 'UsuariosController@delete', 'middleware' => ['role:admin|global_admin']]);
|
||||
$router->get( '/{id}/restaurantes/', ['as' => 'users.get_restaurantes', 'uses' => 'UsuariosController@getRestaurantes', 'middleware' => ['role:admin|global_admin']]);
|
||||
$router->put( '/{id}/restaurantes/{restaurant}', ['as' => 'users.add_to_restaurant', 'uses' => 'UsuariosController@addToRestaurant', 'middleware' => ['role:admin|global_admin']]);
|
||||
$router->delete('/{id}/restaurantes/{restaurant}', ['as' => 'users.remove_from_restaurant', 'uses' => 'UsuariosController@removeFromRestaurant', 'middleware' => ['role:admin|global_admin']]);
|
||||
$router->put( '/{id}', ['as' => 'users.update', 'uses' => 'UsuariosController@update', 'middleware' => ['role:admin|global_admin', 'is_colega']]);
|
||||
$router->delete('/{id}', ['as' => 'users.delete', 'uses' => 'UsuariosController@delete', 'middleware' => ['role:admin|global_admin', 'is_colega']]);
|
||||
$router->get( '/{id}/restaurantes/', ['as' => 'users.get_restaurantes', 'uses' => 'UsuariosController@getRestaurantes', 'middleware' => ['role:admin|global_admin', 'is_colega']]);
|
||||
$router->put( '/{id}/restaurantes/{restaurant}', ['as' => 'users.add_to_restaurant', 'uses' => 'UsuariosController@addToRestaurant', 'middleware' => ['role:admin|global_admin', 'is_colega']]);
|
||||
$router->delete('/{id}/restaurantes/{restaurant}', ['as' => 'users.remove_from_restaurant', 'uses' => 'UsuariosController@removeFromRestaurant', 'middleware' => ['role:admin|global_admin', 'is_colega']]);
|
||||
});
|
||||
|
||||
$router->group(['prefix' => '/restaurantes'], function () use ($router) {
|
||||
|
||||
Reference in New Issue
Block a user