fix api security issues and update pages issue
This commit is contained in:
@@ -6,6 +6,8 @@ use App\Http\Controllers\Api\Core\BaseApiController;
|
||||
use App\Http\Requests\Roles\RoleSwitchRequest;
|
||||
use App\Services\Roles\RoleSwitchService;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
|
||||
class RoleSwitcherController extends BaseApiController
|
||||
@@ -40,7 +42,13 @@ class RoleSwitcherController extends BaseApiController
|
||||
}
|
||||
|
||||
$role = (string) $request->validated()['role'];
|
||||
$route = $this->switchService->switchRole($role);
|
||||
try {
|
||||
$route = $this->switchService->switchRole($guard, $role);
|
||||
} catch (AccessDeniedHttpException $e) {
|
||||
return $this->error($e->getMessage(), Response::HTTP_FORBIDDEN);
|
||||
} catch (NotFoundHttpException $e) {
|
||||
return $this->error($e->getMessage(), Response::HTTP_NOT_FOUND);
|
||||
}
|
||||
|
||||
return $this->success([
|
||||
'role' => $role,
|
||||
|
||||
Reference in New Issue
Block a user