kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-09-04 19:53:44 +00:00
Code Issues Projects Releases Wiki Activity

Expand authentication validation in API.

Browse Source
This commit is contained in:
James Cole
2023-01-14 07:53:00 +01:00
parent 4ccdd8f322
commit 23bbebb80e
3 changed files with 44 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/Api/V1/Controllers/System/UserController.php
View File

@@ -33,6 +33,7 @@ use FireflyIII\Transformers\UserTransformer;
use FireflyIII\User;
use Illuminate\Http\JsonResponse;
use Illuminate\Pagination\LengthAwarePaginator;
use Illuminate\Support\Facades\Log;
use League\Fractal\Pagination\IlluminatePaginatorAdapter;
use League\Fractal\Resource\Collection as FractalCollection;
use League\Fractal\Resource\Item;
@@ -191,6 +192,13 @@ class UserController extends Controller
public function update(UserUpdateRequest $request, User $user): JsonResponse
{
$data = $request->getAll();
// can only update 'blocked' when user is admin.
if(!$this->repository->hasRole(auth()->user(), 'owner')) {
Log::debug('Quietly drop fields "blocked" and "blocked_code" from request.');
unset($data['blocked'], $data['blocked_code']);
}
$user = $this->repository->update($user, $data);
$manager = $this->getManager();
// make resource