public function handle($request, Closure $next) { $userId = \Authorizer::getResourceOwnerId(); $projectId = $request->project; return $this->repository->isOwner($projectId, $userId) == false; return $next($request); }
public function index(Request $request) { if ($request->query->get('project_type', 'owner') == 'owner') { return $this->repository->findOwner(\Authorizer::getResourceOwnerId(), $request->query->get('limit')); } return $this->repository->findMember(\Authorizer::getResourceOwnerId(), $request->query->get('limit')); }
/** * Display a listing of the resource. * * @return Response */ public function index() { return $this->repository->findWhere(['owner_id' => \Authorizer::getResourceOwnerId()]); //return $this->repository->findWithOwnerAndMember(Authorizer::getResourceOwnerId()); //return $this->repository->all(); //return $this->repository->with(['client', 'user'])->all(); }
public function handle($request, Closure $next) { $userId = \Authorizer::getResourceOwnerId(); $projectId = $request->project; if ($this->repository->isOwner($id, $userId) == false) { return ['error' => 'Access forbidden']; } }
/** * Retorna o user logado no OAuth * @return int * @throws \Exception */ protected function getAuthUserId() { $userId = \Authorizer::getResourceOwnerId(); if (is_null($userId)) { $this->failedAuthorization(); } return $userId; }
public function all($limit = null) { try { return $this->repository->setPresenter($this->presenter)->findWithOwnerAndMember(\Authorizer::getResourceOwnerId(), $limit); } catch (\Exception $e) { return ["error" => true, "message" => 'Nenhum registro encontrado.', "messageDev" => $e->getMessage()]; } }
/** * Display a listing of the resource. * * @return Response */ public function index(Request $request) { //return $this->repository->findWhere(['owner_id' => \Authorizer::getResourceOwnerId()]); //return $this->repository->findWithOwnerAndMember(\Authorizer::getResourceOwnerId()); return $this->repository->findOwner(\Authorizer::getResourceOwnerId(), $request->query->get('limit')); //return $this->repository->all(); //return $this->repository->with(['client', 'user'])->all(); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $userId = \Authorizer::getResourceOwnerId(); $projectId = $request->projects; if ($this->repository->isOwner($projectId, $userId) == false) { return ['error' => 'Access denied! You must be the project owner to access this resource']; } return $next($request); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $userId = \Authorizer::getResourceOwnerId(); $projectId = $request->project; if ($this->repository->isOwner($projectId, $userId) == false) { return ['error' => "Acesso negado"]; } return $next($request); }
public function store(Requests\CheckoutRequest $request) { $data = $request->all(); $id = \Authorizer::getResourceOwnerId(); $clientId = $this->userRepository->find($id)->client->id; $data['client_id'] = $clientId; $order = $this->service->create($data); return $this->repository->with($this->with)->find($order->id); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $userId = \Authorizer::getResourceOwnerId(); $projeto = $request->projeto; if ($this->repository->isOwner($projeto, $userId) == false) { return ['error' => 'Access Forbbiden']; } return $next($request); }
/** * @author LAHAXE Arnaud * * @apiGroup Auth * @apiName logout * @api {post} /oauth/logout Logout * * @return \Illuminate\Http\RedirectResponse|\Laravel\Lumen\Http\Redirector */ public function logout() { /** @var TokenHelper $tokenHelper */ $tokenHelper = \App::make(TokenHelper::class); $tokenHelper->deleteTokens(\Authorizer::getChecker()->getAccessToken()->getId()); // reset session if some dev use session in a rest api :D \Session::flush(); return response()->json([], 202); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $userId = \Authorizer::getResourceOwnerId(); $projectId = $request->project; if ($this->service->isOwner($projectId, $userId) == false) { return ['sucess' => false]; } return $next($request); }
