Add new role enum and apply authorization
This commit is contained in:
Jeremy Angele
37
app/Enums/Role.php
Normal file
37
app/Enums/Role.php
Normal file
@@ -0,0 +1,37 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
namespace App\Enums;
|
||||||
|
|
||||||
|
enum Role: string
|
||||||
|
{
|
||||||
|
case MEMBER = 'member';
|
||||||
|
case ADMIN = 'admin';
|
||||||
|
case OWNER = 'owner';
|
||||||
|
|
||||||
|
public function rank(): int
|
||||||
|
{
|
||||||
|
return match ($this) {
|
||||||
|
self::MEMBER => 1,
|
||||||
|
self::ADMIN => 2,
|
||||||
|
self::OWNER => 3,
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
public function lt(Role|string $role): bool
|
||||||
|
{
|
||||||
|
if (is_string($role)) {
|
||||||
|
$role = Role::from($role);
|
||||||
|
}
|
||||||
|
|
||||||
|
return $this->rank() < $role->rank();
|
||||||
|
}
|
||||||
|
|
||||||
|
public function gt(Role|string $role): bool
|
||||||
|
{
|
||||||
|
if (is_string($role)) {
|
||||||
|
$role = Role::from($role);
|
||||||
|
}
|
||||||
|
|
||||||
|
return $this->rank() > $role->rank();
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
namespace App\Livewire\Team;
|
namespace App\Livewire\Team;
|
||||||
|
|
||||||
|
use App\Enums\Role;
|
||||||
use App\Models\User;
|
use App\Models\User;
|
||||||
use Illuminate\Support\Facades\Cache;
|
use Illuminate\Support\Facades\Cache;
|
||||||
use Livewire\Component;
|
use Livewire\Component;
|
||||||
@@ -13,10 +14,11 @@ class Member extends Component
|
|||||||
public function makeAdmin()
|
public function makeAdmin()
|
||||||
{
|
{
|
||||||
try {
|
try {
|
||||||
if (! auth()->user()->isAdmin()) {
|
if (Role::from(auth()->user()->role())->lt(Role::ADMIN)
|
||||||
|
|| Role::from($this->getMemberRole())->gt(auth()->user()->role())) {
|
||||||
throw new \Exception('You are not authorized to perform this action.');
|
throw new \Exception('You are not authorized to perform this action.');
|
||||||
}
|
}
|
||||||
$this->member->teams()->updateExistingPivot(currentTeam()->id, ['role' => 'admin']);
|
$this->member->teams()->updateExistingPivot(currentTeam()->id, ['role' => Role::ADMIN->value]);
|
||||||
$this->dispatch('reloadWindow');
|
$this->dispatch('reloadWindow');
|
||||||
} catch (\Exception $e) {
|
} catch (\Exception $e) {
|
||||||
$this->dispatch('error', $e->getMessage());
|
$this->dispatch('error', $e->getMessage());
|
||||||
@@ -26,10 +28,11 @@ class Member extends Component
|
|||||||
public function makeOwner()
|
public function makeOwner()
|
||||||
{
|
{
|
||||||
try {
|
try {
|
||||||
if (! auth()->user()->isOwner()) {
|
if (Role::from(auth()->user()->role())->lt(Role::OWNER)
|
||||||
|
|| Role::from($this->getMemberRole())->gt(auth()->user()->role())) {
|
||||||
throw new \Exception('You are not authorized to perform this action.');
|
throw new \Exception('You are not authorized to perform this action.');
|
||||||
}
|
}
|
||||||
$this->member->teams()->updateExistingPivot(currentTeam()->id, ['role' => 'owner']);
|
$this->member->teams()->updateExistingPivot(currentTeam()->id, ['role' => Role::OWNER->value]);
|
||||||
$this->dispatch('reloadWindow');
|
$this->dispatch('reloadWindow');
|
||||||
} catch (\Exception $e) {
|
} catch (\Exception $e) {
|
||||||
$this->dispatch('error', $e->getMessage());
|
$this->dispatch('error', $e->getMessage());
|
||||||
@@ -39,10 +42,11 @@ class Member extends Component
|
|||||||
public function makeReadonly()
|
public function makeReadonly()
|
||||||
{
|
{
|
||||||
try {
|
try {
|
||||||
if (! auth()->user()->isAdmin()) {
|
if (Role::from(auth()->user()->role())->lt(Role::ADMIN)
|
||||||
|
|| Role::from($this->getMemberRole())->gt(auth()->user()->role())) {
|
||||||
throw new \Exception('You are not authorized to perform this action.');
|
throw new \Exception('You are not authorized to perform this action.');
|
||||||
}
|
}
|
||||||
$this->member->teams()->updateExistingPivot(currentTeam()->id, ['role' => 'member']);
|
$this->member->teams()->updateExistingPivot(currentTeam()->id, ['role' => Role::MEMBER->value]);
|
||||||
$this->dispatch('reloadWindow');
|
$this->dispatch('reloadWindow');
|
||||||
} catch (\Exception $e) {
|
} catch (\Exception $e) {
|
||||||
$this->dispatch('error', $e->getMessage());
|
$this->dispatch('error', $e->getMessage());
|
||||||
@@ -52,7 +56,8 @@ class Member extends Component
|
|||||||
public function remove()
|
public function remove()
|
||||||
{
|
{
|
||||||
try {
|
try {
|
||||||
if (! auth()->user()->isAdmin()) {
|
if (Role::from(auth()->user()->role())->lt(Role::ADMIN)
|
||||||
|
|| Role::from($this->getMemberRole())->gt(auth()->user()->role())) {
|
||||||
throw new \Exception('You are not authorized to perform this action.');
|
throw new \Exception('You are not authorized to perform this action.');
|
||||||
}
|
}
|
||||||
$this->member->teams()->detach(currentTeam());
|
$this->member->teams()->detach(currentTeam());
|
||||||
@@ -65,4 +70,9 @@ class Member extends Component
|
|||||||
$this->dispatch('error', $e->getMessage());
|
$this->dispatch('error', $e->getMessage());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function getMemberRole()
|
||||||
|
{
|
||||||
|
return $this->member->teams()->where('teams.id', currentTeam()->id)->first()?->pivot?->role;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user