diff --git a/backend/app/Http/Controllers/UsuariosController.php b/backend/app/Http/Controllers/UsuariosController.php index ae50567..0131f2c 100644 --- a/backend/app/Http/Controllers/UsuariosController.php +++ b/backend/app/Http/Controllers/UsuariosController.php @@ -21,14 +21,12 @@ class UsuariosController extends Controller { * @return JsonResponse */ public function all(Request $request) { - $paginate = app(PaginatorService::class)->paginate($request->input('per_page', 15), $request->input('page', 1), Usuario::all()->count()); - $paginate['links'] = [ - 'first' => route('users.all', ['page' => 1, 'per_page' => $paginate['per_page']]), - 'prev' => $paginate['current_page'] - 1 >= 1 ? route('users.all', ['page' => $paginate['current_page'] - 1, 'per_page' => $paginate['per_page']]) : null, - 'current' => route('users.all', ['page' => $paginate['current_page'], 'per_page' => $paginate['per_page']]), - 'next' => $paginate['current_page'] + 1 <= $paginate['last_page'] ? route('users.all', ['page' => $paginate['current_page'] + 1, 'per_page' => $paginate['per_page']]) : null, - 'last' => route('users.all', ['page' => $paginate['last_page'], 'per_page' => $paginate['per_page']]), - ]; + $paginate = app(PaginatorService::class)->paginate( + perPage: $request->input('per_page', 15), + page: $request->input('page', 1), + count: Usuario::all()->count(), + route: 'users.all', + ); return response()->json([ 'pagination' => $paginate, @@ -69,23 +67,11 @@ class UsuariosController extends Controller { 'restaurant' => 'required|exists:restaurantes,id', ]); - /** @var Usuario $logged_user */ - $logged_user = $request->user; - $restaurant = Restaurante::find($request->input('restaurant')); - if (!$logged_user->canManageUsers()) { - return response()->json([ - 'error' => 'cant_manage_users', - 'message' => 'El usuario ' . $logged_user->id . ' no tiene permisos para crear usuarios' - ], 403); - } - - if (!$logged_user->hasPermissionsOnRestaurant($restaurant)) { - return response()->json([ - 'error' => 'cant_manage_user_of_another_restaurant', - 'message' => 'El usuario ' . $logged_user->id . ' no puede crear un usuario en el restaurant ' . $restaurant->id . ' porque que no pertenece a el' - ], 403); + $cantManageUsersOrRestaurant = $this->cantManageUsersOrRestaurant($request->user, $restaurant); + if ($cantManageUsersOrRestaurant) { + return $cantManageUsersOrRestaurant; } $auth0 = app(Auth0Service::class); @@ -95,7 +81,7 @@ class UsuariosController extends Controller { password: $request->input('password'), metadata: [ 'roles' => $request->input('roles'), - 'restaurantes' => [$restaurant], + 'restaurantes' => [$restaurant->id], ] ); @@ -132,8 +118,6 @@ class UsuariosController extends Controller { 'roles.*' => ['sometimes', Rule::in(['admin', 'mesero', 'recaudador', 'productor'])], ]); - /** @var Usuario $logged_user */ - $logged_user = $request->user; $usuario = Usuario::findByIdOrAuth0Id($id); if (!$usuario) { @@ -143,21 +127,11 @@ class UsuariosController extends Controller { ], 404); } - if (!$logged_user->canManageUsers()) { - return response()->json([ - 'error' => 'cant_manage_users', - 'message' => 'El usuario ' . $logged_user->id . ' no tiene permisos para modificar usuarios' - ], 403); + $cantManageUser = $this->cantManageUser($request->user, $usuario); + if ($cantManageUser) { + return $cantManageUser; } - if (!$logged_user->hasPermissionsOverUser($usuario)) { - return response()->json([ - 'error' => 'cant_manage_that_user', - 'message' => 'El usuario ' . $logged_user->id . ' no tiene permisos para modificar al usuario ' . $usuario->id - ], 403); - } - - $metadata = []; if ($request->input('roles')) $metadata['roles'] = $request->input('roles'); @@ -201,18 +175,9 @@ class UsuariosController extends Controller { ], 404); } - if (!