/** * Creates an administrator for testing. * * @return \App\Models\User */ protected function createAdmin() { $user = factory(User::class)->create(); $admin = $user->roles()->getRelated()->whereName(Role::getAdministratorName())->firstOrFail(); $user->assignRole($admin); return $user; }
/** * Removes the specified user from the specified role. * * @param int|string $roleId * @param int|string $userId * * @return \Illuminate\Http\RedirectResponse */ public function destroy($roleId, $userId) { $this->authorize('admin.roles.users.destroy'); $role = $this->role->findOrFail($roleId); $user = $role->users()->findOrFail($userId); // Retrieve the administrators name. $adminName = Role::getAdministratorName(); // Retrieve all administrators. $administrators = $this->user->whereHas('roles', function ($query) use($adminName) { $query->whereName($adminName); })->get(); $admin = Role::whereName($adminName)->first(); // We need to verify that if the user is trying to remove all roles on themselves, // and they are the only administrator, that we throw an exception notifying them // that they can't do that. Though we want to allow the user to remove the // administrator role if more than one administrator exists. if ($user->hasRole($admin) && $user->id === auth()->user()->id && count($administrators) === 1) { flash()->setTimer(null)->error('Error!', "Unable to remove the administrator role from this user. You're the only administrator."); return redirect()->route('admin.roles.show', [$roleId]); } if ($role->users()->detach($user)) { flash()->success('Success!', 'Successfully removed user.'); return redirect()->route('admin.roles.show', [$roleId]); } flash()->error('Error!', 'There was an issue removing this user. Please try again.'); return redirect()->route('admin.roles.show', [$roleId]); }
/** * Run the database seeds. * * @return void */ public function run() { $role = Role::whereName(Role::getAdministratorName())->firstOrFail(); Permission::all()->map(function ($permission) use($role) { $role->grant($permission); }); }
/** * Register any application authentication / authorization services. * * @param Gate $gate * * @return void */ public function boot(Gate $gate) { parent::registerPolicies($gate); $gate->before(function ($user) { return $user->hasRole(Role::getAdministratorName()) ?: null; }); $this->defineCommentAbilities($gate); $this->defineIssueAbilities($gate); $this->defineInquiryAbilities($gate); $this->defineGuideAbilities($gate); }
/** * Execute the job. * * @return bool */ public function handle() { $this->user->name = $this->request->input('name'); $this->user->email = $this->request->input('email'); $this->user->password = bcrypt($this->request->input('password')); $role = Role::whereName(Role::getAdministratorName())->firstOrFail(); if ($this->user->save()) { $this->user->assignRole($role); return true; } return false; }
/** * Attaches roles depending on the users active directory group. * * @param User $user * @param AdldapUser $adldapUser * * @return void */ protected function handleLdapUserWasAuthenticated(User $user, AdldapUser $adldapUser) { if ($adldapUser->inGroup('Help Desk')) { $admin = Role::whereName(Role::getAdministratorName())->first(); // If we have the administrator role and the user isn't // already a member, then we'll assign them the role. if ($admin instanceof Role && !$user->hasRole($admin)) { $user->assignRole($admin); } } $user->from_ad = true; $user->save(); }
/** * Handle an incoming request. * * @param Request $request * @param Closure $next * * @return mixed */ public function handle(Request $request, Closure $next) { // Retrieve the administrator role. $administrator = $this->role->whereName(Role::getAdministratorName())->first(); // Retrieve the count of users. $users = $this->user->count(); if ($administrator instanceof Role && !$request->user() && $users === 0) { // If the administrator role has been created, no user // is logged in, and no users exist, // we'll allow the setup request. return $next($request); } // If the administrator role hasn't already been created, // we'll throw an Unauthorized Exception. throw new HttpException(403, 'Unauthorized.'); }
