Merge pull request #3694 from devansh-webkul/api_current_user_issue

Fixed auth user can see all users info by id #3657
This commit is contained in:
Jitendra Singh 2020-08-14 12:00:57 +05:30 committed by GitHub
commit 5b05e5744f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 38 additions and 2 deletions

View File

@ -2,12 +2,20 @@
namespace Webkul\API\Http\Controllers\Shop; namespace Webkul\API\Http\Controllers\Shop;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Event; use Illuminate\Support\Facades\Event;
use Webkul\Customer\Repositories\CustomerRepository; use Webkul\Customer\Repositories\CustomerRepository;
use Webkul\Customer\Repositories\CustomerGroupRepository; use Webkul\Customer\Repositories\CustomerGroupRepository;
class CustomerController extends Controller class CustomerController extends Controller
{ {
/**
* Contains current guard
*
* @var array
*/
protected $guard;
/** /**
* Contains route related configuration * Contains route related configuration
* *
@ -40,8 +48,17 @@ class CustomerController extends Controller
CustomerRepository $customerRepository, CustomerRepository $customerRepository,
CustomerGroupRepository $customerGroupRepository CustomerGroupRepository $customerGroupRepository
) { ) {
$this->guard = request()->has('token') ? 'api' : 'customer';
$this->_config = request('_config'); $this->_config = request('_config');
if (isset($this->_config['authorization_required']) && $this->_config['authorization_required']) {
auth()->setDefaultDriver($this->guard);
$this->middleware('auth:' . $this->guard);
}
$this->customerRepository = $customerRepository; $this->customerRepository = $customerRepository;
$this->customerGroupRepository = $customerGroupRepository; $this->customerGroupRepository = $customerGroupRepository;
@ -81,4 +98,23 @@ class CustomerController extends Controller
'message' => 'Your account has been created successfully.', 'message' => 'Your account has been created successfully.',
]); ]);
} }
/**
* Returns a current user data.
*
* @param int $id
* @return \Illuminate\Http\Response
*/
public function get($id)
{
if (Auth::user($this->guard)->id === (int) $id) {
return new $this->_config['resource'](
$this->customerRepository->findOrFail($id)
);
}
return response()->json([
'message' => 'Invalid Request.',
], 403);
}
} }

View File

@ -154,7 +154,7 @@ Route::group(['prefix' => 'api'], function ($router) {
Route::post('customer/register', 'CustomerController@create'); Route::post('customer/register', 'CustomerController@create');
Route::get('customers/{id}', 'ResourceController@get')->defaults('_config', [ Route::get('customers/{id}', 'CustomerController@get')->defaults('_config', [
'repository' => 'Webkul\Customer\Repositories\CustomerRepository', 'repository' => 'Webkul\Customer\Repositories\CustomerRepository',
'resource' => 'Webkul\API\Http\Resources\Customer\Customer', 'resource' => 'Webkul\API\Http\Resources\Customer\Customer',
'authorization_required' => true 'authorization_required' => true