Use settings page for API key resets
This commit is contained in:
Igor Scheller
xuwhite
parent
87f7a74f27
commit
e514685444
|
|
@ -41,21 +41,7 @@ function user_myshifts()
|
|||
}
|
||||
|
||||
$shifts_user = User::find($shift_entry_id);
|
||||
if ($request->has('reset')) {
|
||||
if ($request->input('reset') == 'ack') {
|
||||
auth()->resetApiKey($user);
|
||||
engelsystem_log(sprintf('API key resetted (%s).', User_Nick_render($user, true)));
|
||||
success(__('Key changed.'));
|
||||
throw_redirect(url('/users', ['action' => 'view', 'user_id' => $shifts_user->id]));
|
||||
}
|
||||
return page_with_title(__('Reset API key'), [
|
||||
error(
|
||||
__('If you reset the key, the url to your iCal- and JSON-export and your atom/rss feed changes! You have to update it in every application using one of these exports.'),
|
||||
true
|
||||
),
|
||||
button(url('/user-myshifts', ['reset' => 'ack']), __('Continue'), 'btn-danger'),
|
||||
]);
|
||||
} elseif ($request->has('edit') && preg_match('/^\d+$/', $request->input('edit'))) {
|
||||
if ($request->has('edit') && preg_match('/^\d+$/', $request->input('edit'))) {
|
||||
$shift_entry_id = $request->input('edit');
|
||||
/** @var ShiftEntry $shiftEntry */
|
||||
$shiftEntry = ShiftEntry::where('id', $shift_entry_id)
|
||||
|
|
|
|||
|
|
@ -374,18 +374,11 @@ function ical_hint()
|
|||
|
||||
return heading(__('iCal export and API') . ' ' . button_help('user/ical'), 2)
|
||||
. '<p>' . sprintf(
|
||||
__('Export your own shifts. <a href="%s" target="_blank">iCal format</a> or <a href="%s" target="_blank">JSON format</a> available (please keep secret, otherwise <a href="%s">reset the api key</a>).'),
|
||||
__('Export your own shifts formatted as <a href="%s" target="_blank">iCal</a> or <a href="%s" target="_blank">JSON</a> (please keep the link secret, otherwise you have to reset the api key <a href="%s">in your settings</a>).'),
|
||||
url('/ical', ['key' => $user->api_key]),
|
||||
url('/shifts-json-export', ['key' => $user->api_key]),
|
||||
url('/user-myshifts', ['reset' => 1])
|
||||
)
|
||||
. ' <button class="btn btn-sm btn-danger" type="button"
|
||||
data-bs-toggle="collapse" data-bs-target="#collapseApiKey"
|
||||
aria-expanded="false" aria-controls="collapseApiKey">
|
||||
' . __('Show API Key') . '
|
||||
</button>'
|
||||
. '</p>'
|
||||
. '<p id="collapseApiKey" class="collapse"><code>' . $user->api_key . '</code></p>';
|
||||
url('/settings/api')
|
||||
) . '</p>';
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -677,9 +677,9 @@ function User_view(
|
|||
url('/shifts-json-export', ['key' => $user_source->api_key]),
|
||||
icon('braces') . __('JSON Export')
|
||||
) : '',
|
||||
$auth->canAny(['shifts_json_export', 'ical', 'atom']) ? button(
|
||||
url('/user-myshifts', ['reset' => 1]),
|
||||
icon('arrow-repeat') . __('Reset API key')
|
||||
$auth->canAny(['api', 'shifts_json_export', 'ical', 'atom']) ? button(
|
||||
url('/settings/api'),
|
||||
icon('arrow-repeat') . __('API Settings')
|
||||
) : '',
|
||||
], 'mb-2') : '',
|
||||
]),
|
||||
|
|
|
|||
|
|
@ -761,22 +761,8 @@ msgstr "User bearbeiten"
|
|||
msgid "general.datetime"
|
||||
msgstr "d.m.Y H:i"
|
||||
|
||||
msgid "Key changed."
|
||||
msgstr "Key geändert."
|
||||
|
||||
msgid "Reset API key"
|
||||
msgstr "API-Key zurücksetzen"
|
||||
|
||||
msgid ""
|
||||
"If you reset the key, the url to your iCal- and JSON-export and your atom/rss "
|
||||
"feed changes! You have to update it in every application using one of these "
|
||||
"exports."
