Inheritance: extends Menu
Authorizer Class Documentation
Exemple #1
0
 public function handle($request, Closure $next)
 {
     $userId = \Authorizer::getResourceOwnerId();
     $projectId = $request->project;
     return $this->repository->isOwner($projectId, $userId) == false;
     return $next($request);
 }
Exemple #2
0
 public function index(Request $request)
 {
     if ($request->query->get('project_type', 'owner') == 'owner') {
         return $this->repository->findOwner(\Authorizer::getResourceOwnerId(), $request->query->get('limit'));
     }
     return $this->repository->findMember(\Authorizer::getResourceOwnerId(), $request->query->get('limit'));
 }
Exemple #3
0
 /**
  * Display a listing of the resource.
  *
  * @return Response
  */
 public function index()
 {
     return $this->repository->findWhere(['owner_id' => \Authorizer::getResourceOwnerId()]);
     //return $this->repository->findWithOwnerAndMember(Authorizer::getResourceOwnerId());
     //return $this->repository->all();
     //return $this->repository->with(['client', 'user'])->all();
 }
Exemple #4
0
 public function handle($request, Closure $next)
 {
     $userId = \Authorizer::getResourceOwnerId();
     $projectId = $request->project;
     if ($this->repository->isOwner($id, $userId) == false) {
         return ['error' => 'Access forbidden'];
     }
 }
Exemple #5
0
 /**
  * Retorna o user logado no OAuth
  * @return int
  * @throws \Exception
  */
 protected function getAuthUserId()
 {
     $userId = \Authorizer::getResourceOwnerId();
     if (is_null($userId)) {
         $this->failedAuthorization();
     }
     return $userId;
 }
Exemple #6
0
 public function all($limit = null)
 {
     try {
         return $this->repository->setPresenter($this->presenter)->findWithOwnerAndMember(\Authorizer::getResourceOwnerId(), $limit);
     } catch (\Exception $e) {
         return ["error" => true, "message" => 'Nenhum registro encontrado.', "messageDev" => $e->getMessage()];
     }
 }
Exemple #7
0
 /**
  * Display a listing of the resource.
  *
  * @return Response
  */
 public function index(Request $request)
 {
     //return $this->repository->findWhere(['owner_id' => \Authorizer::getResourceOwnerId()]);
     //return $this->repository->findWithOwnerAndMember(\Authorizer::getResourceOwnerId());
     return $this->repository->findOwner(\Authorizer::getResourceOwnerId(), $request->query->get('limit'));
     //return $this->repository->all();
     //return $this->repository->with(['client', 'user'])->all();
 }
Exemple #8
0
 /**
  * Handle an incoming request.
  *
  * @param  \Illuminate\Http\Request $request
  * @param  \Closure $next
  * @return mixed
  */
 public function handle($request, Closure $next)
 {
     $userId = \Authorizer::getResourceOwnerId();
     $projectId = $request->projects;
     if ($this->repository->isOwner($projectId, $userId) == false) {
         return ['error' => 'Access denied! You must be the project owner to access this resource'];
     }
     return $next($request);
 }
Exemple #9
0
 /**
  * Handle an incoming request.
  *
  * @param  \Illuminate\Http\Request  $request
  * @param  \Closure  $next
  * @return mixed
  */
 public function handle($request, Closure $next)
 {
     $userId = \Authorizer::getResourceOwnerId();
     $projectId = $request->project;
     if ($this->repository->isOwner($projectId, $userId) == false) {
         return ['error' => "Acesso negado"];
     }
     return $next($request);
 }
Exemple #10
0
 public function store(Requests\CheckoutRequest $request)
 {
     $data = $request->all();
     $id = \Authorizer::getResourceOwnerId();
     $clientId = $this->userRepository->find($id)->client->id;
     $data['client_id'] = $clientId;
     $order = $this->service->create($data);
     return $this->repository->with($this->with)->find($order->id);
 }
Exemple #11
0
 /**
  * Handle an incoming request.
