Merge branch 'main' of gitlab.com:treasure-hunt4/treasure-api
This commit is contained in:
commit
fde3562efc
|
|
@ -79,8 +79,6 @@ public function register(RegisterRequest $request): JsonResponse
|
|||
'message' => __('auth.logout_success'),
|
||||
]);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Determine the token name to use for the access token.
|
||||
*
|
||||
|
|
@ -92,4 +90,19 @@ public function register(RegisterRequest $request): JsonResponse
|
|||
|
||||
return $deviceName !== '' ? $deviceName : 'api-token';
|
||||
}
|
||||
|
||||
public function softDelete(Request $request): JsonResponse
|
||||
{
|
||||
$user = $request->user(); // ou $request->user('sanctum')
|
||||
|
||||
if (!$user) {
|
||||
return response()->json(['message' => 'Unauthenticated.'], 401);
|
||||
}
|
||||
|
||||
$user->delete(); // <= Soft delete si SoftDeletes est activé
|
||||
|
||||
return response()->json([
|
||||
'message' => __('auth.soft_delete_success'),
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ use App\Models\User;
|
|||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Hash;
|
||||
use App\Http\Requests\Auth\UpdatePasswordRequest;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
|
||||
class UsersController extends Controller
|
||||
{
|
||||
|
|
@ -96,4 +97,19 @@ class UsersController extends Controller
|
|||
'message' => 'Password updated successfully',
|
||||
]);
|
||||
}
|
||||
|
||||
public function softDeleteById(Request $request, User $user): JsonResponse
|
||||
{
|
||||
if ($user->trashed()) {
|
||||
return response()->json([
|
||||
'message' => 'User already soft deleted.',
|
||||
], 409);
|
||||
}
|
||||
|
||||
$user->delete();
|
||||
|
||||
return response()->json([
|
||||
'message' => __('auth.soft_delete_success'),
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,30 @@
|
|||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
|
||||
class EnsureUserIsAdmin
|
||||
{
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*
|
||||
* @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next
|
||||
*/
|
||||
public function handle(Request $request, Closure $next): Response
|
||||
{
|
||||
/** @var \App\Models\User $user */
|
||||
$user = $request->user();
|
||||
|
||||
if (
|
||||
!$user ||
|
||||
($user->role !== \App\Enums\UserRole::ADMIN)
|
||||
) {
|
||||
abort(403, 'Unauthorized action.');
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
|
|
@ -9,18 +9,23 @@ use Illuminate\Support\Facades\Route;
|
|||
use App\Http\Controllers\HuntsController;
|
||||
use App\Http\Controllers\HuntStepsController;
|
||||
use App\Http\Controllers\UsersController;
|
||||
use App\Http\Middleware\EnsureUserIsAdmin;
|
||||
use App\Http\Middleware\EnsureUserIsOrga;
|
||||
|
||||
Route::prefix('auth')->group(function (): void {
|
||||
Route::post('register', [AuthController::class, 'register']);
|
||||
Route::post('login', [AuthController::class, 'login']);
|
||||
|
||||
// Route::get('{provider}/redirect', [ProviderRedirectController::class, 'redirect']);
|
||||
// Route::get('{provider}/callback', [ProviderCallbackController::class, 'callback']);
|
||||
});
|
||||
|
||||
// List hunts
|
||||
|
||||
//Ensure is Admin
|
||||
Route::middleware(['auth:sanctum', EnsureUserIsAdmin::class])->group(function () {
|
||||
Route::post('users/{user}/delete', [UsersController::class, 'softDeleteById'])->withTrashed();
|
||||
});
|
||||
|
||||
// Ensure is Orga
|
||||
Route::middleware(['auth:sanctum', EnsureUserIsOrga::class])->group(function () {
|
||||
Route::post('hunts', [HuntsController::class, 'store']);
|
||||
|
|
@ -33,6 +38,8 @@ Route::middleware(['auth:sanctum', EnsureUserIsOrga::class])->group(function ()
|
|||
Route::middleware('auth:sanctum')->group(function (): void {
|
||||
Route::get('hunts', [HuntsController::class, 'index']);
|
||||
Route::get('hunts/{hunt}', [HuntsController::class, 'show']);
|
||||
//Auth
|
||||
Route::post('auth/delete', [AuthController::class, 'softDelete']);
|
||||
// User
|
||||
Route::get('users/leaderboard', [UsersController::class, 'leaderboard']);
|
||||
Route::put('users/update/username', [UsersController::class, 'updateUsername']);
|
||||
|
|
|
|||
Loading…
Reference in New Issue