/**
* Creates an administrator for testing.
*
* @return \App\Models\User
*/
protected function createAdmin()
{
$user = factory(User::class)->create();
$admin = $user->roles()->getRelated()->whereName(Role::getAdministratorName())->firstOrFail();
$user->assignRole($admin);
return $user;
}
/**
* Removes the specified user from the specified role.
*
* @param int|string $roleId
* @param int|string $userId
*
* @return \Illuminate\Http\RedirectResponse
*/
public function destroy($roleId, $userId)
{
$this->authorize('admin.roles.users.destroy');
$role = $this->role->findOrFail($roleId);
$user = $role->users()->findOrFail($userId);
// Retrieve the administrators name.
$adminName = Role::getAdministratorName();
// Retrieve all administrators.
$administrators = $this->user->whereHas('roles', function ($query) use($adminName) {
$query->whereName($adminName);
})->get();
$admin = Role::whereName($adminName)->first();
// We need to verify that if the user is trying to remove all roles on themselves,
// and they are the only administrator, that we throw an exception notifying them
// that they can't do that. Though we want to allow the user to remove the
// administrator role if more than one administrator exists.
if ($user->hasRole($admin) && $user->id === auth()->user()->id && count($administrators) === 1) {
flash()->setTimer(null)->error('Error!', "Unable to remove the administrator role from this user. You're the only administrator.");
return redirect()->route('admin.roles.show', [$roleId]);
}
if ($role->users()->detach($user)) {
flash()->success('Success!', 'Successfully removed user.');
return redirect()->route('admin.roles.show', [$roleId]);
}
flash()->error('Error!', 'There was an issue removing this user. Please try again.');
return redirect()->route('admin.roles.show', [$roleId]);
}
/**
* Run the database seeds.
*
* @return void
*/
public function run()
{
$role = Role::whereName(Role::getAdministratorName())->firstOrFail();
Permission::all()->map(function ($permission) use($role) {
$role->grant($permission);
});
}
/**
* Register any application authentication / authorization services.
*
* @param Gate $gate
*
* @return void
*/
public function boot(Gate $gate)
{
parent::registerPolicies($gate);
$gate->before(function ($user) {
return $user->hasRole(Role::getAdministratorName()) ?: null;
});
$this->defineCommentAbilities($gate);
$this->defineIssueAbilities($gate);
$this->defineInquiryAbilities($gate);
$this->defineGuideAbilities($gate);
}
/**
* Execute the job.
*
* @return bool
*/
public function handle()
{
$this->user->name = $this->request->input('name');
$this->user->email = $this->request->input('email');
$this->user->password = bcrypt($this->request->input('password'));
$role = Role::whereName(Role::getAdministratorName())->firstOrFail();
if ($this->user->save()) {
$this->user->assignRole($role);
return true;
}
return false;
}
/**
* Attaches roles depending on the users active directory group.
*
* @param User $user
* @param AdldapUser $adldapUser
*
* @return void
*/
protected function handleLdapUserWasAuthenticated(User $user, AdldapUser $adldapUser)
{
if ($adldapUser->inGroup('Help Desk')) {
$admin = Role::whereName(Role::getAdministratorName())->first();
// If we have the administrator role and the user isn't
// already a member, then we'll assign them the role.
if ($admin instanceof Role && !$user->hasRole($admin)) {
$user->assignRole($admin);
}
}
$user->from_ad = true;
$user->save();
}
/**
* Handle an incoming request.
*
* @param Request $request
* @param Closure $next
*
* @return mixed
*/
public function handle(Request $request, Closure $next)
{
// Retrieve the administrator role.
$administrator = $this->role->whereName(Role::getAdministratorName())->first();
// Retrieve the count of users.
$users = $this->user->count();
if ($administrator instanceof Role && !$request->user() && $users === 0) {
// If the administrator role has been created, no user
// is logged in, and no users exist,
// we'll allow the setup request.
return $next($request);
}
// If the administrator role hasn't already been created,
// we'll throw an Unauthorized Exception.
throw new HttpException(403, 'Unauthorized.');
}
/**
* Removes the specified user from the specified role.
