mirror/UNIT3D-Community-Edition
1
0
Fork 0
mirror of https://github.com/HDInnovations/UNIT3D-Community-Edition.git synced 2026-01-20 19:11:33 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
2ea2fbb5ab613f1df60104e9885db6108bea9c42
UNIT3D-Community-Edition/app/Http/Controllers/User/TwoStepController.php
Roardom 2ea2fbb5ab update: cruddify user security
2023-04-11 15:58:54 +00:00

64 lines
2.2 KiB
PHP
Raw Blame History

<?php
/**
* NOTICE OF LICENSE.
*
* UNIT3D Community Edition is open-sourced software licensed under the GNU Affero General Public License v3.0
* The details is bundled with this project in the file LICENSE.txt.
*
* @project UNIT3D Community Edition
*
* @author Roardom <roardom@protonmail.com>
* @license https://www.gnu.org/licenses/agpl-3.0.en.html/ GNU Affero General Public License v3.0
*/
namespace App\Http\Controllers\User;
use App\Http\Controllers\Controller;
use App\Models\PrivateMessage;
use App\Models\User;
use Illuminate\Http\Request;
class TwoStepController extends Controller
{
/**
* Update user two step auth status.
*/
protected function update(Request $request, User $user): \Illuminate\Http\RedirectResponse
{
abort_unless($request->user()->id == $user->id || $request->user()->group->is_modo, 403);
$changedByStaff = $request->user()->id !== $user->id;
abort_if($changedByStaff && ! $request->user()->group->is_owner && $request->user()->group->level < $user->group->level, 403);
$request->validate([
'twostep' => 'required|boolean',
]);
$user->twostep = $request->twostep;
$user->save();
if ($changedByStaff) {
PrivateMessage::create([
'sender_id' => 1,
'receiver_id' => $user->id,
'subject' => 'ATTENTION - Your two step authentication status has been changed',
'message' => "Your two step authentication status has been changed by staff.\n\nFor more information, please create a helpdesk ticket.\n\n[color=red][b]THIS IS AN AUTOMATED SYSTEM MESSAGE, PLEASE DO NOT REPLY![/b][/color]",
]);
}
return to_route('users.two_step.edit', ['user' => $user])
->withSuccess('You changed your two-step authentication Status.');
}
/**
* Edit user two step auth status.
*/
public function edit(Request $request, User $user): \Illuminate\Contracts\View\Factory|\Illuminate\View\View
{
abort_unless($request->user()->id == $user->id || $request->user()->group->is_modo, 403);
return view('user.two_step.edit', ['user' => $user]);
}
}
Reference in New Issue View Git Blame Copy Permalink