app/Http/Requests/TwoFactorManagementRequest.php

<?php
/**
 * TwoFactorManagementRequest.php
 *
 * -Description-
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 *
 * @link       https://www.librenms.org
 *
 * @copyright  2018 Tony Murray
 * @author     Tony Murray <murraytony@gmail.com>
 */

namespace App\Http\Requests;

use Illuminate\Foundation\Http\FormRequest;

class TwoFactorManagementRequest extends FormRequest
{
    public function rules(): array
    {
        return [];
    }

    public function authorize(): bool
    {
        $user = $this->route()->parameter('user');
        $auth_user = auth()->user();

        // don't allow admins to bypass security for themselves
        return $auth_user->isAdmin() && ! $auth_user->is($user);
    }
}
New User Management (#9348) * Rewrite user management. Error management Revert edituser legacy page Connect user permissions button to legacy page for now. Implement user creation Refine form Remove PingCheck.php accidental add :) Fixes for redirection and deletion More fixes: realname accidental validation setting, hide can modify for read-only auths Use a panel to improve style Add icon to panel-title Not allowed to delete own user (at least via the click of a button) Use request validation to reduce complexity of controller. Improve protection against users doing things they should not. Switch to horizontal form and not nearly as wide of layout :) delete without refresh. Fix for buttons Include all users (not just from this auth) Hide the auth column if there is only one auth type Show username if real name isn't set Don't allow creation of demo users via the webui a fix to the lnms user:add command, it didn't set auth_id update edituser.inc.php to current just redirect to users page * Remove TwoFactorTest for now * Update edituser.inc.php * Update .env.dusk.testing * Enable 2fa for 2fa test... 2019-04-22 19:01:39 -05:00			`<?php`
			`/**`
			`* TwoFactorManagementRequest.php`
			`*`
			`* -Description-`
			`*`
			`* This program is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU General Public License as published by`
			`* the Free Software Foundation, either version 3 of the License, or`
			`* (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the`
			`* GNU General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU General Public License`
Swich links to https (#12511) * Switch librenms links to https * Convert librenms links in comments * Switch gnu.org url to https * switch php urls to https 2021-02-09 00:29:04 +01:00			`* along with this program. If not, see <https://www.gnu.org/licenses/>.`
New User Management (#9348) * Rewrite user management. Error management Revert edituser legacy page Connect user permissions button to legacy page for now. Implement user creation Refine form Remove PingCheck.php accidental add :) Fixes for redirection and deletion More fixes: realname accidental validation setting, hide can modify for read-only auths Use a panel to improve style Add icon to panel-title Not allowed to delete own user (at least via the click of a button) Use request validation to reduce complexity of controller. Improve protection against users doing things they should not. Switch to horizontal form and not nearly as wide of layout :) delete without refresh. Fix for buttons Include all users (not just from this auth) Hide the auth column if there is only one auth type Show username if real name isn't set Don't allow creation of demo users via the webui a fix to the lnms user:add command, it didn't set auth_id update edituser.inc.php to current just redirect to users page * Remove TwoFactorTest for now * Update edituser.inc.php * Update .env.dusk.testing * Enable 2fa for 2fa test... 2019-04-22 19:01:39 -05:00			`*`
Swich links to https (#12511) * Switch librenms links to https * Convert librenms links in comments * Switch gnu.org url to https * switch php urls to https 2021-02-09 00:29:04 +01:00			`* @link https://www.librenms.org`
Apply fixes from StyleCI (#13224) 2021-09-10 20:09:53 +02:00			`*`
New User Management (#9348) * Rewrite user management. Error management Revert edituser legacy page Connect user permissions button to legacy page for now. Implement user creation Refine form Remove PingCheck.php accidental add :) Fixes for redirection and deletion More fixes: realname accidental validation setting, hide can modify for read-only auths Use a panel to improve style Add icon to panel-title Not allowed to delete own user (at least via the click of a button) Use request validation to reduce complexity of controller. Improve protection against users doing things they should not. Switch to horizontal form and not nearly as wide of layout :) delete without refresh. Fix for buttons Include all users (not just from this auth) Hide the auth column if there is only one auth type Show username if real name isn't set Don't allow creation of demo users via the webui a fix to the lnms user:add command, it didn't set auth_id update edituser.inc.php to current just redirect to users page * Remove TwoFactorTest for now * Update edituser.inc.php * Update .env.dusk.testing * Enable 2fa for 2fa test... 2019-04-22 19:01:39 -05:00			`* @copyright 2018 Tony Murray`
			`* @author Tony Murray <murraytony@gmail.com>`
			`*/`

			`namespace App\Http\Requests;`

			`use Illuminate\Foundation\Http\FormRequest;`

			`class TwoFactorManagementRequest extends FormRequest`
			`{`
Laravel 10.x Shift (#14995) * Apply code style * Remove explicit call to register policies * Shift core files * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them and merged your true customizations - where ENV variables may not be used. * Bump Laravel dependencies * Add type hints for Laravel 10 * Shift cleanup * wip * wip * sync translation * Sync back config * Public Path Binding * QueryException * monolog * db::raw * monolog * db::raw * fix larastan collections * fix phpstan bug looping forever * larastan errors * larastan: fix column type * styleci * initialize array * fixes * fixes --------- Co-authored-by: Shift <shift@laravelshift.com> 2023-05-24 22:21:54 +02:00			`public function rules(): array`
New User Management (#9348) * Rewrite user management. Error management Revert edituser legacy page Connect user permissions button to legacy page for now. Implement user creation Refine form Remove PingCheck.php accidental add :) Fixes for redirection and deletion More fixes: realname accidental validation setting, hide can modify for read-only auths Use a panel to improve style Add icon to panel-title Not allowed to delete own user (at least via the click of a button) Use request validation to reduce complexity of controller. Improve protection against users doing things they should not. Switch to horizontal form and not nearly as wide of layout :) delete without refresh. Fix for buttons Include all users (not just from this auth) Hide the auth column if there is only one auth type Show username if real name isn't set Don't allow creation of demo users via the webui a fix to the lnms user:add command, it didn't set auth_id update edituser.inc.php to current just redirect to users page * Remove TwoFactorTest for now * Update edituser.inc.php * Update .env.dusk.testing * Enable 2fa for 2fa test... 2019-04-22 19:01:39 -05:00			`{`
			`return [];`
			`}`

