From d3d81aa6c21c657faa61579384786d453ac6e1ef Mon Sep 17 00:00:00 2001 From: NathanCorberan Date: Thu, 8 Jan 2026 12:39:05 +0100 Subject: [PATCH] feat(user): SoftDelete --- app/Http/Controllers/AuthController.php | 21 +++++++++++++--- app/Http/Controllers/UsersController.php | 16 ++++++++++++ app/Http/Middleware/EnsureUserIsAdmin.php | 30 +++++++++++++++++++++++ routes/api.php | 9 ++++++- 4 files changed, 71 insertions(+), 5 deletions(-) create mode 100644 app/Http/Middleware/EnsureUserIsAdmin.php diff --git a/app/Http/Controllers/AuthController.php b/app/Http/Controllers/AuthController.php index 4958754..c7435e2 100644 --- a/app/Http/Controllers/AuthController.php +++ b/app/Http/Controllers/AuthController.php @@ -13,7 +13,7 @@ use Symfony\Component\HttpFoundation\Response; class AuthController extends Controller { -public function register(RegisterRequest $request): JsonResponse + public function register(RegisterRequest $request): JsonResponse { $data = $request->validated(); @@ -43,7 +43,7 @@ public function register(RegisterRequest $request): JsonResponse ], Response::HTTP_CREATED); } - public function login(LoginRequest $request): JsonResponse + public function login(LoginRequest $request): JsonResponse { $data = $request->validated(); @@ -79,8 +79,6 @@ public function register(RegisterRequest $request): JsonResponse 'message' => __('auth.logout_success'), ]); } - - /** * Determine the token name to use for the access token. * @@ -92,4 +90,19 @@ public function register(RegisterRequest $request): JsonResponse return $deviceName !== '' ? $deviceName : 'api-token'; } + + public function softDelete(Request $request): JsonResponse + { + $user = $request->user(); // ou $request->user('sanctum') + + if (!$user) { + return response()->json(['message' => 'Unauthenticated.'], 401); + } + + $user->delete(); // <= Soft delete si SoftDeletes est activé + + return response()->json([ + 'message' => __('auth.soft_delete_success'), + ]); + } } diff --git a/app/Http/Controllers/UsersController.php b/app/Http/Controllers/UsersController.php index a156799..eebb226 100644 --- a/app/Http/Controllers/UsersController.php +++ b/app/Http/Controllers/UsersController.php @@ -6,6 +6,7 @@ use App\Models\User; use Illuminate\Http\Request; use Illuminate\Support\Facades\Hash; use App\Http\Requests\Auth\UpdatePasswordRequest; +use Illuminate\Http\JsonResponse; class UsersController extends Controller { @@ -96,4 +97,19 @@ class UsersController extends Controller 'message' => 'Password updated successfully', ]); } + + public function softDeleteById(Request $request, User $user): JsonResponse + { + if ($user->trashed()) { + return response()->json([ + 'message' => 'User already soft deleted.', + ], 409); + } + + $user->delete(); + + return response()->json([ + 'message' => __('auth.soft_delete_success'), + ]); + } } diff --git a/app/Http/Middleware/EnsureUserIsAdmin.php b/app/Http/Middleware/EnsureUserIsAdmin.php new file mode 100644 index 0000000..9c4a7c4 --- /dev/null +++ b/app/Http/Middleware/EnsureUserIsAdmin.php @@ -0,0 +1,30 @@ +user(); + + if ( + !$user || + ($user->role !== \App\Enums\UserRole::ADMIN) + ) { + abort(403, 'Unauthorized action.'); + } + + return $next($request); + } +} diff --git a/routes/api.php b/routes/api.php index a59be22..41d2358 100644 --- a/routes/api.php +++ b/routes/api.php @@ -9,18 +9,23 @@ use Illuminate\Support\Facades\Route; use App\Http\Controllers\HuntsController; use App\Http\Controllers\HuntStepsController; use App\Http\Controllers\UsersController; +use App\Http\Middleware\EnsureUserIsAdmin; use App\Http\Middleware\EnsureUserIsOrga; Route::prefix('auth')->group(function (): void { Route::post('register', [AuthController::class, 'register']); Route::post('login', [AuthController::class, 'login']); - // Route::get('{provider}/redirect', [ProviderRedirectController::class, 'redirect']); // Route::get('{provider}/callback', [ProviderCallbackController::class, 'callback']); }); // List hunts +//Ensure is Admin +Route::middleware(['auth:sanctum', EnsureUserIsAdmin::class])->group(function () { + Route::post('users/{user}/delete', [UsersController::class, 'softDeleteById'])->withTrashed(); +}); + // Ensure is Orga Route::middleware(['auth:sanctum', EnsureUserIsOrga::class])->group(function () { Route::post('hunts', [HuntsController::class, 'store']); @@ -33,6 +38,8 @@ Route::middleware(['auth:sanctum', EnsureUserIsOrga::class])->group(function () Route::middleware('auth:sanctum')->group(function (): void { Route::get('hunts', [HuntsController::class, 'index']); Route::get('hunts/{hunt}', [HuntsController::class, 'show']); + //Auth + Route::post('auth/delete', [AuthController::class, 'softDelete']); // User Route::get('users/leaderboard', [UsersController::class, 'leaderboard']); Route::put('users/update/username', [UsersController::class, 'updateUsername']);