Security update enabling update_nn to edit system details
This commit is contained in:
80
app/Http/Requests/SystemRegisterRequest.php
Normal file
80
app/Http/Requests/SystemRegisterRequest.php
Normal file
@@ -0,0 +1,80 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Requests;
|
||||
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Gate;
|
||||
use Illuminate\Validation\Rule;
|
||||
|
||||
use App\Classes\FTN\Packet;
|
||||
use App\Models\{Setup,System};
|
||||
|
||||
class SystemRegisterRequest extends FormRequest
|
||||
{
|
||||
private System $so;
|
||||
|
||||
/**
|
||||
* Determine if the user is authorized to make this request.
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
public function authorize(Request $request)
|
||||
{
|
||||
if (! $request->post())
|
||||
return TRUE;
|
||||
|
||||
// Cannot claim this site
|
||||
if ($this->route('o')->id === Setup::findOrFail(config('app.id'))->system_id)
|
||||
return FALSE;
|
||||
|
||||
return Gate::allows($this->route('o')->users->count() ? 'update_nn' : 'register',$this->route('o'));
|
||||
}
|
||||
|
||||
public function messages(): array
|
||||
{
|
||||
return [
|
||||
'hold' => 'Must be Yes or No',
|
||||
'pollmode' => 'Must be Hold, Normal or Crash',
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the validation rules that apply to the request.
|
||||
*
|
||||
* If the system exists (POST & action="register" & system_id=<value>), then no validation required
|
||||
* If the system doesnt exist (POST & action="register" & system_id undefined) then we need just a name to start the process (action="create")
|
||||
* Then, full validation
|
||||
* @return array
|
||||
*/
|
||||
public function rules(Request $request)
|
||||
{
|
||||
// When the user first select register/link (get)
|
||||
if (! $request->isMethod('post'))
|
||||
return [];
|
||||
|
||||
$so = $this->route('o');
|
||||
if ((! $so) && ($request->action === 'register'))
|
||||
return [];
|
||||
|
||||
return array_filter(array_merge([
|
||||
'name' => 'required|min:3',
|
||||
'location' => 'required|min:3',
|
||||
'sysop' => 'required|min:3',
|
||||
'phone' => 'nullable|regex:/^([0-9-]+)$/',
|
||||
'address' => 'nullable|regex:/^(?!:\/\/)(?=.{1,255}$)((.{1,63}\.){1,127}(?![0-9]*$)[a-z0-9-]+\.?)$/i',
|
||||
'port' => 'nullable|digits_between:2,5',
|
||||
'method' => 'nullable|numeric',
|
||||
'mailer_details.*' => 'nullable|array',
|
||||
'mailer_details.*.port' => 'nullable|digits_between:2,5',
|
||||
'zt_id' => 'nullable|size:10|regex:/^([A-Fa-f0-9]){10}$/|unique:systems,zt_id,'.($so ? $so->id : 0),
|
||||
'pkt_type' => ['required',Rule::in(array_keys(Packet::PACKET_TYPES))],
|
||||
],($so && $so->exists) ? [
|
||||
'users' => 'nullable|array|min:1|max:2',
|
||||
'active' => 'required|boolean',
|
||||
'hold' => 'sometimes|boolean',
|
||||
'pollmode' => 'required|integer|min:0|max:2',
|
||||
'heartbeat' => 'nullable|integer|min:0|max:48',
|
||||
] : []));
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user