mirror of
https://github.com/InvoiceShelf/InvoiceShelf.git
synced 2026-04-09 14:34:47 +00:00
9432da467e
- Add Administration sidebar section (super-admin only) with Companies, Users, and Global Settings pages - Add super-admin middleware, controllers, and API routes under /api/v1/super-admin/ - Allow super-admins to manage all companies and users across tenants - Add user impersonation with short-lived tokens, audit logging, and UI banner - Move system-level settings (Mail, PDF, Backup, Update, File Disk) from per-company to Administration > Global Settings - Convert save_pdf_to_disk from CompanySetting to global Setting - Add per-company mail configuration overrides (optional, falls back to global) - Add CompanyMailConfigService to apply company mail config before sending emails
102 lines
2.7 KiB
PHP
102 lines
2.7 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Controllers\V1\SuperAdmin;
|
|
|
|
use App\Http\Controllers\Controller;
|
|
use App\Http\Requests\AdminUserUpdateRequest;
|
|
use App\Http\Resources\UserResource;
|
|
use App\Models\ImpersonationLog;
|
|
use App\Models\User;
|
|
use Illuminate\Http\Request;
|
|
use Laravel\Sanctum\PersonalAccessToken;
|
|
|
|
class UsersController extends Controller
|
|
{
|
|
public function index(Request $request)
|
|
{
|
|
$limit = $request->has('limit') ? $request->limit : 10;
|
|
|
|
$users = User::with('companies')
|
|
->applyFilters($request->all())
|
|
->latest()
|
|
->paginate($limit);
|
|
|
|
return UserResource::collection($users);
|
|
}
|
|
|
|
public function show(User $user)
|
|
{
|
|
$user->load('companies');
|
|
|
|
return new UserResource($user);
|
|
}
|
|
|
|
public function update(AdminUserUpdateRequest $request, User $user)
|
|
{
|
|
$data = $request->only(['name', 'email', 'phone']);
|
|
|
|
if ($request->filled('password')) {
|
|
$data['password'] = $request->password;
|
|
}
|
|
|
|
$user->update($data);
|
|
|
|
return new UserResource($user);
|
|
}
|
|
|
|
public function impersonate(Request $request, User $user)
|
|
{
|
|
$admin = $request->user();
|
|
|
|
if ($admin->id === $user->id) {
|
|
return response()->json([
|
|
'error' => 'cannot_impersonate_self',
|
|
'message' => 'You cannot impersonate yourself.',
|
|
], 422);
|
|
}
|
|
|
|
$token = $user->createToken(
|
|
'impersonation-by-'.$admin->id,
|
|
['*'],
|
|
now()->addHours(2),
|
|
);
|
|
|
|
$log = ImpersonationLog::create([
|
|
'admin_id' => $admin->id,
|
|
'user_id' => $user->id,
|
|
'ip_address' => $request->ip(),
|
|
'token_id' => $token->accessToken->id,
|
|
]);
|
|
|
|
return response()->json([
|
|
'token' => $token->plainTextToken,
|
|
'impersonation_log_id' => $log->id,
|
|
'user' => new UserResource($user),
|
|
]);
|
|
}
|
|
|
|
public function stopImpersonating(Request $request)
|
|
{
|
|
$token = $request->user()->currentAccessToken();
|
|
|
|
if ($token instanceof PersonalAccessToken && str_starts_with($token->name, 'impersonation-by-')) {
|
|
$log = ImpersonationLog::where('token_id', $token->id)
|
|
->whereNull('stopped_at')
|
|
->first();
|
|
|
|
if ($log) {
|
|
$log->update(['stopped_at' => now()]);
|
|
}
|
|
|
|
$token->delete();
|
|
|
|
return response()->json(['success' => true]);
|
|
}
|
|
|
|
return response()->json([
|
|
'error' => 'not_impersonating',
|
|
'message' => 'No active impersonation session.',
|
|
], 422);
|
|
}
|
|
}
|