dyzulk/trustlab-api
1
0
Fork 0
mirror of https://github.com/dyzulk/trustlab-api.git synced 2026-01-26 13:22:05 +07:00
Code Issues Packages Projects Releases Wiki Activity

fix: allow owner role to access all admin api endpoints and see stats

Browse Source
This commit is contained in:
dyzulk
2025-12-30 20:29:35 +07:00
parent a14d788400
commit 1eabedcb5b
6 changed files with 34 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/Http/Controllers/Api/RootCaApiController.php
View File

@@ -18,7 +18,7 @@ class RootCaApiController extends Controller
public function index()
{
$this->authorizeAdmin();
$this->authorizeAdminOrOwner();
$certificates = CaCertificate::all()->map(function($cert) {
$cert->status = $cert->valid_to->isFuture() ? 'valid' : 'expired';
@@ -33,7 +33,7 @@ class RootCaApiController extends Controller
public function renew(Request $request, CaCertificate $certificate)
{
$this->authorizeAdmin();
$this->authorizeAdminOrOwner();
$days = (int) $request->input('days', 3650);
@@ -60,10 +60,10 @@ class RootCaApiController extends Controller
}
}
protected function authorizeAdmin()
protected function authorizeAdminOrOwner()
{
if (auth()->user()->role !== 'admin') {
abort(403, 'Unauthorized action.');
if (!auth()->user()->isAdminOrOwner()) {
abort(403, 'Unauthorized action. Admin/Owner access required.');
}
}
}