*
* @param int|string $roleId
* @param int|string $userId
*
* @throws CannotRemoveRolesException
*
* @return int
*/
public function destroy($roleId, $userId)
{
$this->authorize('admin.roles.users.destroy');
$role = $this->role->findOrFail($roleId);
$user = $role->users()->findOrFail($userId);
// Retrieve the administrators name.
$adminName = Role::getAdministratorName();
// Retrieve all administrators.
$administrators = $this->user->whereHas('roles', function (Builder $builder) use($adminName) {
$builder->whereName($adminName);
})->get();
$admin = Role::whereName($adminName)->first();
// We need to verify that if the user is trying to remove all roles on themselves,
// and they are the only administrator, that we throw an exception notifying them
// that they can't do that. Though we want to allow the user to remove the
// administrator role if more than one administrator exists.
if ($user->hasRole($admin) && $user->getKey() === auth()->user()->getKey() && count($administrators) === 1) {
throw new CannotRemoveRolesException("Unable to remove the administrator role from this user. You're the only administrator.");
}
return $role->users()->detach($user);
}
/**
* Execute the job.
*
* @throws CannotRemoveRolesException
*
* @return bool
*/
public function handle()
{
$this->user->name = $this->request->input('name', $this->user->name);
$this->user->email = $this->request->input('email');
$password = $this->request->input('password');
// Verify before changing the users password that it's not empty.
if (!empty($password)) {
// If the user doesn't have a set password mutator,
// we'll encrypt the password.
if (!$this->user->hasSetMutator('password')) {
$password = bcrypt($password);
}
$this->user->password = $password;
}
// Retrieve the administrators name.
$adminName = Role::getAdministratorName();
$roles = $this->request->input('roles', []);
// Retrieve all administrator users.
$administrators = $this->user->whereHas('roles', function (Builder $builder) use($adminName) {
$builder->whereName($adminName);
})->get();
// Retrieve the administrator role.
$admin = Role::whereName($adminName)->first();
// We need to verify that if the user is trying to remove all roles on themselves,
// and they are the only administrator, that we throw an exception notifying them
// that they can't do that. Though we want to allow the user to remove the
// administrator role if more than one administrator exists.
if (count($roles) === 0 && $this->user->hasRole($admin) && $this->user->getKey() === auth()->user()->getKey() && count($administrators) === 1) {
throw new CannotRemoveRolesException("Unable to remove the administrator role. You're the only administrator.");
}
if ($this->user->save()) {
$this->user->roles()->sync($roles);
return true;
}
return false;
}
/**
* Scopes the specified query limited to administrators.
*
* @param mixed $query
*
* @return mixed
*/
public function scopeWhereIsAdministrator($query)
{
return $query->whereHas('roles', function ($query) {
$query->where(['name' => Role::getAdministratorName()]);
});
}
use App\Models\GuideStep;
use App\Models\Issue;
use App\Models\Password;
use App\Models\PasswordFolder;
use App\Models\Permission;
use App\Models\Role;
use App\Models\User;
use Faker\Generator;
$factory[User::class] = function (Generator $faker) {
return ['name' => $faker->name, 'email' => $faker->email, 'password' => str_random(10), 'remember_token' => str_random(10)];
};
$factory[Role::class] = function (Generator $faker) {
return ['name' => $faker->name, 'label' => $faker->name];
};
$factory->defineAs(Role::class, 'admin', function (Generator $faker) {
return ['name' => Role::getAdministratorName(), 'label' => 'Administrator'];
});
$factory[Permission::class] = function (Generator $faker) {
return ['name' => $faker->name, 'label' => $faker->name];
};
$factory[Issue::class] = function (Generator $faker) {
return ['user_id' => factory(User::class)->create()->getKey(), 'title' => $faker->sentence(), 'description' => $faker->sentence()];
};
$factory[Guide::class] = function (Generator $faker) {
return ['title' => $faker->title, 'slug' => $faker->slug(3), 'description' => $faker->text()];
};
$factory[GuideStep::class] = function (Generator $faker) {
return ['guide_id' => factory(Guide::class)->create()->getKey(), 'title' => $faker->title, 'description' => $faker->text()];
};
$factory[PasswordFolder::class] = function (Generator $faker) {
return ['user_id' => factory(User::class)->create()->getKey(), 'uuid' => uuid(), 'pin' => $faker->password()];