$logged_user->canManageUsers()) { - return response()->json([ - 'error' => 'cant_manage_users', - 'message' => 'El usuario ' . $logged_user->id . ' no tiene permisos para modificar usuarios' - ], 403); - } - - if (!$logged_user->hasPermissionsOverUser($usuario)) { - return response()->json([ - 'error' => 'cant_manage_that_user', - 'message' => 'El usuario ' . $logged_user->id . ' no tiene permisos para modificar al usuario ' . $usuario->id - ], 403); + $cantManageUser = $this->cantManageUser($request->user, $usuario); + if ($cantManageUser) { + return $cantManageUser; } $auth0 = app(Auth0Service::class); @@ -257,18 +222,9 @@ class UsuariosController extends Controller { ], 404); } - if (!$logged_user->canManageUsers()) { - return response()->json([ - 'error' => 'cant_manage_users', - 'message' => 'El usuario ' . $logged_user->id . ' no tiene permisos para modificar usuarios' - ], 403); - } - - if (!$logged_user->hasPermissionsOnRestaurant($restaurant)) { - return response()->json([ - 'error' => 'cant_manage_user_of_another_restaurant', - 'message' => 'El usuario ' . $logged_user->id . ' no puede agregar un usuario al restaurant ' . $restaurant->id . ' porque que no pertenece a el' - ], 403); + $cantManageUsersOrRestaurant = $this->cantManageUsersOrRestaurant($request->user, $restaurant); + if ($cantManageUsersOrRestaurant) { + return $cantManageUsersOrRestaurant; } if ($usuario->restaurantes->contains($restaurant)) { @@ -292,10 +248,8 @@ class UsuariosController extends Controller { * @return JsonResponse */ public function removeFromRestaurant(Request $request, $id, $restaurant) { - /** @var Usuario $logged_user */ - $logged_user = $request->user; - $usuario = Usuario::findByIdOrAuth0Id($id); + if (!$usuario) { return response()->json([ 'error' => 'not_found', @@ -311,18 +265,9 @@ class UsuariosController extends Controller { ], 404); } - if (!$logged_user->canManageUsers()) { - return response()->json([ - 'error' => 'cant_manage_users', - 'message' => 'El usuario ' . $logged_user->id . ' no tiene permisos para modificar usuarios' - ], 403); - } - - if (!$logged_user->hasPermissionsOnRestaurant($restaurant)) { - return response()->json([ - 'error' => 'cant_manage_user_of_another_restaurant', - 'message' => 'El usuario ' . $logged_user->id . ' no puede agregar un usuario al restaurant ' . $restaurant->id . ' porque que no pertenece a el' - ], 403); + $cantManageUsersOrRestaurant = $this->cantManageUsersOrRestaurant($request->user, $restaurant); + if ($cantManageUsersOrRestaurant) { + return $cantManageUsersOrRestaurant; } if (!$usuario->restaurantes->contains($restaurant)) { @@ -336,4 +281,39 @@ class UsuariosController extends Controller { return response()->json($usuario->fresh(['restaurantes'])); } + + private function cantManageUsersOrRestaurant(Usuario $user, Restaurante $restaurante) { + if (!$user->canManageUsers()) { + return response()->json([ + 'error' => 'cant_manage_users', + 'message' => 'El usuario ' . $user->id . ' no tiene permisos para manipular usuarios' + ], 403); + } + + if (!$user->hasPermissionsOnRestaurant($restaurante)) { + return response()->json([ + 'error' => 'cant_manage_user_of_another_restaurant', + 'message' => 'El usuario ' . $user->id . ' no puede manipular un usuario en el restaurant ' . $restaurante->id . ' porque que no pertenece a el' + ], 403); + } + return false; + } + + private function cantManageUser(Usuario $manager, Usuario $user) { + if (!