kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-09-30 10:33:30 +00:00
Code Issues Projects Releases Wiki Activity

Disable attachment API for demo users

Browse Source
This commit is contained in:
James Cole
2023-12-30 12:54:21 +01:00
parent d777a1f2b8
commit 2e5bc750d1
8 changed files with 60 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
.ci/php-cs-fixer/composer.lock generated
View File

@@ -226,16 +226,16 @@
}, },
{ {
"name": "friendsofphp/php-cs-fixer", "name": "friendsofphp/php-cs-fixer",
"version": "v3.43.1", "version": "v3.45.0",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/PHP-CS-Fixer/PHP-CS-Fixer.git", "url": "https://github.com/PHP-CS-Fixer/PHP-CS-Fixer.git",
"reference": "91c0b47216aa43b09656b4d99aa9dade2f3ad8fc" "reference": "c0daa33cb2533cd73f48dde1c70c2afa3e7953b5"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/PHP-CS-Fixer/PHP-CS-Fixer/zipball/91c0b47216aa43b09656b4d99aa9dade2f3ad8fc", "url": "https://api.github.com/repos/PHP-CS-Fixer/PHP-CS-Fixer/zipball/c0daa33cb2533cd73f48dde1c70c2afa3e7953b5",
"reference": "91c0b47216aa43b09656b4d99aa9dade2f3ad8fc", "reference": "c0daa33cb2533cd73f48dde1c70c2afa3e7953b5",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@@ -304,7 +304,7 @@
], ],
"support": { "support": {
"issues": "https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/issues", "issues": "https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/issues",
"source": "https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/tree/v3.43.1" "source": "https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/tree/v3.45.0"
}, },
"funding": [ "funding": [
{ {
@@ -312,7 +312,7 @@
"type": "github" "type": "github"
} }
], ],
"time": "2023-12-29T09:42:16+00:00" "time": "2023-12-30T02:07:07+00:00"
}, },
{ {
"name": "psr/container", "name": "psr/container",

8
app/Api/V1/Controllers/Models/Attachment/DestroyController.php
View File

@@ -29,6 +29,8 @@ use FireflyIII\Models\Attachment;
use FireflyIII\Repositories\Attachment\AttachmentRepositoryInterface; use FireflyIII\Repositories\Attachment\AttachmentRepositoryInterface;
use FireflyIII\User; use FireflyIII\User;
use Illuminate\Http\JsonResponse; use Illuminate\Http\JsonResponse;
use Illuminate\Support\Facades\Log;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
/** /**
* Class DestroyController * Class DestroyController
@@ -64,6 +66,12 @@ class DestroyController extends Controller
*/ */
public function destroy(Attachment $attachment): JsonResponse public function destroy(Attachment $attachment): JsonResponse
{ {
if(true === auth()->user()->hasRole('demo')) {
Log::channel('audit')->info(sprintf('Demo user tries to access attachment API in %s', __METHOD__));
throw new NotFoundHttpException();
}
$this->repository->destroy($attachment); $this->repository->destroy($attachment);
app('preferences')->mark(); app('preferences')->mark();

18
app/Api/V1/Controllers/Models/Attachment/ShowController.php
View File

@@ -33,9 +33,11 @@ use FireflyIII\User;
use Illuminate\Http\JsonResponse; use Illuminate\Http\JsonResponse;
use Illuminate\Http\Response as LaravelResponse; use Illuminate\Http\Response as LaravelResponse;
use Illuminate\Pagination\LengthAwarePaginator; use Illuminate\Pagination\LengthAwarePaginator;
use Illuminate\Support\Facades\Log;
use League\Fractal\Pagination\IlluminatePaginatorAdapter; use League\Fractal\Pagination\IlluminatePaginatorAdapter;
use League\Fractal\Resource\Collection as FractalCollection; use League\Fractal\Resource\Collection as FractalCollection;
use League\Fractal\Resource\Item; use League\Fractal\Resource\Item;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
/** /**
* Class ShowController * Class ShowController
@@ -73,6 +75,11 @@ class ShowController extends Controller
*/ */
public function download(Attachment $attachment): LaravelResponse public function download(Attachment $attachment): LaravelResponse
{ {
if(true === auth()->user()->hasRole('demo')) {
Log::channel('audit')->info(sprintf('Demo user tries to access attachment API in %s', __METHOD__));
throw new NotFoundHttpException();
}
if (false === $attachment->uploaded) { if (false === $attachment->uploaded) {
throw new FireflyException('200000: File has not been uploaded (yet).'); throw new FireflyException('200000: File has not been uploaded (yet).');
} }
@@ -116,6 +123,12 @@ class ShowController extends Controller
*/ */
public function index(): JsonResponse public function index(): JsonResponse
{ {
if(true === auth()->user()->hasRole('demo')) {
Log::channel('audit')->info(sprintf('Demo user tries to access attachment API in %s', __METHOD__));
throw new NotFoundHttpException();
}
$manager = $this->getManager(); $manager = $this->getManager();
// types to get, page size: // types to get, page size:
@@ -148,6 +161,11 @@ class ShowController extends Controller
*/ */
public function show(Attachment $attachment): JsonResponse public function show(Attachment $attachment): JsonResponse
{ {
if(true === auth()->user()->hasRole('demo')) {
Log::channel('audit')->info(sprintf('Demo user tries to access attachment API in %s', __METHOD__));
throw new NotFoundHttpException();
}
$manager = $this->getManager(); $manager = $this->getManager();
/** @var AttachmentTransformer $transformer */ /** @var AttachmentTransformer $transformer */

