Self update roles

heseya · Sep 20, 2023 · 9a28db5 · 9a28db5
1 parent c45cd57
commit 9a28db5
Show file tree

Hide file tree

Showing 25 changed files with 302 additions and 0 deletions.
diff --git a/app/Dtos/RoleCreateDto.php b/app/Dtos/RoleCreateDto.php
@@ -17,6 +17,7 @@ class RoleCreateDto extends Dto implements InstantiateFromRequest
     private bool|Missing $is_registration_role;
     private array $permissions;
     private array|Missing $metadata;
+    private bool|Missing $is_joinable;
 
     public static function instantiateFromRequest(FormRequest $request): self
     {
@@ -26,6 +27,7 @@ public static function instantiateFromRequest(FormRequest $request): self
             is_registration_role: $request->input('is_registration_role', new Missing()),
             permissions: $request->input('permissions', []),
             metadata: self::mapMetadata($request),
+            is_joinable: $request->input('is_joinable', new Missing()),
         );
     }
 
@@ -48,4 +50,9 @@ public function getPermissions(): array
     {
         return $this->permissions;
     }
+
+    public function getIsJoinable(): bool|Missing
+    {
+        return $this->is_joinable;
+    }
 }
diff --git a/app/Dtos/RoleSearchDto.php b/app/Dtos/RoleSearchDto.php
@@ -16,6 +16,7 @@ public function __construct(
         private ?array $metadata,
         private ?array $metadata_private,
         private ?array $ids,
+        private ?bool $is_joinable,
     ) {}
 
     public function toArray(): array
@@ -50,6 +51,10 @@ public function toArray(): array
             $data['ids'] = $this->getIds();
         }
 
+        if ($this->getIsJoinable() !== null) {
+            $data['is_joinable'] = $this->getIsJoinable();
+        }
+
         return $data;
     }
 
@@ -63,6 +68,7 @@ public static function instantiateFromRequest(FormRequest $request): self
             $request->input('metadata', null),
             $request->input('metadata_private', null),
             $request->input('ids', null),
+            $request->input('is_joinable', null),
         );
     }
 
@@ -100,4 +106,9 @@ public function getIds(): ?array
     {
         return $this->ids;
     }
+
+    public function getIsJoinable(): ?bool
+    {
+        return $this->is_joinable;
+    }
 }
diff --git a/app/Dtos/RoleUpdateDto.php b/app/Dtos/RoleUpdateDto.php
@@ -14,6 +14,7 @@ class RoleUpdateDto extends Dto implements InstantiateFromRequest
     private Missing|string|null $description;
     private bool|Missing $is_registration_role;
     private array|Missing $permissions;
+    private bool|Missing $is_joinable;
 
     public static function instantiateFromRequest(FormRequest|RoleUpdateRequest $request): self
     {
@@ -22,6 +23,7 @@ public static function instantiateFromRequest(FormRequest|RoleUpdateRequest $req
             description: $request->input('description', new Missing()),
             is_registration_role: $request->input('is_registration_role', new Missing()),
             permissions: $request->input('permissions', new Missing()),
+            is_joinable: $request->input('is_joinable', new Missing()),
         );
     }
 
@@ -44,4 +46,9 @@ public function getPermissions(): array|Missing
     {
         return $this->permissions;
     }
+
+    public function getIsJoinable(): bool|Missing
+    {
+        return $this->is_joinable;
+    }
 }
diff --git a/app/Dtos/SelfUpdateRoles.php b/app/Dtos/SelfUpdateRoles.php
@@ -0,0 +1,25 @@
+<?php
+
+namespace App\Dtos;
+
+use App\Enums\RoleType;
+use Illuminate\Validation\Rule;
+use Spatie\LaravelData\Data;
+use Spatie\LaravelData\Optional;
+
+class SelfUpdateRoles extends Data
+{
+    public function __construct(
+        public array|Optional $roles = [],
+    ) {}
+
+    public function roles(): array
+    {
+        return [
+            'roles.*' => [
+                'uuid',
+                Rule::exists('roles', 'id')->where(fn ($query) => $query->whereNotIn('type', [RoleType::AUTHENTICATED, RoleType::UNAUTHENTICATED])),
+            ],
+        ];
+    }
+}
diff --git a/app/Enums/ExceptionsEnums/Exceptions.php b/app/Enums/ExceptionsEnums/Exceptions.php
@@ -127,6 +127,7 @@ final class Exceptions extends Enum
     public const CLIENT_PROVIDER_MERGE_TOKEN_INVALID = 'Provider merge token is invalid';
     public const CLIENT_PROVIDER_MERGE_TOKEN_MISMATCH =
         'Provider merge token is for an account with different email address';
+    public const CLIENT_JOINING_NON_JOINABLE_ROLE = 'Can\'t join to a non joinable role';
 