  *
  * @param  \Illuminate\Http\Request  $request
  * @param  \Closure  $next
  * @return mixed
  */
 public function handle($request, Closure $next)
 {
     $userId = \Authorizer::getResourceOwnerId();
     $projeto = $request->projeto;
     if ($this->repository->isOwner($projeto, $userId) == false) {
         return ['error' => 'Access Forbbiden'];
     }
     return $next($request);
 }
Exemple #12
0
 /**
  * @author LAHAXE Arnaud
  *
  * @apiGroup Auth
  * @apiName logout
  * @api      {post} /oauth/logout Logout
  *
  * @return \Illuminate\Http\RedirectResponse|\Laravel\Lumen\Http\Redirector
  */
 public function logout()
 {
     /** @var TokenHelper $tokenHelper */
     $tokenHelper = \App::make(TokenHelper::class);
     $tokenHelper->deleteTokens(\Authorizer::getChecker()->getAccessToken()->getId());
     // reset session if some dev use session in a rest api :D
     \Session::flush();
     return response()->json([], 202);
 }
Exemple #13
0
 /**
  * Handle an incoming request.
  *
  * @param  \Illuminate\Http\Request  $request
  * @param  \Closure  $next
  * @return mixed
  */
 public function handle($request, Closure $next)
 {
     $userId = \Authorizer::getResourceOwnerId();
     $projectId = $request->project;
     if ($this->service->isOwner($projectId, $userId) == false) {
         return ['sucess' => false];
     }
     return $next($request);
 }
Exemple #14
0
 public function handle($request, Closure $next)
 {
     $userId = \Authorizer::getResourceOwnerId();
     $project_id = $request->id;
     if (!$this->repository->isOwner($userId, $project_id)) {
         return ['error' => 'Access forbiden!'];
     }
     return $next($request);
 }
Exemple #15
0
 /**
  * Handle an incoming request.
  *
  * @param  \Illuminate\Http\Request  $request
  * @param  \Closure  $next
  * @return mixed
  */
 public function handle($request, Closure $next)
 {
     $user_id = \Authorizer::getResourceOwnerId();
     $project_id = $request->project;
     $projects = $this->repository->skipPresenter()->findWhere(['id' => $project_id, 'owner_id' => $user_id]);
     if (count($projects) == false) {
         return ['error' => 'Access forbidden'];
     }
     return $next($request);
 }
Exemple #16
0
 public function projectsMember(Request $request)
 {
     try {
         return $this->repository->findMember(\Authorizer::getResourceOwnerId(), $request->query->get('limit'));
     } catch (NoActiveAccessTokenException $e) {
         return $this->erroMsgm('Usuário não está logado.');
     } catch (\Exception $e) {
         return $this->erroMsgm('Ocorreu um erro ao listar os projetos. Erro: ' . $e->getMessage());
     }
 }
Exemple #17
0
 /**
  * @param Request $request
  * @param $id
  * @return mixed
  */
 public function updateStatus(Request $request, $id)
 {
     $idDeliveryman = Authorizer::getResourceOwnerID();
     $order = $this->orderService->updateStatus($id, $idDeliveryman, $request->get('status'));
     if ($order != false) {
         return $order;
     } else {
         abort(400, 'Order não encontrado');
     }
 }
Exemple #18
0
 /**
  * Display a listing of the resource.