public function handle($request, Closure $next) { $userId = \Authorizer::getResourceOwnerId(); $project_id = $request->id; if (!$this->repository->isOwner($userId, $project_id)) { return ['error' => 'Access forbiden!']; } return $next($request); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $user_id = \Authorizer::getResourceOwnerId(); $project_id = $request->project; $projects = $this->repository->skipPresenter()->findWhere(['id' => $project_id, 'owner_id' => $user_id]); if (count($projects) == false) { return ['error' => 'Access forbidden']; } return $next($request); }
public function projectsMember(Request $request) { try { return $this->repository->findMember(\Authorizer::getResourceOwnerId(), $request->query->get('limit')); } catch (NoActiveAccessTokenException $e) { return $this->erroMsgm('Usuário não está logado.'); } catch (\Exception $e) { return $this->erroMsgm('Ocorreu um erro ao listar os projetos. Erro: ' . $e->getMessage()); } }
/** * @param Request $request * @param $id * @return mixed */ public function updateStatus(Request $request, $id) { $idDeliveryman = Authorizer::getResourceOwnerID(); $order = $this->orderService->updateStatus($id, $idDeliveryman, $request->get('status')); if ($order != false) { return $order; } else { abort(400, 'Order não encontrado'); } }
/** * Display a listing of the resource. * * @return \Illuminate\Http\Response */ public function index() { try { return $this->repository->with(['owner', 'client'])->findWhere(['owner_id' => \Authorizer::getResourceOwnerId()]); } catch (NoActiveAccessTokenException $e) { return $this->erroMsgm('Usuário não está logado.'); } catch (\Exception $e) { return $this->erroMsgm('Ocorreu um erro ao listar os projetos. Erro: ' . $e->getMessage()); } }
public function generateToken() { try { $result = \Authorizer::issueAccessToken(); \Session::set('token', array_get($result, 'access_token')); return redirect()->back(); } catch (OAuthException $e) { return redirect()->with('error', $e->getMessage()); } }
public function login(Request $request) { $input = $request->all(); $return = \Authorizer::issueAccessToken(); $AccessToken = new AccessToken(); $user = $AccessToken->getData($return['access_token']); if ($user) { $me = $this->userRepository->getMe($user->id); $return['features'] = $me['features']; } return Response::json($return); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $project_id = $request->route('project') ? $request->route('project') : $request->all()['project_id']; $user_id = \Authorizer::getResourceOwnerId(); if (is_null(Project::find($project_id))) { return Errors::invalidId($project_id); } if (!$this->repository->isMember($project_id, $user_id)) { return Errors::basic('Acesso negado! Você não é membro deste projeto.'); } return $next($request); }
public function toArray() { $array = parent::toArray(); $access_token = Input::get('access_token'); if ($access_token) { \Authorizer::getChecker()->isValidRequest(true, $access_token); } $user_type = \Authorizer::getChecker()->getAccessToken() ? \Authorizer::getResourceOwnerType() : false; if ($user_type == 'user') { $array['logs'] = $this->logs(); } return $array; }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $note_id = $request->note; $user_id = \Authorizer::getResourceOwnerId(); $note = ProjectNote::find($note_id); if (is_null($note)) { return Errors::invalidId($note_id); } if (!$this->repository->isMember($note->project_id, $user_id)) { return Errors::basic('Acesso negado! Você não é membro do projeto desta nota.'); } return $next($request); }
/** * @param Request $request * @return \Illuminate\Http\RedirectResponse|\Laravel\Lumen\Http\Redirector */ public function login(Request $request) { // set default web oauth client Input::merge(['client_id' => Config::get('oauth2.web_client.client_id')]); Input::merge(['client_secret' => Config::get('oauth2.web_client.client_secret')]); Input::merge(['grant_type' => 'password']); try { \Authorizer::issueAccessToken(); return redirect('/'); } catch (\Exception $e) { $request->session()->flash('error', 'auth.login_error'); return redirect(route('auth.loginForm')); } }
