fix api security issues and update pages issue

This commit is contained in:
root
2026-06-04 16:41:19 -04:00
parent feb6be0610
commit 5e5fe3794a
32 changed files with 1628 additions and 37 deletions
+22 -2
View File
@@ -12,13 +12,33 @@ class RoleQueryService
public function listRoles(array $filters): LengthAwarePaginator
{
$query = Role::query()
->select('roles.*')
->select([
'roles.id',
'roles.name',
'roles.slug',
'roles.description',
'roles.dashboard_route',
'roles.priority',
'roles.is_active',
'roles.created_at',
'roles.updated_at',
])
->leftJoin('user_roles', function ($join) {
$join->on('user_roles.role_id', '=', 'roles.id')
->whereNull('user_roles.deleted_at');
})
->selectRaw('COUNT(DISTINCT user_roles.user_id) AS user_count')
->groupBy('roles.id');
->groupBy([
'roles.id',
'roles.name',
'roles.slug',
'roles.description',
'roles.dashboard_route',
'roles.priority',
'roles.is_active',
'roles.created_at',
'roles.updated_at',
]);
if (!empty($filters['search'])) {
$search = trim((string) $filters['search']);
+26 -2
View File
@@ -3,6 +3,8 @@
namespace App\Services\Roles;
use App\Models\UserRole;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
class RoleSwitchService
{
@@ -16,8 +18,30 @@ class RoleSwitchService
return array_values(array_filter(array_map(fn ($r) => (string) ($r['role_name'] ?? ''), $roles)));
}
public function switchRole(string $role): string
public function switchRole(int $userId, string $role): string
{
return $this->dashboardService->bestDashboardRouteFor([$role]);
$requested = strtolower(trim($role));
if ($requested === '') {
throw new NotFoundHttpException('Role not found.');
}
$roles = $this->getUserRoleNames($userId);
$matchedRole = null;
foreach ($roles as $assignedRole) {
$normalized = strtolower(trim($assignedRole));
if ($normalized === $requested) {
$matchedRole = $assignedRole;
break;
}
}
if ($matchedRole === null) {
throw new AccessDeniedHttpException('Invalid role selected.');
}
session()->put('role', $matchedRole);
return $this->dashboardService->bestDashboardRouteFor([$matchedRole]);
}
}