Disable attachment API for demo users

app/Api/V1/Controllers/Models/Attachment/DestroyController.php

@@ -29,6 +29,8 @@ use FireflyIII\Models\Attachment;
 use FireflyIII\Repositories\Attachment\AttachmentRepositoryInterface;
 use FireflyIII\User;
 use Illuminate\Http\JsonResponse;
+use Illuminate\Support\Facades\Log;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 
 /**
  * Class DestroyController
@@ -64,6 +66,12 @@ class DestroyController extends Controller
      */
     public function destroy(Attachment $attachment): JsonResponse
     {
+        if(true === auth()->user()->hasRole('demo')) {
+            Log::channel('audit')->info(sprintf('Demo user tries to access attachment API in %s', __METHOD__));
+
+            throw new NotFoundHttpException();
+        }
+
         $this->repository->destroy($attachment);
         app('preferences')->mark();
 

app/Api/V1/Controllers/Models/Attachment/ShowController.php

@@ -33,9 +33,11 @@ use FireflyIII\User;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Response as LaravelResponse;
 use Illuminate\Pagination\LengthAwarePaginator;
+use Illuminate\Support\Facades\Log;
 use League\Fractal\Pagination\IlluminatePaginatorAdapter;
 use League\Fractal\Resource\Collection as FractalCollection;
 use League\Fractal\Resource\Item;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 
 /**
  * Class ShowController
@@ -73,6 +75,11 @@ class ShowController extends Controller
      */
     public function download(Attachment $attachment): LaravelResponse
     {
+        if(true === auth()->user()->hasRole('demo')) {
+            Log::channel('audit')->info(sprintf('Demo user tries to access attachment API in %s', __METHOD__));
+
+            throw new NotFoundHttpException();
+        }
         if (false === $attachment->uploaded) {
             throw new FireflyException('200000: File has not been uploaded (yet).');
         }
@@ -116,6 +123,12 @@ class ShowController extends Controller
      */
     public function index(): JsonResponse
     {
+        if(true === auth()->user()->hasRole('demo')) {
+            Log::channel('audit')->info(sprintf('Demo user tries to access attachment API in %s', __METHOD__));
+
+            throw new NotFoundHttpException();
+        }
+
         $manager = $this->getManager();
 
         // types to get, page size:
@@ -148,6 +161,11 @@ class ShowController extends Controller
      */
     public function show(Attachment $attachment): JsonResponse
     {
+        if(true === auth()->user()->hasRole('demo')) {
+            Log::channel('audit')->info(sprintf('Demo user tries to access attachment API in %s', __METHOD__));
+
+            throw new NotFoundHttpException();
+        }
         $manager = $this->getManager();
 
         /** @var AttachmentTransformer $transformer */

app/Api/V1/Controllers/Models/Attachment/StoreController.php

@@ -34,7 +34,9 @@ use FireflyIII\Transformers\AttachmentTransformer;
 use FireflyIII\User;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Log;
 use League\Fractal\Resource\Item;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 
 /**
  * Class StoreController
@@ -72,6 +74,11 @@ class StoreController extends Controller
      */
     public function store(StoreRequest $request): JsonResponse
     {
+        if(true === auth()->user()->hasRole('demo')) {
+            Log::channel('audit')->info(sprintf('Demo user tries to access attachment API in %s', __METHOD__));
+
+            throw new NotFoundHttpException();
+        }
         app('log')->debug(sprintf('Now in %s', __METHOD__));
         $data       = $request->getAll();
         $attachment = $this->repository->store($data);
@@ -91,6 +98,12 @@ class StoreController extends Controller
      */
     public function upload(Request $request, Attachment $attachment): JsonResponse
     {
+        if(true === auth()->user()->hasRole('demo')) {
+            Log::channel('audit')->info(sprintf('Demo user tries to access attachment API in %s', __METHOD__));
+
+            throw new NotFoundHttpException();
+        }
+
         /** @var AttachmentHelperInterface $helper */
         $helper = app(AttachmentHelperInterface::class);
         $body   = $request->getContent();

app/Api/V1/Controllers/Models/Attachment/UpdateController.php

@@ -31,7 +31,9 @@ use FireflyIII\Repositories\Attachment\AttachmentRepositoryInterface;
 use FireflyIII\Transformers\AttachmentTransformer;
 use FireflyIII\User;
 use Illuminate\Http\JsonResponse;
+use Illuminate\Support\Facades\Log;
 use League\Fractal\Resource\Item;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 
 /**
  * Class UpdateController
@@ -67,6 +69,11 @@ class UpdateController extends Controller
      */
     public function update(UpdateRequest $request, Attachment $attachment): JsonResponse
     {
+        if(true === auth()->user()->hasRole('demo')) {
+            Log::channel('audit')->info(sprintf('Demo user tries to access attachment API in %s', __METHOD__));
+
+            throw new NotFoundHttpException();
+        }
         $data = $request->getAll();
         $this->repository->update($attachment, $data);
         $manager = $this->getManager();