From e0b2dc043a793c2a65ffbee3bf263082a0f6adab Mon Sep 17 00:00:00 2001 From: Ivan Nieto Vivanco Date: Thu, 2 Mar 2023 11:13:56 -0600 Subject: [PATCH 1/5] Adds try/catch to users API --- app/Http/Controllers/Api/UsersController.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/app/Http/Controllers/Api/UsersController.php b/app/Http/Controllers/Api/UsersController.php index 734125ff3..17a3abdb4 100644 --- a/app/Http/Controllers/Api/UsersController.php +++ b/app/Http/Controllers/Api/UsersController.php @@ -452,10 +452,18 @@ class UsersController extends Controller // Check if the request has groups passed and has a value if ($request->filled('groups')) { - $user->groups()->sync($request->input('groups')); + try{ + $user->groups()->sync($request->input('groups')); + } catch (\Exception $exception){ + return response()->json(Helper::formatStandardApiResponse('error', null, $exception)); + } // The groups field has been passed but it is null, so we should blank it out } elseif ($request->has('groups')) { - $user->groups()->sync([]); + try{ + $user->groups()->sync([]); + } catch (\Exception $exception){ + return response()->json(Helper::formatStandardApiResponse('error', null, $exception)); + } } From 95f568b93414cc58469eac5bfb66df3d7fba14bb Mon Sep 17 00:00:00 2001 From: Ivan Nieto Vivanco Date: Thu, 2 Mar 2023 19:50:47 -0600 Subject: [PATCH 2/5] Remove unnecessary try/catch --- app/Http/Controllers/Api/UsersController.php | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/app/Http/Controllers/Api/UsersController.php b/app/Http/Controllers/Api/UsersController.php index 17a3abdb4..043d1761c 100644 --- a/app/Http/Controllers/Api/UsersController.php +++ b/app/Http/Controllers/Api/UsersController.php @@ -459,11 +459,7 @@ class UsersController extends Controller } // The groups field has been passed but it is null, so we should blank it out } elseif ($request->has('groups')) { - try{ - $user->groups()->sync([]); - } catch (\Exception $exception){ - return response()->json(Helper::formatStandardApiResponse('error', null, $exception)); - } + $user->groups()->sync([]); } From e4204a6dd190d680a6cb0c9d6f9286cf035609a5 Mon Sep 17 00:00:00 2001 From: Ivan Nieto Vivanco Date: Mon, 13 Mar 2023 15:49:05 -0600 Subject: [PATCH 3/5] Adds validator to PATCH request in the API UsersController --- app/Http/Controllers/Api/UsersController.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/app/Http/Controllers/Api/UsersController.php b/app/Http/Controllers/Api/UsersController.php index 043d1761c..623815ff4 100644 --- a/app/Http/Controllers/Api/UsersController.php +++ b/app/Http/Controllers/Api/UsersController.php @@ -20,6 +20,7 @@ use Auth; use Illuminate\Http\Request; use App\Http\Requests\ImageUploadRequest; use Illuminate\Support\Facades\Storage; +use Illuminate\Support\Facades\Validator; class UsersController extends Controller { @@ -452,11 +453,12 @@ class UsersController extends Controller // Check if the request has groups passed and has a value if ($request->filled('groups')) { - try{ - $user->groups()->sync($request->input('groups')); - } catch (\Exception $exception){ - return response()->json(Helper::formatStandardApiResponse('error', null, $exception)); - } + $validator = Validator::make($request->input('groups'), [ + 'groups' => 'array', + 'groups.*' => 'integer', + ]); + + $user->groups()->sync($request->input('groups')); // The groups field has been passed but it is null, so we should blank it out } elseif ($request->has('groups')) { $user->groups()->sync([]); From e7b3daa80cd40a154c476c65da59563e628a0008 Mon Sep 17 00:00:00 2001 From: Ivan Nieto Vivanco Date: Mon, 13 Mar 2023 16:10:08 -0600 Subject: [PATCH 4/5] Adjust validator to only receive valid groups id's --- app/Http/Controllers/Api/UsersController.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/app/Http/Controllers/Api/UsersController.php b/app/Http/Controllers/Api/UsersController.php index 623815ff4..818472199 100644 --- a/app/Http/Controllers/Api/UsersController.php +++ b/app/Http/Controllers/Api/UsersController.php @@ -453,11 +453,14 @@ class UsersController extends Controller // Check if the request has groups passed and has a value if ($request->filled('groups')) { - $validator = Validator::make($request->input('groups'), [ - 'groups' => 'array', - 'groups.*' => 'integer', + $validator = Validator::make($request->all(), [ + 'groups' => 'integer|exists:permission_groups,id', + 'groups.*' => 'integer|exists:permission_groups,id', ]); - + + if ($validator->fails()){ + return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors())); + } $user->groups()->sync($request->input('groups')); // The groups field has been passed but it is null, so we should blank it out } elseif ($request->has('groups')) { From d224f3177e301f393f0deb04f2f52129d83cfbfd Mon Sep 17 00:00:00 2001 From: Ivan Nieto Vivanco Date: Mon, 13 Mar 2023 16:43:10 -0600 Subject: [PATCH 5/5] Delete a rule that was breaking validation --- app/Http/Controllers/Api/UsersController.php | 1 - 1 file changed, 1 deletion(-) diff --git a/app/Http/Controllers/Api/UsersController.php b/app/Http/Controllers/Api/UsersController.php index 818472199..0ce19e2cb 100644 --- a/app/Http/Controllers/Api/UsersController.php +++ b/app/Http/Controllers/Api/UsersController.php @@ -454,7 +454,6 @@ class UsersController extends Controller // Check if the request has groups passed and has a value if ($request->filled('groups')) { $validator = Validator::make($request->all(), [ - 'groups' => 'integer|exists:permission_groups,id', 'groups.*' => 'integer|exists:permission_groups,id', ]);