$manager->canManageUsers()) { + return response()->json([ + 'error' => 'cant_manage_users', + 'message' => 'El usuario ' . $manager->id . ' no tiene permisos para manipular usuarios' + ], 403); + } + + if (!$manager->hasPermissionsOverUser($user)) { + return response()->json([ + 'error' => 'cant_manage_that_user', + 'message' => 'El usuario ' . $manager->id . ' no tiene permisos para manipular al usuario ' . $user->id + ], 403); + } + + return false; + } } diff --git a/backend/app/Models/Restaurante.php b/backend/app/Models/Restaurante.php index edb8657..1caec93 100644 --- a/backend/app/Models/Restaurante.php +++ b/backend/app/Models/Restaurante.php @@ -8,6 +8,7 @@ use Illuminate\Database\Eloquent\SoftDeletes; /** * @method static find(mixed $restaurant) + * @property mixed id */ class Restaurante extends Model { use UuidPrimaryKey, SoftDeletes; diff --git a/backend/app/Services/PaginatorService.php b/backend/app/Services/PaginatorService.php index a6074af..b1e761c 100644 --- a/backend/app/Services/PaginatorService.php +++ b/backend/app/Services/PaginatorService.php @@ -20,9 +20,10 @@ class PaginatorService extends ServiceProvider { 'to' => "int", 'total' => "int", 'current_page' => "int", - 'last_page' => "int" + 'last_page' => "int", + 'links' => 'array' ])] - public function paginate(int $perPage, int $page, int $total) { + public function paginate(int $perPage, int $page, int $total, string $route, array $data = []) { // Se mostraran entre 1 o mas elementos por pagina $perPage = max(1, $perPage); @@ -42,6 +43,13 @@ class PaginatorService extends ServiceProvider { 'total' => $total, 'current_page' => $currentPage, 'last_page' => $lastPage, + 'links' => [ + 'first' => route($route, array_merge(['page' => 1, 'per_page' => $perPage], $data)), + 'prev' => $currentPage - 1 >= 1 ? route($route, array_merge(['page' => $currentPage - 1, 'per_page' => $perPage], $data)) : null, + 'current' => route($route, array_merge(['page' => $currentPage, 'per_page' => $perPage], $data)), + 'next' => $currentPage + 1 <= $lastPage ? route($route, array_merge(['page' => $currentPage + 1, 'per_page' => $perPage], $data)) : null, + 'last' => route($route, array_merge(['page' => $lastPage, 'per_page' => $perPage], $data)), + ] ]; } } diff --git a/backend/routes/web.php b/backend/routes/web.php index 69a92ee..c4fef8f 100644 --- a/backend/routes/web.php +++ b/backend/routes/web.php @@ -2,7 +2,18 @@ use Laravel\Lumen\Routing\Router; -function register_user_api($router) { +function registerRestaurantApi($router) { + $router->group(['prefix' => '/restaurantes'], function () use ($router) { + // Rutas del recurso + $router->get('/', ['as' => 'restaurant.all', 'uses' => 'RestaurantesController@all']); + $router->get('/{id}', ['as' => 'restaurant.get', 'uses' => 'RestaurantesController@get']); + $router->post('/', ['as' => 'restaurant.create', 'uses' => 'RestaurantesController@create']); + $router->put('/{id}', ['as' => 'restaurant.update', 'uses' => 'RestaurantesController@update']); + $router->delete('/{id}', ['as' => 'restaurant.delete', 'uses' => 'RestaurantesController@delete']); + }); +} + +function registerUserApi($router) { $router->group(['prefix' => '/users'], function () use ($router) { // Rutas del recurso $router->get('/', ['as' => 'users.all', 'uses' => 'UsuariosController@all']); @@ -24,5 +35,5 @@ $router->get('/', function () use ($router) { }); $router->group(['prefix' => 'api/v1', 'middleware' => ['auth', 'log_endpoint']], function () use ($router) { - register_user_api($router); + registerUserApi($router); });