177 lines
5.5 KiB
PHP
177 lines
5.5 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Controllers;
|
|
|
|
use App\Models\Restaurante;
|
|
use App\Models\Usuario;
|
|
use App\Services\Auth0Service;
|
|
use Illuminate\Http\JsonResponse;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Validation\Rule;
|
|
use Illuminate\Validation\ValidationException;
|
|
use Ramsey\Uuid\Uuid;
|
|
|
|
class UsuariosController extends Controller {
|
|
|
|
/**
|
|
* Obtiene todos los usuarios registrados en el backend
|
|
* @return JsonResponse
|
|
*/
|
|
public function all() {
|
|
$usuarios = Usuario::all();
|
|
return response()->json(['usuarios' => $usuarios]);
|
|
}
|
|
|
|
/**
|
|
* Obtiene un usuario por su id, siendo el id de auth0 o el id de la base de datos
|
|
* @param $id
|
|
* @return JsonResponse
|
|
*/
|
|
public function get($id) {
|
|
$usuario = Usuario::findByIdOrAuth0Id($id);
|
|
|
|
if (!$usuario) {
|
|
return response()->json([
|
|
'error' => 'not_found',
|
|
'message' => 'El usuario con id ' . $id . ' no existe'
|
|
], 404);
|
|
}
|
|
|
|
return response()->json(['usuario' => $usuario]);
|
|
}
|
|
|
|
/**
|
|
* Crea un nuevo usuario localmente y en auth0
|
|
* @throws ValidationException
|
|
*/
|
|
public function create(Request $request) {
|
|
$this->validate($request, [
|
|
'nombre' => 'required',
|
|
'email' => 'required|email',
|
|
'username' => 'required',
|
|
'password' => 'required',
|
|
'roles' => 'required|array',
|
|
'roles.*' => ['required', Rule::in(['admin', 'mesero', 'recaudador', 'productor'])],
|
|
'restaurant' => 'required|exists:restaurantes,id',
|
|
]);
|
|
|
|
/** @var Usuario $logged_user */
|
|
$logged_user = $request->user;
|
|
|
|
$restaurant = Restaurante::find($request->input('restaurant'));
|
|
|
|
if (!$logged_user->canManageUsers()) {
|
|
return response()->json([
|
|
'error' => 'not_allowed',
|
|
'message' => 'El usuario no tiene permisos para crear usuarios'
|
|
], 403);
|
|
}
|
|
|
|
if (!$logged_user->hasPermissionsOnRestaurant($restaurant)) {
|
|
return response()->json([
|
|
'error' => 'not_allowed',
|
|
'message' => 'El usuario no puede crear un usuario en un restaurant al que no pertenece'
|
|
], 403);
|
|
}
|
|
|
|
$auth0 = app(Auth0Service::class);
|
|
$auth0User = $auth0->createUser(
|
|
email: $request->input('email'),
|
|
username: $request->input('username'),
|
|
password: $request->input('password'),
|
|
metadata: [
|
|
'roles' => $request->input('roles'),
|
|
'restaurantes' => [$restaurant],
|
|
]
|
|
);
|
|
|
|
if (array_key_exists('error', $auth0User)) {
|
|
return response()->json([
|
|
'error' => $auth0User['errorCode'],
|
|
'message' => $auth0User['message'],
|
|
], $auth0User['statusCode']);
|
|
}
|
|
|
|
$usuario = $restaurant->usuarios()->create([
|
|
'id' => Uuid::uuid4(),
|
|
'auth0_id' => $auth0User['identities'][0]['provider'] . '|' . $auth0User['identities'][0]['user_id'],
|
|
'nombre' => $request->input('nombre')
|
|
]);
|
|
|
|
return response()->json(["usuario" => $usuario]);
|
|
}
|
|
|
|
/**
|
|
* Actualiza un usuario, dado su id o auth0_id
|
|
* @param Request $request
|
|
* @param $id
|
|
* @return JsonResponse
|
|
* @throws ValidationException
|
|
*/
|
|
public function update(Request $request, $id) {
|
|
$this->validate($request, [
|
|
'nombre' => 'sometimes',
|
|
'email' => 'sometimes|email',
|
|
'username' => 'sometimes',
|
|
'password' => 'sometimes',
|
|
'roles' => 'sometimes|array',
|
|
'roles.*' => ['sometimes', Rule::in(['admin', 'mesero', 'recaudador', 'productor'])],
|
|
]);
|
|
|
|
/** @var Usuario $logged_user */
|
|
$logged_user = $request->user;
|
|
$usuario = Usuario::findByIdOrAuth0Id($id);
|
|
|
|
if (!$usuario) {
|
|
return response()->json([
|
|
'error' => 'not_found',
|
|
'message' => 'El usuario con id ' . $id . ' no existe'
|
|
], 404);
|
|
}
|
|
|
|
if (!$logged_user->canManageUsers()) {
|
|
return response()->json([
|
|
'error' => 'not_allowed',
|
|
'message' => 'El usuario no tiene permisos para modificar usuarios'
|
|
], 403);
|
|
}
|
|
|
|
if (!$logged_user->hasPermissionsOverUser($usuario)) {
|
|
return response()->json([
|
|
'error' => 'not_allowed',
|
|
'message' => 'El usuario no tiene permisos para modificar a este usuario'
|
|
], 403);
|
|
}
|
|
|
|
|
|
$metadata = [];
|
|
if ($request->input('roles')) $metadata['roles'] = $request->input('roles');
|
|
|
|
$auth0 = app(Auth0Service::class);
|
|
$auth0User = $auth0->updateUser(
|
|
auth0_id: $usuario->auth0_id,
|
|
email: $request->input('email'),
|
|
username: $request->input('username'),
|
|
password: $request->input('password'),
|
|
metadata: $metadata
|
|
);
|
|
|
|
if (array_key_exists('error', $auth0User)) {
|
|
return response()->json([
|
|
'error' => $auth0User['errorCode'],
|
|
'message' => $auth0User['message'],
|
|
], $auth0User['statusCode']);
|
|
}
|
|
|
|
if ($request->input('nombre')) $usuario->nombre = $request->input('nombre');
|
|
$usuario->save();
|
|
|
|
return response()->json(["usuario" => $usuario]);
|
|
}
|
|
|
|
public function delete(Request $request) {
|
|
|
|
}
|
|
|
|
}
|