     public static function getCode(string $value): int
     {

diff --git a/app/Http/Controllers/AuthController.php b/app/Http/Controllers/AuthController.php
@@ -4,6 +4,7 @@
 
 use App\Dtos\RegisterDto;
 use App\Dtos\SavedAddressDto;
+use App\Dtos\SelfUpdateRoles;
 use App\Dtos\TFAConfirmDto;
 use App\Dtos\TFAPasswordDto;
 use App\Dtos\TFASetupDto;
@@ -243,4 +244,9 @@ public function updateProfile(ProfileUpdateRequest $request): JsonResource
             $this->authService->updateProfile(UpdateProfileDto::instantiateFromRequest($request)),
         );
     }
+
+    public function selfUpdateRoles(SelfUpdateRoles $dto): JsonResource
+    {
+        return UserResource::make($this->authService->selfUpdateRoles($dto));
+    }
 }
diff --git a/app/Http/Requests/RoleIndexRequest.php b/app/Http/Requests/RoleIndexRequest.php
@@ -17,6 +17,7 @@ public function rules(): array
             'metadata_private' => ['nullable', 'array'],
             'ids' => ['array'],
             'ids.*' => ['uuid'],
+            'is_joinable' => ['boolean'],
         ];
     }
 }
diff --git a/app/Http/Requests/RoleStoreRequest.php b/app/Http/Requests/RoleStoreRequest.php
@@ -19,6 +19,7 @@ public function rules(): array
                 'is_registration_role' => ['boolean'],
                 'permissions' => ['array'],
                 'permissions.*' => ['string'],
+                'is_joinable' => ['boolean'],
             ]
         );
     }

diff --git a/app/Http/Requests/RoleUpdateRequest.php b/app/Http/Requests/RoleUpdateRequest.php
@@ -19,6 +19,7 @@ public function rules(): array
             'is_registration_role' => ['boolean'],
             'permissions' => ['array'],
             'permissions.*' => ['string'],
+            'is_joinable' => ['boolean'],
         ];
     }
 }
diff --git a/app/Http/Resources/RoleResource.php b/app/Http/Resources/RoleResource.php
@@ -20,6 +20,7 @@ public function base(Request $request): array
             'assignable' => $this->resource->isAssignable(),
             'deletable' => $this->resource->type->is(RoleType::REGULAR),
             'users_count' => $this->resource->users_count,
+            'is_joinable' => $this->resource->is_joinable,
         ], $this->metadataResource('roles.show_metadata_private'));
     }
 

diff --git a/app/Models/Role.php b/app/Models/Role.php
@@ -11,6 +11,7 @@
 use App\Traits\HasDiscountConditions;
 use App\Traits\HasMetadata;
 use App\Traits\HasUuid;
+use Heseya\Searchable\Criteria\Equals;
 use Heseya\Searchable\Criteria\Like;
 use Heseya\Searchable\Traits\HasCriteria;
 use Illuminate\Database\Eloquent\Builder;
@@ -26,6 +27,7 @@
  * @property RoleType $type
  * @property string $name
  * @property bool $is_registration_role
+ * @property bool $is_joinable
  *
  * @mixin IdeHelperRole
  */
@@ -43,11 +45,13 @@ class Role extends SpatieRole implements AuditableContract
         'description',
         'guard_name',
         'is_registration_role',
+        'is_joinable',
     ];
 
     protected $casts = [
         'type' => RoleType::class,
         'is_registration_role' => 'bool',
+        'is_joinable' => 'bool',
     ];
 
     protected array $criteria = [
@@ -58,6 +62,7 @@ class Role extends SpatieRole implements AuditableContract
         'metadata' => MetadataSearch::class,
         'metadata_private' => MetadataPrivateSearch::class,
         'ids' => WhereInIds::class,
+        'is_joinable' => Equals::class,
     ];
 
     public function users(): BelongsToMany

diff --git a/app/Services/AuthService.php b/app/Services/AuthService.php
@@ -3,6 +3,7 @@
 namespace App\Services;
 
 use App\Dtos\RegisterDto;
+use App\Dtos\SelfUpdateRoles;
 use App\Dtos\TFAConfirmDto;
 use App\Dtos\TFAPasswordDto;
 use App\Dtos\TFASetupDto;
@@ -369,6 +370,18 @@ public function selfRemove(string $password): void
         $this->userService->destroy($user);
     }
 
