From d336ba687460d2bca898e86c12a26224fc36f071 Mon Sep 17 00:00:00 2001 From: Dan Brown Date: Sun, 29 Dec 2019 13:02:26 +0000 Subject: [PATCH] Started work on API token controls - Added access-api permission. - Started user profile UI work. - Created database table and model for tokens. - Fixed incorrect templates down migration :( --- app/Api/ApiToken.php | 9 +++ app/Auth/User.php | 21 +++++-- .../Controllers/UserApiTokenController.php | 20 +++++++ app/Http/Controllers/UserController.php | 14 +++-- ...2019_07_07_112515_add_template_support.php | 4 +- .../2019_12_29_120917_add_api_auth.php | 59 +++++++++++++++++++ resources/lang/en/settings.php | 6 ++ resources/views/settings/roles/form.blade.php | 3 +- resources/views/users/edit.blade.php | 19 ++++++ routes/web.php | 3 + 10 files changed, 143 insertions(+), 15 deletions(-) create mode 100644 app/Api/ApiToken.php create mode 100644 app/Http/Controllers/UserApiTokenController.php create mode 100644 database/migrations/2019_12_29_120917_add_api_auth.php diff --git a/app/Api/ApiToken.php b/app/Api/ApiToken.php new file mode 100644 index 000000000..838e70abb --- /dev/null +++ b/app/Api/ApiToken.php @@ -0,0 +1,9 @@ +id); + return $this->hasMany(ApiToken::class); + } + + /** + * Get the url for editing this user. + */ + public function getEditUrl(string $path = ''): string + { + $uri = '/settings/users/' . $this->id . '/' . trim($path, '/'); + return url(rtrim($uri, '/')); } /** * Get the url that links to this user's profile. - * @return mixed */ - public function getProfileUrl() + public function getProfileUrl(): string { return url('/user/' . $this->id); } diff --git a/app/Http/Controllers/UserApiTokenController.php b/app/Http/Controllers/UserApiTokenController.php new file mode 100644 index 000000000..385352011 --- /dev/null +++ b/app/Http/Controllers/UserApiTokenController.php @@ -0,0 +1,20 @@ +checkPermission('access-api'); + + // TODO - Form + return 'test'; + } + + +} diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php index b55398d2f..207466f38 100644 --- a/app/Http/Controllers/UserController.php +++ b/app/Http/Controllers/UserController.php @@ -116,22 +116,24 @@ class UserController extends Controller /** * Show the form for editing the specified user. - * @param int $id - * @param \BookStack\Auth\Access\SocialAuthService $socialAuthService - * @return Response */ - public function edit($id, SocialAuthService $socialAuthService) + public function edit(int $id, SocialAuthService $socialAuthService) { $this->checkPermissionOrCurrentUser('users-manage', $id); - $user = $this->user->findOrFail($id); + $user = $this->user->newQuery()->with(['apiTokens'])->findOrFail($id); $authMethod = ($user->system_name) ? 'system' : config('auth.method'); $activeSocialDrivers = $socialAuthService->getActiveDrivers(); $this->setPageTitle(trans('settings.user_profile')); $roles = $this->userRepo->getAllRoles(); - return view('users.edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers, 'authMethod' => $authMethod, 'roles' => $roles]); + return view('users.edit', [ + 'user' => $user, + 'activeSocialDrivers' => $activeSocialDrivers, + 'authMethod' => $authMethod, + 'roles' => $roles + ]); } /** diff --git a/database/migrations/2019_07_07_112515_add_template_support.php b/database/migrations/2019_07_07_112515_add_template_support.php index a54508198..3fcc68227 100644 --- a/database/migrations/2019_07_07_112515_add_template_support.php +++ b/database/migrations/2019_07_07_112515_add_template_support.php @@ -46,9 +46,9 @@ class AddTemplateSupport extends Migration // Remove templates-manage permission $templatesManagePermission = DB::table('role_permissions') - ->where('name', '=', 'templates_manage')->first(); + ->where('name', '=', 'templates-manage')->first(); DB::table('permission_role')->where('permission_id', '=', $templatesManagePermission->id)->delete(); - DB::table('role_permissions')->where('name', '=', 'templates_manage')->delete(); + DB::table('role_permissions')->where('name', '=', 'templates-manage')->delete(); } } diff --git a/database/migrations/2019_12_29_120917_add_api_auth.php b/database/migrations/2019_12_29_120917_add_api_auth.php new file mode 100644 index 000000000..e80fe3ae4 --- /dev/null +++ b/database/migrations/2019_12_29_120917_add_api_auth.php @@ -0,0 +1,59 @@ +increments('id'); + $table->string('client_id')->index(); + $table->string('client_secret'); + $table->integer('user_id')->unsigned()->index(); + $table->timestamp('expires_at')->index(); + $table->nullableTimestamps(); + }); + + // Add access-api permission + $adminRoleId = DB::table('roles')->where('system_name', '=', 'admin')->first()->id; + $permissionId = DB::table('role_permissions')->insertGetId([ + 'name' => 'access-api', + 'display_name' => 'Access system API', + 'created_at' => Carbon::now()->toDateTimeString(), + 'updated_at' => Carbon::now()->toDateTimeString() + ]); + DB::table('permission_role')->insert([ + 'role_id' => $adminRoleId, + 'permission_id' => $permissionId + ]); + } + + /** + * Reverse the migrations. + * + * @return void + */ + public function down() + { + // Remove API tokens table + Schema::dropIfExists('api_tokens'); + + // Remove access-api permission + $apiAccessPermission = DB::table('role_permissions') + ->where('name', '=', 'access-api')->first(); + + DB::table('permission_role')->where('permission_id', '=', $apiAccessPermission->id)->delete(); + DB::table('role_permissions')->where('name', '=', 'access-api')->delete(); + } +} diff --git a/resources/lang/en/settings.php b/resources/lang/en/settings.php index 6be7cc9cb..bb750a780 100755 --- a/resources/lang/en/settings.php +++ b/resources/lang/en/settings.php @@ -103,6 +103,7 @@ return [ 'role_manage_entity_permissions' => 'Manage all book, chapter & page permissions', 'role_manage_own_entity_permissions' => 'Manage permissions on own book, chapter & pages', 'role_manage_page_templates' => 'Manage page templates', + 'role_access_api' => 'Access system API', 'role_manage_settings' => 'Manage app settings', 'role_asset' => 'Asset Permissions', 'role_asset_desc' => 'These permissions control default access to the assets within the system. Permissions on Books, Chapters and Pages will override these permissions.', @@ -151,6 +152,11 @@ return [ 'users_social_disconnect' => 'Disconnect Account', 'users_social_connected' => ':socialAccount account was successfully attached to your profile.', 'users_social_disconnected' => ':socialAccount account was successfully disconnected from your profile.', + 'users_api_tokens' => 'API Tokens', + 'users_api_tokens_none' => 'No API tokens have been created for this user', + 'users_api_tokens_create' => 'Create Token', + + // API Tokens //! If editing translations files directly please ignore this in all //! languages apart from en. Content will be auto-copied from en. diff --git a/resources/views/settings/roles/form.blade.php b/resources/views/settings/roles/form.blade.php index 4617b1f52..1fbc80b1f 100644 --- a/resources/views/settings/roles/form.blade.php +++ b/resources/views/settings/roles/form.blade.php @@ -34,12 +34,13 @@ {{ trans('common.toggle_all') }}
+
@include('settings.roles.checkbox', ['permission' => 'settings-manage', 'label' => trans('settings.role_manage_settings')])
@include('settings.roles.checkbox', ['permission' => 'users-manage', 'label' => trans('settings.role_manage_users')])
@include('settings.roles.checkbox', ['permission' => 'user-roles-manage', 'label' => trans('settings.role_manage_roles')])
@include('settings.roles.checkbox', ['permission' => 'restrictions-manage-all', 'label' => trans('settings.role_manage_entity_permissions')])
@include('settings.roles.checkbox', ['permission' => 'restrictions-manage-own', 'label' => trans('settings.role_manage_own_entity_permissions')])
@include('settings.roles.checkbox', ['permission' => 'templates-manage', 'label' => trans('settings.role_manage_page_templates')])
-
@include('settings.roles.checkbox', ['permission' => 'settings-manage', 'label' => trans('settings.role_manage_settings')])
+
@include('settings.roles.checkbox', ['permission' => 'access-api', 'label' => trans('settings.role_access_api')])
diff --git a/resources/views/users/edit.blade.php b/resources/views/users/edit.blade.php index ff1e7cbe5..b3f73773b 100644 --- a/resources/views/users/edit.blade.php +++ b/resources/views/users/edit.blade.php @@ -87,6 +87,25 @@ @endif + + {{-- TODO - Review Control--}} + @if(($currentUser->id === $user->id && userCan('access-api')) || userCan('manage-users')) +
+
+

{{ trans('settings.users_api_tokens') }}

+
+ @if(userCan('access-api')) + {{ trans('settings.users_api_tokens_create') }} + @endif +
+
+ @if (count($user->apiTokens) > 0) + + @else +

{{ trans('settings.users_api_tokens_none') }}

+ @endif +
+ @endif @stop diff --git a/routes/web.php b/routes/web.php index 839e5a256..2a0e85dfe 100644 --- a/routes/web.php +++ b/routes/web.php @@ -187,6 +187,9 @@ Route::group(['middleware' => 'auth'], function () { Route::put('/users/{id}', 'UserController@update'); Route::delete('/users/{id}', 'UserController@destroy'); + // User API Tokens + Route::get('/users/{userId}/create-api-token', 'UserApiTokenController@create'); + // Roles Route::get('/roles', 'PermissionController@listRoles'); Route::get('/roles/new', 'PermissionController@createRole');