diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php index 6dce5918..314b7eda 100644 --- a/includes/pages/user_myshifts.php +++ b/includes/pages/user_myshifts.php @@ -41,21 +41,7 @@ function user_myshifts() } $shifts_user = User::find($shift_entry_id); - if ($request->has('reset')) { - if ($request->input('reset') == 'ack') { - auth()->resetApiKey($user); - engelsystem_log(sprintf('API key resetted (%s).', User_Nick_render($user, true))); - success(__('Key changed.')); - throw_redirect(url('/users', ['action' => 'view', 'user_id' => $shifts_user->id])); - } - return page_with_title(__('Reset API key'), [ - error( - __('If you reset the key, the url to your iCal- and JSON-export and your atom/rss feed changes! You have to update it in every application using one of these exports.'), - true - ), - button(url('/user-myshifts', ['reset' => 'ack']), __('Continue'), 'btn-danger'), - ]); - } elseif ($request->has('edit') && preg_match('/^\d+$/', $request->input('edit'))) { + if ($request->has('edit') && preg_match('/^\d+$/', $request->input('edit'))) { $shift_entry_id = $request->input('edit'); /** @var ShiftEntry $shiftEntry */ $shiftEntry = ShiftEntry::where('id', $shift_entry_id) diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php index 24c20e5d..1f9d9b6c 100644 --- a/includes/pages/user_shifts.php +++ b/includes/pages/user_shifts.php @@ -374,18 +374,11 @@ function ical_hint() return heading(__('iCal export and API') . ' ' . button_help('user/ical'), 2) . '

' . sprintf( - __('Export your own shifts. iCal format or JSON format available (please keep secret, otherwise reset the api key).'), + __('Export your own shifts formatted as iCal or JSON (please keep the link secret, otherwise you have to reset the api key in your settings).'), url('/ical', ['key' => $user->api_key]), url('/shifts-json-export', ['key' => $user->api_key]), - url('/user-myshifts', ['reset' => 1]) - ) - . ' ' - . '

' - . '

' . $user->api_key . '

'; + url('/settings/api') + ) . '

'; } /** diff --git a/includes/view/User_view.php b/includes/view/User_view.php index ce37df5e..30997af8 100644 --- a/includes/view/User_view.php +++ b/includes/view/User_view.php @@ -677,9 +677,9 @@ function User_view( url('/shifts-json-export', ['key' => $user_source->api_key]), icon('braces') . __('JSON Export') ) : '', - $auth->canAny(['shifts_json_export', 'ical', 'atom']) ? button( - url('/user-myshifts', ['reset' => 1]), - icon('arrow-repeat') . __('Reset API key') + $auth->canAny(['api', 'shifts_json_export', 'ical', 'atom']) ? button( + url('/settings/api'), + icon('arrow-repeat') . __('API Settings') ) : '', ], 'mb-2') : '', ]), diff --git a/resources/lang/de_DE/default.po b/resources/lang/de_DE/default.po index 490be308..4ea239dc 100644 --- a/resources/lang/de_DE/default.po +++ b/resources/lang/de_DE/default.po @@ -761,22 +761,8 @@ msgstr "User bearbeiten" msgid "general.datetime" msgstr "d.m.Y H:i" -msgid "Key changed." -msgstr "Key geändert." - -msgid "Reset API key" -msgstr "API-Key zurücksetzen" - -msgid "" -"If you reset the key, the url to your iCal- and JSON-export and your atom/rss " -"feed changes! You have to update it in every application using one of these " -"exports." -msgstr "" -"Wenn du den API-Key zurücksetzt, ändert sich die URL zu deinem iCal-, JSON-" -"Export und Atom/RSS Feed! Du musst diesen überall ändern, wo er in Benutzung ist." - -msgid "Continue" -msgstr "Fortfahren" +msgid "API Settings" +msgstr "API Einstellungen" msgid "Please enter a freeload comment!" msgstr "Gib bitte einen Schwänz-Kommentar ein!" @@ -846,16 +832,13 @@ msgid "iCal export and API" msgstr "iCal Export und API" msgid "" -"Export your own shifts. iCal format or JSON format available (please keep secret, otherwise reset the api key)." +"Export your own shifts formatted as iCal or " +"JSON (please keep the link secret, otherwise you have to reset the api key " +"in your settings)." msgstr "" -"Exportiere Deine Schichten. iCal Format oder JSON Format verfügbar (Link bitte geheimhalten, sonst API-Key zurücksetzen)." - -msgid "Show API Key" -msgstr "API Key anzeigen" +"Exportiere Deine Schichten im iCal oder JSON Format (Link bitte geheimhalten, sonst musst du den API-Key in " +"deinen Einstellungen zurücksetzen)." msgid "All" msgstr "Alle" @@ -1814,9 +1797,12 @@ msgstr "API" msgid "settings.api.about" msgstr "" -"Die API erlaubt es dir, über externe Programme, mit dem Engelsystem zu interagieren. " +"Die API erlaubt es dir, über externe Programme, mit dem %s zu interagieren. " "Sie ist noch nicht vollständig, wir arbeiten aber daran sie zu erweitern.\n" -"Der API Einstiegspunkt befindet sich unter `%s` und ist in der [OpenAPI Spezifikation](%s) beschrieben.\n" +"Der Einstiegspunkt der API befindet sich unter `%s` und ist in der [OpenAPI Spezifikation](%s) beschrieben.\n" + +msgid "settings.api.about.warning" +msgstr "" "Teile deinen persönlichen API Key mit niemandem, er erlaubt es deine persönlichen Daten einzusehen " "und Änderungen in deinem Namen durch zu führen!" diff --git a/resources/lang/en_US/default.po b/resources/lang/en_US/default.po index e1776171..a98c0b1b 100644 --- a/resources/lang/en_US/default.po +++ b/resources/lang/en_US/default.po @@ -516,11 +516,14 @@ msgstr "API" msgid "settings.api.about" msgstr "" -"The API allows you to interact with the Engelsystem by using external programs. " +"The API allows you to interact with the %s by using external programs. " "It's not complete but we are working on extending it.\n" -"The API endpoint is located at `%s` and described in the [OpenAPI specification](%s).\n" +"The endpoint of the API is located at `%s` and described in the [OpenAPI specification](%s).\n" + +msgid "settings.api.about.warning" +msgstr "" "Don't share your personal API key with anyone as it can be used to view your personal data " -"and do changes your behalf!" +"and do changes on your behalf!" msgid "settings.api.shifts_json_show" msgstr "Show JSON shifts export" diff --git a/resources/views/pages/settings/api.twig b/resources/views/pages/settings/api.twig index 0dd33487..70e24893 100644 --- a/resources/views/pages/settings/api.twig +++ b/resources/views/pages/settings/api.twig @@ -50,7 +50,10 @@ {{ csrf() }} {{ f.submit( __('settings.api.key_reset'), - { 'size': 'sm', 'icon_left': 'arrow-repeat', 'confirm_text': __('settings.api.key_reset_confirm') } + { + 'size': 'sm', 'btn_type': 'danger', + 'icon_left': 'arrow-repeat', 'confirm_text': __('settings.api.key_reset_confirm') + } ) }} @@ -77,9 +80,13 @@ {% if has_permission_to('atom') %}