+    public function selfUpdateRoles(SelfUpdateRoles $dto): User
+    {
+        if ($this->isAppAuthenticated()) {
+            throw new ClientException(Exceptions::CLIENT_APPS_NO_ACCESS);
+        }
+
+        /** @var User $user */
+        $user = Auth::user();
+
+        return $this->userService->selfUpdateRoles($user, $dto);
+    }
+
     private function verifyTFA(?string $code): void
     {
         if (!Auth::user()?->is_tfa_active && $code !== null) {

diff --git a/app/Services/Contracts/AuthServiceContract.php b/app/Services/Contracts/AuthServiceContract.php
@@ -3,6 +3,7 @@
 namespace App\Services\Contracts;
 
 use App\Dtos\RegisterDto;
+use App\Dtos\SelfUpdateRoles;
 use App\Dtos\TFAConfirmDto;
 use App\Dtos\TFAPasswordDto;
 use App\Dtos\TFASetupDto;
@@ -51,4 +52,6 @@ public function register(RegisterDto $dto): User;
     public function updateProfile(UpdateProfileDto $dto): User;
 
     public function selfRemove(string $password): void;
+
+    public function selfUpdateRoles(SelfUpdateRoles $dto): User;
 }
diff --git a/app/Services/Contracts/UserServiceContract.php b/app/Services/Contracts/UserServiceContract.php
@@ -2,6 +2,7 @@
 
 namespace App\Services\Contracts;
 
+use App\Dtos\SelfUpdateRoles;
 use App\Dtos\UserCreateDto;
 use App\Dtos\UserDto;
 use App\Models\User;
@@ -16,4 +17,6 @@ public function create(UserCreateDto $dto): User;
     public function update(User $user, UserDto $dto): User;
 
     public function destroy(User $user): void;
+
+    public function selfUpdateRoles(User $user, SelfUpdateRoles $dto): User;
 }
diff --git a/app/Services/UserService.php b/app/Services/UserService.php
@@ -2,6 +2,7 @@
 
 namespace App\Services;
 
+use App\Dtos\SelfUpdateRoles;
 use App\Dtos\UserCreateDto;
 use App\Dtos\UserDto;
 use App\Enums\ExceptionsEnums\Exceptions;
@@ -26,6 +27,7 @@
 use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Str;
+use Spatie\LaravelData\Optional;
 
 readonly class UserService implements UserServiceContract
 {
@@ -267,4 +269,27 @@ public function destroy(User $user): void
             }
         });
     }
+
+    public function selfUpdateRoles(User $user, SelfUpdateRoles $dto): User
+    {
+        $roleModels = collect();
+        if (!($dto->roles instanceof Optional)) {
+            /** @var Collection<int, Role> $roleModels */
+            $roleModels = Role::query()
+                ->whereIn('id', $dto->roles)
+                ->where('is_joinable', '=', true)
+                ->get();
+
+            if ($roleModels->count() < count($dto->roles)) {
+                throw new ClientException(Exceptions::CLIENT_JOINING_NON_JOINABLE_ROLE);
+            }
+        }
+
+        // @phpstan-ignore-next-line
+        $roleModels = $roleModels->merge($user->roles->filter(fn (Role $role): bool => !$role->is_joinable));
+
+        $user->syncRoles($roleModels);
+
+        return $user;
+    }
 }
diff --git a/database/migrations/2023_09_14_102544_add_is_joinable_columnt_to_roles_table.php b/database/migrations/2023_09_14_102544_add_is_joinable_columnt_to_roles_table.php
@@ -0,0 +1,21 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration {
+    public function up(): void
+    {
+        Schema::table('roles', function (Blueprint $table): void {
+            $table->boolean('is_joinable')->default(false);
+        });
+    }
+
+    public function down(): void
+    {
+        Schema::table('roles', function (Blueprint $table): void {
+            $table->dropColumn('is_joinable');
+        });
+    }
+};
diff --git a/docs/paths/Auth.yml b/docs/paths/Auth.yml
@@ -585,3 +585,23 @@ BillingAddressesParams:
               type: object
     security:
       - BearerAuth: [ ]
+
+SelfUpdateRoles:
+  patch:
+    tags:
+      - Auth
+    summary: 'edit your own roles'
+    requestBody:
+      $ref: './../requests/Auth.yml#/SelfUpdateRoles'
+    responses:
+      200:
+        description: Success
+        content:
+          application/json:
+            schema:
+              properties:
+                data:
+                  $ref: './../schemas/Users.yml#/UserView'
+              type: object
+    security:
+      - BearerAuth: [ ]
diff --git a/docs/paths/Roles.yml b/docs/paths/Roles.yml
@@ -48,6 +48,11 @@ Roles:
           items:
             type: string
             format: uuid
+      - name: is_joinable
+        in: query
+        description: 'Is the user able to self-assign the role'
+        schema:
+          type: boolean
     responses:
       200:
         description: Success

diff --git a/docs/requests/Auth.yml b/docs/requests/Auth.yml
@@ -86,3 +86,15 @@ UpdateProfile:
           preferences:
             $ref: '././../schemas/Auth.yml#/Preferences'
         type: object
+
+SelfUpdateRoles:
+  content:
+    application/json:
+      schema:
+        properties:
+          roles:
+            type: array
+            items:
+              type: string
+              example: '119c0a63-1ea1-4769-8d5f-169f68de5598'
+        type: object