/** * Removes the specified user from the specified role. * * @param int|string $roleId * @param int|string $userId * * @throws CannotRemoveRolesException * * @return int */ public function destroy($roleId, $userId) { $this->authorize('admin.roles.users.destroy'); $role = $this->role->findOrFail($roleId); $user = $role->users()->findOrFail($userId); // Retrieve the administrators name. $adminName = Role::getAdministratorName(); // Retrieve all administrators. $administrators = $this->user->whereHas('roles', function (Builder $builder) use($adminName) { $builder->whereName($adminName); })->get(); $admin = Role::whereName($adminName)->first(); // We need to verify that if the user is trying to remove all roles on themselves, // and they are the only administrator, that we throw an exception notifying them // that they can't do that. Though we want to allow the user to remove the // administrator role if more than one administrator exists. if ($user->hasRole($admin) && $user->getKey() === auth()->user()->getKey() && count($administrators) === 1) { throw new CannotRemoveRolesException("Unable to remove the administrator role from this user. You're the only administrator."); } return $role->users()->detach($user); }
/** * Execute the job. * * @throws CannotRemoveRolesException * * @return bool */ public function handle() { $this->user->name = $this->request->input('name', $this->user->name); $this->user->email = $this->request->input('email'); $password = $this->request->input('password'); // Verify before changing the users password that it's not empty. if (!empty($password)) { // If the user doesn't have a set password mutator, // we'll encrypt the password. if (!$this->user->hasSetMutator('password')) { $password = bcrypt($password); } $this->user->password = $password; } // Retrieve the administrators name. $adminName = Role::getAdministratorName(); $roles = $this->request->input('roles', []); // Retrieve all administrator users. $administrators = $this->user->whereHas('roles', function (Builder $builder) use($adminName) { $builder->whereName($adminName); })->get(); // Retrieve the administrator role. $admin = Role::whereName($adminName)->first(); // We need to verify that if the user is trying to remove all roles on themselves, // and they are the only administrator, that we throw an exception notifying them // that they can't do that. Though we want to allow the user to remove the // administrator role if more than one administrator exists. if (count($roles) === 0 && $this->user->hasRole($admin) && $this->user->getKey() === auth()->user()->getKey() && count($administrators) === 1) { throw new CannotRemoveRolesException("Unable to remove the administrator role. You're the only administrator."); } if ($this->user->save()) { $this->user->roles()->sync($roles); return true; } return false; }
/** * Scopes the specified query limited to administrators. * * @param mixed $query * * @return mixed */ public function scopeWhereIsAdministrator($query) { return $query->whereHas('roles', function ($query) { $query->where(['name' => Role::getAdministratorName()]); }); }
use App\Models\GuideStep; use App\Models\Issue; use App\Models\Password; use App\Models\PasswordFolder; use App\Models\Permission; use App\Models\Role; use App\Models\User; use Faker\Generator; $factory[User::class] = function (Generator $faker) { return ['name' => $faker->name, 'email' => $faker->email, 'password' => str_random(10), 'remember_token' => str_random(10)]; }; $factory[Role::class] = function (Generator $faker) { return ['name' => $faker->name, 'label' => $faker->name]; }; $factory->defineAs(Role::class, 'admin', function (Generator $faker) { return ['name' => Role::getAdministratorName(), 'label' => 'Administrator']; }); $factory[Permission::class] = function (Generator $faker) { return ['name' => $faker->name, 'label' => $faker->name]; }; $factory[Issue::class] = function (Generator $faker) { return ['user_id' => factory(User::class)->create()->getKey(), 'title' => $faker->sentence(), 'description' => $faker->sentence()]; }; $factory[Guide::class] = function (Generator $faker) { return ['title' => $faker->title, 'slug' => $faker->slug(3), 'description' => $faker->text()]; }; $factory[GuideStep::class] = function (Generator $faker) { return ['guide_id' => factory(Guide::class)->create()->getKey(), 'title' => $faker->title, 'description' => $faker->text()]; }; $factory[PasswordFolder::class] = function (Generator $faker) { return ['user_id' => factory(User::class)->create()->getKey(), 'uuid' => uuid(), 'pin' => $faker->password()];