  *
  * @return \Illuminate\Http\Response
  */
 public function index()
 {
     try {
         return $this->repository->with(['owner', 'client'])->findWhere(['owner_id' => \Authorizer::getResourceOwnerId()]);
     } catch (NoActiveAccessTokenException $e) {
         return $this->erroMsgm('Usuário não está logado.');
     } catch (\Exception $e) {
         return $this->erroMsgm('Ocorreu um erro ao listar os projetos. Erro: ' . $e->getMessage());
     }
 }
Exemple #19
0
 public function generateToken()
 {
     try {
         $result = \Authorizer::issueAccessToken();
         \Session::set('token', array_get($result, 'access_token'));
         return redirect()->back();
     } catch (OAuthException $e) {
         return redirect()->with('error', $e->getMessage());
     }
 }
Exemple #20
0
 public function login(Request $request)
 {
     $input = $request->all();
     $return = \Authorizer::issueAccessToken();
     $AccessToken = new AccessToken();
     $user = $AccessToken->getData($return['access_token']);
     if ($user) {
         $me = $this->userRepository->getMe($user->id);
         $return['features'] = $me['features'];
     }
     return Response::json($return);
 }
Exemple #21
0
 /**
  * Handle an incoming request.
  *
  * @param  \Illuminate\Http\Request  $request
  * @param  \Closure  $next
  * @return mixed
  */
 public function handle($request, Closure $next)
 {
     $project_id = $request->route('project') ? $request->route('project') : $request->all()['project_id'];
     $user_id = \Authorizer::getResourceOwnerId();
     if (is_null(Project::find($project_id))) {
         return Errors::invalidId($project_id);
     }
     if (!$this->repository->isMember($project_id, $user_id)) {
         return Errors::basic('Acesso negado! Você não é membro deste projeto.');
     }
     return $next($request);
 }
Exemple #22
0
 public function toArray()
 {
     $array = parent::toArray();
     $access_token = Input::get('access_token');
     if ($access_token) {
         \Authorizer::getChecker()->isValidRequest(true, $access_token);
     }
     $user_type = \Authorizer::getChecker()->getAccessToken() ? \Authorizer::getResourceOwnerType() : false;
     if ($user_type == 'user') {
         $array['logs'] = $this->logs();
     }
     return $array;
 }
Exemple #23
0
 /**
  * Handle an incoming request.
  *
  * @param  \Illuminate\Http\Request  $request
  * @param  \Closure  $next
  * @return mixed
  */
 public function handle($request, Closure $next)
 {
     $note_id = $request->note;
     $user_id = \Authorizer::getResourceOwnerId();
     $note = ProjectNote::find($note_id);
     if (is_null($note)) {
         return Errors::invalidId($note_id);
     }
     if (!$this->repository->isMember($note->project_id, $user_id)) {
         return Errors::basic('Acesso negado! Você não é membro do projeto desta nota.');
     }
     return $next($request);
 }
Exemple #24
0
 /**
  * @param Request $request
  * @return \Illuminate\Http\RedirectResponse|\Laravel\Lumen\Http\Redirector
  */
 public function login(Request $request)
 {
     // set default web oauth client
     Input::merge(['client_id' => Config::get('oauth2.web_client.client_id')]);
     Input::merge(['client_secret' => Config::get('oauth2.web_client.client_secret')]);
     Input::merge(['grant_type' => 'password']);
     try {
         \Authorizer::issueAccessToken();
         return redirect('/');
     } catch (\Exception $e) {
         $request->session()->flash('error', 'auth.login_error');
         return redirect(route('auth.loginForm'));
     }
 }
Exemple #25
0
 public function delete($id)
 {
     $pm = ProjectMember::find($id);
     if (is_null($pm)) {
         return Errors::invalidId($id);
     }
     // Lembrete: a verificacao se o usuario autenticado eh o dono do projeto ja foi
     // feita via middleware. Basta agora testar se o membro nao eh o usuario autenticado
     $user_id = \Authorizer::getResourceOwnerId();
     if ($user_id == $pm->user_id) {
         return Errors::basic("Voce eh dono do projeto e portanto nao pode se excluir dele");
     }
     $this->repository->delete($id);
     return ['message' => "Registro deletado!"];
 }
Exemple #26
0
 protected static function bootLogsActivity()
 {
     foreach (static::getRecordActivityEvents() as $eventName) {
         static::$eventName(function (LogsActivityInterface $model) use($eventName) {
             $activity = $model->getActivityDescriptionForEvent($eventName);
             $message = isset($activity['logs']) ? $activity['logs'] : '';
             $attributes = isset($activity['attributes']) ? $activity['attributes'] : [];
             // Integration with lucadegasperi/oauth2-server-laravel
             $user_id = \Authorizer::getChecker()->getAccessToken() ? \Authorizer::getResourceOwnerId() : false;
             if ($message != '') {
                 Activity::log($message, $user_id, $attributes);
             }
         });
     }
 }
Exemple #27
0
 /**
  * Execute the console command.