{{ url('/atom', {'key': user.api_key}) }} - {{ url('/atom', {'meetings': 1, 'key': user.api_key}) }} - {{ url('/rss', {'key': user.api_key}) }} - {{ url('/rss', {'meetings': 1, 'key': user.api_key}) }} + {% if has_permission_to('user_meetings') %} +
{{ url('/atom', {'meetings': 1, 'key': user.api_key}) }} + {% endif %} +
{{ url('/rss', {'key': user.api_key}) }} + {% if has_permission_to('user_meetings') %} +
{{ url('/rss', {'meetings': 1, 'key': user.api_key}) }} + {% endif %}

{% endif %} @@ -88,7 +95,15 @@
- {{ __('settings.api.about', [url('/api/v0-beta'), url('/api/v0-beta/openapi')])|markdown|nl2br }} + {% if has_permission_to('api') %} + {{ __('settings.api.about', [ + config('app_name'), + url('/api/v0-beta'), + url('/api/v0-beta/openapi') + ])|markdown|nl2br }} + {% endif %} + + {{ __('settings.api.about.warning')|markdown|nl2br }}
diff --git a/src/Controllers/SettingsController.php b/src/Controllers/SettingsController.php index 908e39b5..bb11ec19 100644 --- a/src/Controllers/SettingsController.php +++ b/src/Controllers/SettingsController.php @@ -23,8 +23,8 @@ class SettingsController extends BaseController /** @var string[] */ protected array $permissions = [ 'user_settings', - 'api' => 'api', - 'apiKeyReset' => 'api', + 'api' => 'api||shifts_json_export||ical||atom', + 'apiKeyReset' => 'api||shifts_json_export||ical||atom', ]; public function __construct( @@ -414,7 +414,7 @@ class SettingsController extends BaseController $menu[url('/settings/oauth')] = ['title' => 'settings.oauth', 'hidden' => $this->checkOauthHidden()]; } - if ($this->auth->can('api')) { + if ($this->auth->canAny(['api', 'shifts_json_export', 'ical', 'atom'])) { $menu[url('/settings/api')] = ['title' => 'settings.api', 'icon' => 'braces']; } diff --git a/tests/Unit/Controllers/SettingsControllerTest.php b/tests/Unit/Controllers/SettingsControllerTest.php index 484b45a5..92a63e4b 100644 --- a/tests/Unit/Controllers/SettingsControllerTest.php +++ b/tests/Unit/Controllers/SettingsControllerTest.php @@ -1065,7 +1065,7 @@ class SettingsControllerTest extends ControllerTest */ public function testSettingsMenuApi(): void { - $this->setExpects($this->auth, 'can', ['api'], true, $this->atLeastOnce()); + $this->setExpects($this->auth, 'canAny', null, true, $this->atLeastOnce()); $menu = $this->controller->settingsMenu(); $this->assertArrayHasKey('http://localhost/settings/profile', $menu);