|
||||
msgstr ""
|
||||
"Wenn du den API-Key zurücksetzt, ändert sich die URL zu deinem iCal-, JSON-"
|
||||
"Export und Atom/RSS Feed! Du musst diesen überall ändern, wo er in Benutzung ist."
|
||||
|
||||
msgid "Continue"
|
||||
msgstr "Fortfahren"
|
||||
msgid "API Settings"
|
||||
msgstr "API Einstellungen"
|
||||
|
||||
msgid "Please enter a freeload comment!"
|
||||
msgstr "Gib bitte einen Schwänz-Kommentar ein!"
|
||||
|
|
@ -846,16 +832,13 @@ msgid "iCal export and API"
|
|||
msgstr "iCal Export und API"
|
||||
|
||||
msgid ""
|
||||
"Export your own shifts. <a href=\"%s\" target=\"_blank\">iCal format</a> or <a href=\"%s"
|
||||
"\" target=\"_blank\">JSON format</a> available (please keep secret, otherwise <a href=\"%s"
|
||||
"\">reset the api key</a>)."
|
||||
"Export your own shifts formatted as <a href=\"%s\" target=\"_blank\">iCal</a> or "
|
||||
"<a href=\"%s\" target=\"_blank\">JSON</a> (please keep the link secret, otherwise you have to reset the api key "
|
||||
"<a href=\"%s\">in your settings</a>)."
|
||||
msgstr ""
|
||||
"Exportiere Deine Schichten. <a href=\"%s\" target=\"_blank\">iCal Format</a> oder <a href=\"%s"
|
||||
"\" target=\"_blank\">JSON Format</a> verfügbar (Link bitte geheimhalten, sonst <a href=\"%s"
|
||||
"\">API-Key zurücksetzen</a>)."
|
||||
|
||||
msgid "Show API Key"
|
||||
msgstr "API Key anzeigen"
|
||||
"Exportiere Deine Schichten im <a href=\"%s\" target=\"_blank\">iCal</a> oder <a href=\"%s"
|
||||
"\" target=\"_blank\">JSON</a> Format (Link bitte geheimhalten, sonst musst du den API-Key in "
|
||||
"<a href=\"%s\">deinen Einstellungen</a> zurücksetzen)."
|
||||
|
||||
msgid "All"
|
||||
msgstr "Alle"
|
||||
|
|
@ -1814,9 +1797,12 @@ msgstr "API"
|
|||
|
||||
msgid "settings.api.about"
|
||||
msgstr ""
|
||||
"Die API erlaubt es dir, über externe Programme, mit dem Engelsystem zu interagieren. "
|
||||
"Die API erlaubt es dir, über externe Programme, mit dem %s zu interagieren. "
|
||||
"Sie ist noch nicht vollständig, wir arbeiten aber daran sie zu erweitern.\n"
|
||||
"Der API Einstiegspunkt befindet sich unter `%s` und ist in der [OpenAPI Spezifikation](%s) beschrieben.\n"
|
||||
"Der Einstiegspunkt der API befindet sich unter `%s` und ist in der [OpenAPI Spezifikation](%s) beschrieben.\n"
|
||||
|
||||
msgid "settings.api.about.warning"
|
||||
msgstr ""
|
||||
"Teile deinen persönlichen API Key mit niemandem, er erlaubt es deine persönlichen Daten einzusehen "
|
||||
"und Änderungen in deinem Namen durch zu führen!"
|
||||
|
||||
|
|
|
|||
|
|
@ -516,11 +516,14 @@ msgstr "API"
|
|||
|
||||
msgid "settings.api.about"
|
||||
msgstr ""
|
||||
"The API allows you to interact with the Engelsystem by using external programs. "
|
||||
"The API allows you to interact with the %s by using external programs. "
|
||||
"It's not complete but we are working on extending it.\n"
|
||||
"The API endpoint is located at `%s` and described in the [OpenAPI specification](%s).\n"
|
||||
"The endpoint of the API is located at `%s` and described in the [OpenAPI specification](%s).\n"
|
||||
|
||||
msgid "settings.api.about.warning"
|
||||
msgstr ""
|
||||
"Don't share your personal API key with anyone as it can be used to view your personal data "
|
||||
"and do changes your behalf!"