  *
  * @return mixed
  */
 public function handle()
 {
     $hash = $this->argument('hash');
     $key = $this->argument('key');
     try {
         \Authorizer::validateAccessToken(false, $key);
         $resourceOwnerId = \Authorizer::getResourceOwnerId();
         $user = \Authorization::loginUsingId($resourceOwnerId);
         if ($user->hash === $hash) {
             $this->info('Authenticated');
         } else {
             throw new \Exception('User hash does not match auth key');
         }
     } catch (OAuthException $e) {
         throw new \Exception('Authentication error: invalid authentication key');
     }
 }
Exemple #28
0
 /**
  * Handle an incoming request.
  *
  * @param  \Illuminate\Http\Request  $request
  * @param  \Closure  $next
  * @return mixed
  */
 public function handle($request, Closure $next)
 {
     //retorna o ID do usuário na tela para verificar se é o correto
     // return ['userId'=> \Authorizer::getResourceOwnerId()];
     //pega o usuário logado de acordo com o access token
     $userId = \Authorizer::getResourceOwnerId();
     //rodando o php artisan route:list, podemos ver que o resource criou um parametro
     //no caso do project criou como {project}, conforme abaixo
     /*| Domain | Method   | URI                              | Name                  | Action                                                      | Middleware |
      *|        | GET|HEAD | project/{project}                | project.show          | CodeProject\Http\Controllers\ProjectController@show         | oauth      |
      */
     $projectId = $request->project;
     if ($this->repository->isOwner($projectId, $userId) == false) {
         return ['error' => 'Access forbidden'];
     }
     return $next($request);
 }
Exemple #29
0
 public function signupOrSignin()
 {
     $input = Input::all();
     try {
         $user = $this->service->getUserByEmail($input['email']);
         \Authorization::attempt(['email' => Input::get('username'), 'password' => Input::get('password')]);
         $user = \Authorization::user();
         $transformer = \App::make(\HOFB\Users\UserTransformer::class);
         $response = \Authorizer::issueAccessToken();
         $transformed = $transformer->transform($user);
         $response['user'] = $transformed;
         return \Response::json($response);
     } catch (NotFoundModelException $e) {
         $input['userable_type'] = UserController::filterToType($input['userable_type']);
         $model = $this->service->createUser($input);
         return $this->returnUserModel($model);
     }
 }
Exemple #30
0
 /**
  * Store a newly created resource in storage.
  *
  * @return Response
  */
 public function store()
 {
     $user = User::findByEmailAndPassword(Input::get('username'), Input::get('password'));
     if (!isset($user)) {
         return Response::json(array('error' => Config::get('constants.STATUS_CODES.USER.USER_NOT_EXISTS'), 'error_description' => 'User does not exist'), 403);
     } elseif (!$user->activated) {
         return Response::json(array('error' => Config::get('constants.STATUS_CODES.USER.NEED_ACTIVATED'), 'error_description' => 'You need to activate your account', 'data' => $user->toArray()), 403);
     } else {
         try {
             $obj = Authorizer::issueAccessToken();
             $access_token = $obj['access_token'];
             User::invalidOldTokens($access_token);
             return Response::json($obj);
         } catch (\League\OAuth2\Server\Exception\OAuthException $exception) {
             //\Log::error($exception);
             return Response::json(array('error' => $exception->errorType, 'error_description' => $exception->getMessage()), 403);
         }
     }
 }