13
app/Api/V1/Controllers/Models/Attachment/StoreController.php
View File

@@ -34,7 +34,9 @@ use FireflyIII\Transformers\AttachmentTransformer;
use FireflyIII\User; use FireflyIII\User;
use Illuminate\Http\JsonResponse; use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Support\Facades\Log;
use League\Fractal\Resource\Item; use League\Fractal\Resource\Item;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
/** /**
* Class StoreController * Class StoreController
@@ -72,6 +74,11 @@ class StoreController extends Controller
*/ */
public function store(StoreRequest $request): JsonResponse public function store(StoreRequest $request): JsonResponse
{ {
if(true === auth()->user()->hasRole('demo')) {
Log::channel('audit')->info(sprintf('Demo user tries to access attachment API in %s', __METHOD__));
throw new NotFoundHttpException();
}
app('log')->debug(sprintf('Now in %s', __METHOD__)); app('log')->debug(sprintf('Now in %s', __METHOD__));
$data = $request->getAll(); $data = $request->getAll();
$attachment = $this->repository->store($data); $attachment = $this->repository->store($data);
@@ -91,6 +98,12 @@ class StoreController extends Controller
*/ */
public function upload(Request $request, Attachment $attachment): JsonResponse public function upload(Request $request, Attachment $attachment): JsonResponse
{ {
if(true === auth()->user()->hasRole('demo')) {
Log::channel('audit')->info(sprintf('Demo user tries to access attachment API in %s', __METHOD__));
throw new NotFoundHttpException();
}
/** @var AttachmentHelperInterface $helper */ /** @var AttachmentHelperInterface $helper */
$helper = app(AttachmentHelperInterface::class); $helper = app(AttachmentHelperInterface::class);
$body = $request->getContent(); $body = $request->getContent();

7
app/Api/V1/Controllers/Models/Attachment/UpdateController.php
View File

@@ -31,7 +31,9 @@ use FireflyIII\Repositories\Attachment\AttachmentRepositoryInterface;
use FireflyIII\Transformers\AttachmentTransformer; use FireflyIII\Transformers\AttachmentTransformer;
use FireflyIII\User; use FireflyIII\User;
use Illuminate\Http\JsonResponse; use Illuminate\Http\JsonResponse;
use Illuminate\Support\Facades\Log;
use League\Fractal\Resource\Item; use League\Fractal\Resource\Item;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
/** /**
* Class UpdateController * Class UpdateController
@@ -67,6 +69,11 @@ class UpdateController extends Controller
*/ */
public function update(UpdateRequest $request, Attachment $attachment): JsonResponse public function update(UpdateRequest $request, Attachment $attachment): JsonResponse
{ {
if(true === auth()->user()->hasRole('demo')) {
Log::channel('audit')->info(sprintf('Demo user tries to access attachment API in %s', __METHOD__));
throw new NotFoundHttpException();
}
$data = $request->getAll(); $data = $request->getAll();
$this->repository->update($attachment, $data); $this->repository->update($attachment, $data);
$manager = $this->getManager(); $manager = $this->getManager();

7
app/Repositories/Tag/OperationsRepository.php
View File

@@ -160,13 +160,14 @@ class OperationsRepository implements OperationsRepositoryInterface
// may have multiple tags: // may have multiple tags:
foreach ($journal['tags'] as $tag) { foreach ($journal['tags'] as $tag) {
if(!in_array($tagId, $tagIds, true)) {
continue;
}
$tagId = (int)$tag['id']; $tagId = (int)$tag['id'];
$tagName = (string)$tag['name']; $tagName = (string)$tag['name'];
$journalId = (int)$journal['transaction_journal_id']; $journalId = (int)$journal['transaction_journal_id'];
if(!in_array($tagId, $tagIds, true)) {
continue;
}
if (in_array($journalId, $listedJournals, true)) { if (in_array($journalId, $listedJournals, true)) {
continue; continue;
} }

3
app/Services/Webhook/StandardWebhookSender.php
View File

@@ -29,6 +29,7 @@ use FireflyIII\Models\WebhookAttempt;
use FireflyIII\Models\WebhookMessage; use FireflyIII\Models\WebhookMessage;
use GuzzleHttp\Client; use GuzzleHttp\Client;
use GuzzleHttp\Exception\ConnectException; use GuzzleHttp\Exception\ConnectException;
use GuzzleHttp\Exception\GuzzleException;
use GuzzleHttp\Exception\RequestException; use GuzzleHttp\Exception\RequestException;
/** /**
@@ -45,7 +46,7 @@ class StandardWebhookSender implements WebhookSenderInterface
} }
/** /**
* @throws \GuzzleHttp\Exception\GuzzleException * @throws GuzzleException
* *
* @SuppressWarnings(PHPMD.ExcessiveMethodLength) * @SuppressWarnings(PHPMD.ExcessiveMethodLength)
*/ */

3
app/Transformers/V2/BillTransformer.php
View File

@@ -25,6 +25,7 @@ namespace FireflyIII\Transformers\V2;
use Carbon\Carbon; use Carbon\Carbon;
use Carbon\CarbonInterface; use Carbon\CarbonInterface;
use FireflyIII\Exceptions\FireflyException;
use FireflyIII\Models\Bill; use FireflyIII\Models\Bill;
use FireflyIII\Models\Note; use FireflyIII\Models\Note;
use FireflyIII\Models\ObjectGroup; use FireflyIII\Models\ObjectGroup;
@@ -49,7 +50,7 @@ class BillTransformer extends AbstractTransformer
private array $paidDates; private array $paidDates;
/** /**
* @throws \FireflyIII\Exceptions\FireflyException * @throws FireflyException
* *
* @SuppressWarnings(PHPMD.ExcessiveMethodLength) * @SuppressWarnings(PHPMD.ExcessiveMethodLength)
*/ */