public function delete($id) { $pm = ProjectMember::find($id); if (is_null($pm)) { return Errors::invalidId($id); } // Lembrete: a verificacao se o usuario autenticado eh o dono do projeto ja foi // feita via middleware. Basta agora testar se o membro nao eh o usuario autenticado $user_id = \Authorizer::getResourceOwnerId(); if ($user_id == $pm->user_id) { return Errors::basic("Voce eh dono do projeto e portanto nao pode se excluir dele"); } $this->repository->delete($id); return ['message' => "Registro deletado!"]; }
protected static function bootLogsActivity() { foreach (static::getRecordActivityEvents() as $eventName) { static::$eventName(function (LogsActivityInterface $model) use($eventName) { $activity = $model->getActivityDescriptionForEvent($eventName); $message = isset($activity['logs']) ? $activity['logs'] : ''; $attributes = isset($activity['attributes']) ? $activity['attributes'] : []; // Integration with lucadegasperi/oauth2-server-laravel $user_id = \Authorizer::getChecker()->getAccessToken() ? \Authorizer::getResourceOwnerId() : false; if ($message != '') { Activity::log($message, $user_id, $attributes); } }); } }
/** * Execute the console command. * * @return mixed */ public function handle() { $hash = $this->argument('hash'); $key = $this->argument('key'); try { \Authorizer::validateAccessToken(false, $key); $resourceOwnerId = \Authorizer::getResourceOwnerId(); $user = \Authorization::loginUsingId($resourceOwnerId); if ($user->hash === $hash) { $this->info('Authenticated'); } else { throw new \Exception('User hash does not match auth key'); } } catch (OAuthException $e) { throw new \Exception('Authentication error: invalid authentication key'); } }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { //retorna o ID do usuário na tela para verificar se é o correto // return ['userId'=> \Authorizer::getResourceOwnerId()]; //pega o usuário logado de acordo com o access token $userId = \Authorizer::getResourceOwnerId(); //rodando o php artisan route:list, podemos ver que o resource criou um parametro //no caso do project criou como {project}, conforme abaixo /*| Domain | Method | URI | Name | Action | Middleware | *| | GET|HEAD | project/{project} | project.show | CodeProject\Http\Controllers\ProjectController@show | oauth | */ $projectId = $request->project; if ($this->repository->isOwner($projectId, $userId) == false) { return ['error' => 'Access forbidden']; } return $next($request); }
public function signupOrSignin() { $input = Input::all(); try { $user = $this->service->getUserByEmail($input['email']); \Authorization::attempt(['email' => Input::get('username'), 'password' => Input::get('password')]); $user = \Authorization::user(); $transformer = \App::make(\HOFB\Users\UserTransformer::class); $response = \Authorizer::issueAccessToken(); $transformed = $transformer->transform($user); $response['user'] = $transformed; return \Response::json($response); } catch (NotFoundModelException $e) { $input['userable_type'] = UserController::filterToType($input['userable_type']); $model = $this->service->createUser($input); return $this->returnUserModel($model); } }
/** * Store a newly created resource in storage. * * @return Response */ public function store() { $user = User::findByEmailAndPassword(Input::get('username'), Input::get('password')); if (!isset($user)) { return Response::json(array('error' => Config::get('constants.STATUS_CODES.USER.USER_NOT_EXISTS'), 'error_description' => 'User does not exist'), 403); } elseif (!$user->activated) { return Response::json(array('error' => Config::get('constants.STATUS_CODES.USER.NEED_ACTIVATED'), 'error_description' => 'You need to activate your account', 'data' => $user->toArray()), 403); } else { try { $obj = Authorizer::issueAccessToken(); $access_token = $obj['access_token']; User::invalidOldTokens($access_token); return Response::json($obj); } catch (\League\OAuth2\Server\Exception\OAuthException $exception) { //\Log::error($exception); return Response::json(array('error' => $exception->errorType, 'error_description' => $exception->getMessage()), 403); } } }