fix api security issues and update pages issue
This commit is contained in:
@@ -12,13 +12,33 @@ class RoleQueryService
|
||||
public function listRoles(array $filters): LengthAwarePaginator
|
||||
{
|
||||
$query = Role::query()
|
||||
->select('roles.*')
|
||||
->select([
|
||||
'roles.id',
|
||||
'roles.name',
|
||||
'roles.slug',
|
||||
'roles.description',
|
||||
'roles.dashboard_route',
|
||||
'roles.priority',
|
||||
'roles.is_active',
|
||||
'roles.created_at',
|
||||
'roles.updated_at',
|
||||
])
|
||||
->leftJoin('user_roles', function ($join) {
|
||||
$join->on('user_roles.role_id', '=', 'roles.id')
|
||||
->whereNull('user_roles.deleted_at');
|
||||
})
|
||||
->selectRaw('COUNT(DISTINCT user_roles.user_id) AS user_count')
|
||||
->groupBy('roles.id');
|
||||
->groupBy([
|
||||
'roles.id',
|
||||
'roles.name',
|
||||
'roles.slug',
|
||||
'roles.description',
|
||||
'roles.dashboard_route',
|
||||
'roles.priority',
|
||||
'roles.is_active',
|
||||
'roles.created_at',
|
||||
'roles.updated_at',
|
||||
]);
|
||||
|
||||
if (!empty($filters['search'])) {
|
||||
$search = trim((string) $filters['search']);
|
||||
|
||||
@@ -3,6 +3,8 @@
|
||||
namespace App\Services\Roles;
|
||||
|
||||
use App\Models\UserRole;
|
||||
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
|
||||
class RoleSwitchService
|
||||
{
|
||||
@@ -16,8 +18,30 @@ class RoleSwitchService
|
||||
return array_values(array_filter(array_map(fn ($r) => (string) ($r['role_name'] ?? ''), $roles)));
|
||||
}
|
||||
|
||||
public function switchRole(string $role): string
|
||||
public function switchRole(int $userId, string $role): string
|
||||
{
|
||||
return $this->dashboardService->bestDashboardRouteFor([$role]);
|
||||
$requested = strtolower(trim($role));
|
||||
if ($requested === '') {
|
||||
throw new NotFoundHttpException('Role not found.');
|
||||
}
|
||||
|
||||
$roles = $this->getUserRoleNames($userId);
|
||||
$matchedRole = null;
|
||||
|
||||
foreach ($roles as $assignedRole) {
|
||||
$normalized = strtolower(trim($assignedRole));
|
||||
if ($normalized === $requested) {
|
||||
$matchedRole = $assignedRole;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if ($matchedRole === null) {
|
||||
throw new AccessDeniedHttpException('Invalid role selected.');
|
||||
}
|
||||
|
||||
session()->put('role', $matchedRole);
|
||||
|
||||
return $this->dashboardService->bestDashboardRouteFor([$matchedRole]);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user