|
||||
"and do changes on your behalf!"
|
||||
|
||||
msgid "settings.api.shifts_json_show"
|
||||
msgstr "Show JSON shifts export"
|
||||
|
|
|
|||
|
|
@ -50,7 +50,10 @@
|
|||
{{ csrf() }}
|
||||
{{ f.submit(
|
||||
__('settings.api.key_reset'),
|
||||
{ 'size': 'sm', 'icon_left': 'arrow-repeat', 'confirm_text': __('settings.api.key_reset_confirm') }
|
||||
{
|
||||
'size': 'sm', 'btn_type': 'danger',
|
||||
'icon_left': 'arrow-repeat', 'confirm_text': __('settings.api.key_reset_confirm')
|
||||
}
|
||||
) }}
|
||||
</form>
|
||||
|
||||
|
|
@ -77,9 +80,13 @@
|
|||
{% if has_permission_to('atom') %}
|
||||
<p id="news_hide" class="collapse" data-bs-parent="#exports_hide">
|
||||
<code>{{ url('/atom', {'key': user.api_key}) }}</code>
|
||||
<code>{{ url('/atom', {'meetings': 1, 'key': user.api_key}) }}</code>
|
||||
<code>{{ url('/rss', {'key': user.api_key}) }}</code>
|
||||
<code>{{ url('/rss', {'meetings': 1, 'key': user.api_key}) }}</code>
|
||||
{% if has_permission_to('user_meetings') %}
|
||||
<br><code>{{ url('/atom', {'meetings': 1, 'key': user.api_key}) }}</code>
|
||||
{% endif %}
|
||||
<br><code>{{ url('/rss', {'key': user.api_key}) }}</code>
|
||||
{% if has_permission_to('user_meetings') %}
|
||||
<br><code>{{ url('/rss', {'meetings': 1, 'key': user.api_key}) }}</code>
|
||||
{% endif %}
|
||||
</p>
|
||||
{% endif %}
|
||||
|
||||
|
|
@ -88,7 +95,15 @@
|
|||
|
||||
<div class="row">
|
||||
<div class="col-md-12">
|
||||
{{ __('settings.api.about', [url('/api/v0-beta'), url('/api/v0-beta/openapi')])|markdown|nl2br }}
|
||||
{% if has_permission_to('api') %}
|
||||
{{ __('settings.api.about', [
|
||||
config('app_name'),
|
||||
url('/api/v0-beta'),
|
||||
url('/api/v0-beta/openapi')
|
||||
])|markdown|nl2br }}
|
||||
{% endif %}
|
||||
|
||||
{{ __('settings.api.about.warning')|markdown|nl2br }}
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
|
|
|||
|
|
@ -23,8 +23,8 @@ class SettingsController extends BaseController
|
|||
/** @var string[] */
|
||||
protected array $permissions = [
|
||||
'user_settings',
|
||||
'api' => 'api',
|
||||
'apiKeyReset' => 'api',
|
||||
'api' => 'api||shifts_json_export||ical||atom',
|
||||
'apiKeyReset' => 'api||shifts_json_export||ical||atom',
|
||||
];
|
||||
|
||||
public function __construct(
|
||||
|
|
@ -414,7 +414,7 @@ class SettingsController extends BaseController
|
|||
$menu[url('/settings/oauth')] = ['title' => 'settings.oauth', 'hidden' => $this->checkOauthHidden()];
|
||||
}
|
||||
|
||||
if ($this->auth->can('api')) {
|
||||
if ($this->auth->canAny(['api', 'shifts_json_export', 'ical', 'atom'])) {
|
||||
$menu[url('/settings/api')] = ['title' => 'settings.api', 'icon' => 'braces'];
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1065,7 +1065,7 @@ class SettingsControllerTest extends ControllerTest
|
|||
*/
|
||||
public function testSettingsMenuApi(): void
|
||||
{
|
||||
$this->setExpects($this->auth, 'can', ['api'], true, $this->atLeastOnce());
|
||||
$this->setExpects($this->auth, 'canAny', null, true, $this->atLeastOnce());
|
||||
|
||||
$menu = $this->controller->settingsMenu();
|
||||
$this->assertArrayHasKey('http://localhost/settings/profile', $menu);
|
||||
|
|
|
|||
Loading…
Reference in New Issue