Laravel 10.x Shift (#14995) * Apply code style * Remove explicit call to register policies * Shift core files * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them and merged your true customizations - where ENV variables may not be used. * Bump Laravel dependencies * Add type hints for Laravel 10 * Shift cleanup * wip * wip * sync translation * Sync back config * Public Path Binding * QueryException * monolog * db::raw * monolog * db::raw * fix larastan collections * fix phpstan bug looping forever * larastan errors * larastan: fix column type * styleci * initialize array * fixes * fixes --------- Co-authored-by: Shift <shift@laravelshift.com> 2023-05-24 22:21:54 +02:00			`public function authorize(): bool`
New User Management (#9348) * Rewrite user management. Error management Revert edituser legacy page Connect user permissions button to legacy page for now. Implement user creation Refine form Remove PingCheck.php accidental add :) Fixes for redirection and deletion More fixes: realname accidental validation setting, hide can modify for read-only auths Use a panel to improve style Add icon to panel-title Not allowed to delete own user (at least via the click of a button) Use request validation to reduce complexity of controller. Improve protection against users doing things they should not. Switch to horizontal form and not nearly as wide of layout :) delete without refresh. Fix for buttons Include all users (not just from this auth) Hide the auth column if there is only one auth type Show username if real name isn't set Don't allow creation of demo users via the webui a fix to the lnms user:add command, it didn't set auth_id update edituser.inc.php to current just redirect to users page * Remove TwoFactorTest for now * Update edituser.inc.php * Update .env.dusk.testing * Enable 2fa for 2fa test... 2019-04-22 19:01:39 -05:00			`{`
			`$user = $this->route()->parameter('user');`
			`$auth_user = auth()->user();`

			`// don't allow admins to bypass security for themselves`
Laravel 9.x Shift (#14504) * Move `resources/lang` folder * Shift registered middleware * Remove `fruitcake/laravel-cors` dependency * Streamline `$commands` property * Upgrade to Flysystem 3.0 * Shift core files * Convert `optional()` to nullsafe operator * Remove unnecessary `$model` property * Convert route options to fluent methods Laravel 8 adopts the tuple syntax for controller actions. Since the old options array is incompatible with this syntax, Shift converted them to use modern, fluent methods. * Convert deprecated `$dates` property to `$casts` * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them and merged your true customizations - where ENV variables may not be used. * Bump Laravel dependencies * Use `<env>` tags for configuration `<env>` tags have a lower precedence than system environment variables making it easier to overwrite PHPUnit configuration values in additional environments, such a CI. Review this blog post for more details on configuration precedence when testing Laravel: https://jasonmccreary.me/articles/laravel-testing-configuration-precedence/ * Fix error provider * Match new symfony syntax * Match upstream syntax * Fix route syntax * generate composer.lock * Sync back configs * routes * composer * Fix more flare * fix cors * sync lang * Apply fixes from StyleCI (#14517) Co-authored-by: StyleCI Bot <bot@styleci.io> * bump larastan * update packages * wip * Temporarily lower phpstan level * Update phpstan.neon * wip * wip * wip * Apply fixes from StyleCI (#14592) Co-authored-by: StyleCI Bot <bot@styleci.io> * test * Update CiHelper.php * Update test.yml * Update CiHelper.php * Update CiHelper.php * Apply fixes from StyleCI (#14616) Co-authored-by: StyleCI Bot <bot@styleci.io> * test? * fix phpstan problems * dont run snmpsim on github ci * Fix whitespace * More whitespace * More whitespace ??? * I think the space broke it * fix the reset of the whitespace * hard code auth guard --------- Co-authored-by: Shift <shift@laravelshift.com> Co-authored-by: StyleCI Bot <bot@styleci.io> Co-authored-by: Tony Murray <murraytony@gmail.com> 2023-04-17 13:51:35 +02:00			`return $auth_user->isAdmin() && ! $auth_user->is($user);`
New User Management (#9348) * Rewrite user management. Error management Revert edituser legacy page Connect user permissions button to legacy page for now. Implement user creation Refine form Remove PingCheck.php accidental add :) Fixes for redirection and deletion More fixes: realname accidental validation setting, hide can modify for read-only auths Use a panel to improve style Add icon to panel-title Not allowed to delete own user (at least via the click of a button) Use request validation to reduce complexity of controller. Improve protection against users doing things they should not. Switch to horizontal form and not nearly as wide of layout :) delete without refresh. Fix for buttons Include all users (not just from this auth) Hide the auth column if there is only one auth type Show username if real name isn't set Don't allow creation of demo users via the webui a fix to the lnms user:add command, it didn't set auth_id update edituser.inc.php to current just redirect to users page * Remove TwoFactorTest for now * Update edituser.inc.php * Update .env.dusk.testing * Enable 2fa for 2fa test... 2019-04-22 19:01:39 -05:00			`}`
			`}`