Misc unrelated updates
This commit is contained in:
Codex Agent
@@ -3,6 +3,7 @@
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use App\Models\Tenant;
|
||||
use App\Models\User;
|
||||
use App\Services\Packages\PackageLimitEvaluator;
|
||||
use App\Support\ApiError;
|
||||
use Closure;
|
||||
@@ -26,7 +27,7 @@ class CreditCheckMiddleware
|
||||
]);
|
||||
}
|
||||
|
||||
if ($this->requiresCredits($request)) {
|
||||
if ($this->requiresCredits($request) && ! $this->shouldBypassCreditCheck($request, $tenant)) {
|
||||
$violation = $this->limitEvaluator->assessEventCreation($tenant);
|
||||
|
||||
if ($violation !== null) {
|
||||
@@ -43,6 +44,24 @@ class CreditCheckMiddleware
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
private function shouldBypassCreditCheck(Request $request, Tenant $tenant): bool
|
||||
{
|
||||
$user = $request->user();
|
||||
if (! $user instanceof User) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (! $user->isSuperAdmin()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (! $user->tenant_id) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return (int) $user->tenant_id === (int) $tenant->id;
|
||||
}
|
||||
|
||||
private function requiresCredits(Request $request): bool
|
||||
{
|
||||
return $request->isMethod('post')
|
||||
|
||||
@@ -42,7 +42,7 @@ class EnsureTenantAdminToken
|
||||
/** @var Tenant|null $tenant */
|
||||
$tenant = $user->tenant;
|
||||
|
||||
if (! $tenant && $user->role === 'super_admin') {
|
||||
if (! $tenant && $user->isSuperAdmin()) {
|
||||
$requestedTenantId = $this->resolveRequestedTenantId($request);
|
||||
|
||||
if ($requestedTenantId !== null) {
|
||||
@@ -50,14 +50,14 @@ class EnsureTenantAdminToken
|
||||
}
|
||||
}
|
||||
|
||||
if (! $tenant && $user->role !== 'super_admin') {
|
||||
if (! $tenant && ! $user->isSuperAdmin()) {
|
||||
return $this->forbiddenResponse('Tenant context missing for user.');
|
||||
}
|
||||
|
||||
if ($tenant) {
|
||||
$request->attributes->set('tenant_id', $tenant->id);
|
||||
$request->attributes->set('tenant', $tenant);
|
||||
} elseif ($user->role === 'super_admin') {
|
||||
} elseif ($user->isSuperAdmin()) {
|
||||
$requestedTenantId = $this->resolveRequestedTenantId($request);
|
||||
if ($requestedTenantId !== null) {
|
||||
$request->attributes->set('tenant_id', $requestedTenantId);
|
||||
@@ -96,7 +96,7 @@ class EnsureTenantAdminToken
|
||||
*/
|
||||
protected function allowedRoles(): array
|
||||
{
|
||||
return ['tenant_admin', 'super_admin', 'admin'];
|
||||
return ['tenant_admin', 'super_admin', 'superadmin', 'admin'];
|
||||
}
|
||||
|
||||
protected function forbiddenRoleMessage(): string
|
||||
|
||||
@@ -9,7 +9,7 @@ class EnsureTenantCollaboratorToken extends EnsureTenantAdminToken
|
||||
{
|
||||
protected function allowedRoles(): array
|
||||
{
|
||||
return ['tenant_admin', 'super_admin', 'admin', 'member'];
|
||||
return ['tenant_admin', 'super_admin', 'superadmin', 'admin', 'member'];
|
||||
}
|
||||
|
||||
protected function forbiddenRoleMessage(): string
|
||||
|
||||
@@ -3,6 +3,7 @@
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use App\Models\Tenant;
|
||||
use App\Models\User;
|
||||
use App\Services\Packages\PackageLimitEvaluator;
|
||||
use App\Support\ApiError;
|
||||
use Closure;
|
||||
@@ -26,7 +27,7 @@ class PackageMiddleware
|
||||
]);
|
||||
}
|
||||
|
||||
if ($this->requiresPackageCheck($request)) {
|
||||
if ($this->requiresPackageCheck($request) && ! $this->shouldBypassPackageCheck($request, $tenant)) {
|
||||
$violation = $this->detectViolation($request, $tenant);
|
||||
|
||||
if ($violation !== null) {
|
||||
@@ -43,6 +44,24 @@ class PackageMiddleware
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
private function shouldBypassPackageCheck(Request $request, Tenant $tenant): bool
|
||||
{
|
||||
$user = $request->user();
|
||||
if (! $user instanceof User) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (! $user->isSuperAdmin()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (! $user->tenant_id) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return (int) $user->tenant_id === (int) $tenant->id;
|
||||
}
|
||||
|
||||
private function requiresPackageCheck(Request $request): bool
|
||||
{
|
||||
return $request->isMethod('post') && (
|
||||
|
||||
@@ -112,7 +112,7 @@ class RedirectIfAuthenticated extends BaseMiddleware
|
||||
return '/event-admin/dashboard';
|
||||
}
|
||||
|
||||
if ($user && $user->role === 'super_admin') {
|
||||
if ($user && $user->isSuperAdmin()) {
|
||||
return '/super-admin';
|
||||
}
|
||||
|
||||
|
||||
@@ -4,9 +4,9 @@ namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
|
||||
class SuperAdminAuth
|
||||
{
|
||||
@@ -21,17 +21,17 @@ class SuperAdminAuth
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
if (!Auth::check()) {
|
||||
if (! Auth::check()) {
|
||||
abort(403, 'Nicht angemeldet.');
|
||||
}
|
||||
|
||||
$user = Auth::user();
|
||||
Log::info('SuperAdminAuth: User ID ' . $user->id . ', role: ' . $user->role);
|
||||
Log::info('SuperAdminAuth: User ID '.$user->id.', role: '.$user->role);
|
||||
|
||||
if ($user->role !== 'super_admin') {
|
||||
abort(403, 'Zugriff nur für SuperAdmin. User ID: ' . $user->id . ', Role: ' . $user->role);
|
||||
if (! $user->isSuperAdmin()) {
|
||||
abort(403, 'Zugriff nur für SuperAdmin. User ID: '.$user->id.', Role: '.$user->role);
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user