Only users with any form of channel access can use /viewer

This commit is contained in:
Alex Thomassen 2023-12-19 20:57:23 +00:00
parent a978293c36
commit 2dfa4cd53e
Signed by: Alex
GPG Key ID: 10BD786B5F6FF5DE
3 changed files with 41 additions and 1 deletions

View File

@ -3,12 +3,13 @@
namespace App\Http\Controllers; namespace App\Http\Controllers;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use App\Http\Requests\ViewerRequest;
use App\Models\Trace\Message; use App\Models\Trace\Message;
class ViewerController extends Controller class ViewerController extends Controller
{ {
public function index(Request $request, string $viewerId) public function index(ViewerRequest $request, string $viewerId)
{ {
// Check if viewerId is numeric // Check if viewerId is numeric
if (!is_numeric($viewerId)) { if (!is_numeric($viewerId)) {

View File

@ -0,0 +1,38 @@
<?php
namespace App\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
use Auth;
class ViewerRequest extends FormRequest
{
/**
* Determine if the user is authorized to make this request.
*/
public function authorize(): bool
{
if (Auth::check()) {
return false;
}
$user = Auth::user();
if ($user->is_admin) {
return true;
}
$channels = $user->getTraceChannels();
return $channels->isNotEmpty();
}
/**
* Get the validation rules that apply to the request.
*
* @return array<string, \Illuminate\Contracts\Validation\ValidationRule|array<mixed>|string>
*/
public function rules(): array
{
return [];
}
}

View File

@ -35,6 +35,7 @@ class User extends Authenticatable
* @var array<int, string> * @var array<int, string>
*/ */
protected $hidden = [ protected $hidden = [
'email',
'remember_token', 'remember_token',
]; ];