diff --git a/app/Http/Controllers/Auth/VerificationController.php b/app/Http/Controllers/Auth/VerificationController.php deleted file mode 100644 index 071bd656b4..0000000000 --- a/app/Http/Controllers/Auth/VerificationController.php +++ /dev/null @@ -1,37 +0,0 @@ -middleware('auth'); - $this->middleware('signed')->only('verify'); - $this->middleware('throttle:6,1')->only('verify', 'resend'); - } -} diff --git a/app/Http/Controllers/HomeController.php b/app/Http/Controllers/HomeController.php index f714f36104..6b18cb80da 100644 --- a/app/Http/Controllers/HomeController.php +++ b/app/Http/Controllers/HomeController.php @@ -48,7 +48,7 @@ public function getIndex() { public function getLink(Request $request) { // If the user already has an alias associated with their account, redirect them if (Auth::check() && Auth::user()->hasAlias) { - redirect()->to('home'); + return redirect()->route('home'); } // Display the login link @@ -111,7 +111,11 @@ public function getAuthCallback(LinkService $service, $provider) { public function getEmail(Request $request) { // If the user already has an email associated with their account, redirect them if (Auth::check() && Auth::user()->hasEmail) { - return redirect()->to('home'); + return redirect()->route('home'); + } + + if (config('lorekeeper.settings.allow_unverified_users_to_modify_emails') && $request->is('email/update')) { + return view('auth.update_email'); } // Step 1: display a login email @@ -128,7 +132,7 @@ public function postEmail(UserService $service, Request $request) { if ($service->updateEmail(['email' => $data], Auth::user())) { flash('Email added successfully!'); - return redirect()->to('home'); + return redirect()->route('home'); } else { foreach ($service->errors()->getMessages()['error'] as $error) { flash($error)->error(); diff --git a/app/Models/Rank/Rank.php b/app/Models/Rank/Rank.php index 31e2d080b2..a9021d9d9a 100644 --- a/app/Models/Rank/Rank.php +++ b/app/Models/Rank/Rank.php @@ -73,7 +73,7 @@ public function getDisplayNameAttribute() { * @return bool */ public function getIsAdminAttribute() { - return $this->attributes['is_admin']; + return $this->attributes['is_admin'] || $this->powers()->where('power', 'admin')->exists(); } /********************************************************************************************** @@ -95,6 +95,15 @@ public function canEditRank($rank) { } if ($this->hasPower('edit_ranks')) { if ($this->isAdmin) { + // editing a false admin rank + if ($rank->powers()->where('power', 'admin')->exists()) { + if ($this->attributes['is_admin']) { + return 3; // must remove admin power to edit more granularly + } else { + return 4; // false admin rank, cannot edit + } + } + if ($rank->id != $this->id) { return 1; } // can edit everything diff --git a/config/lorekeeper/powers.php b/config/lorekeeper/powers.php index 0a7519d794..47c44610a4 100644 --- a/config/lorekeeper/powers.php +++ b/config/lorekeeper/powers.php @@ -10,7 +10,10 @@ | The list of staff powers that can be attached to a user rank. | */ - + 'admin' => [ + 'name' => 'Administrator Access', + 'description' => 'Grants all powers automatically. Grant this power wisely.', + ], 'edit_site_settings' => [ 'name' => 'Edit Site Settings', 'description' => 'Allow rank to modify site settings and upload new images to replace the site layout images.', diff --git a/config/lorekeeper/settings.php b/config/lorekeeper/settings.php index eb4a3c2d5a..00bd5d3c1a 100644 --- a/config/lorekeeper/settings.php +++ b/config/lorekeeper/settings.php @@ -429,4 +429,14 @@ | */ 'enable_character_content_warnings' => 1, + + /* + |-------------------------------------------------------------------------- + | Allow Unverified Users to Modify their Email Addresses + |-------------------------------------------------------------------------- + | + | Allows users who have not yet verified their email addresses + | to modify their email address, in order to correct mistakes. + */ + 'allow_unverified_users_to_modify_emails' => 1, ]; diff --git a/resources/views/admin/users/_create_edit_rank.blade.php b/resources/views/admin/users/_create_edit_rank.blade.php index c0fc435c55..e51ff6b82c 100644 --- a/resources/views/admin/users/_create_edit_rank.blade.php +++ b/resources/views/admin/users/_create_edit_rank.blade.php @@ -33,12 +33,19 @@ - @if ($editable != 2) - {{-- Powers --}} -
-
+ @if ($editable == 2) +
+
Powers for the admin rank cannot be edited. {!! add_help('The admin rank has the ability to edit any editable information on the site, and is always highest-ranked (cannot be edited by any other user).') !!}
+
+ @elseif ($editable == 3) +
+
+ This rank has the "Admin" power granted to it, meaning it has all powers. If you want to edit this rank, you must remove the "Admin" power first. @foreach ($powers as $key => $power) -
+ @if ($key != 'admin') + @continue + @endif +
{!! Form::checkbox('powers[' . $key . ']', $key, $rankPowers ? isset($rankPowers[$key]) : false, ['class' => 'form-check-input', 'id' => 'powers[' . $key . ']']) !!} {!! Form::label('powers[' . $key . ']', $power['name'], ['class' => 'form-check-label']) !!} {!! add_help($power['description']) !!} @@ -46,9 +53,24 @@ @endforeach
- @else + @elseif ($editable == 4)
-
Powers for the admin rank cannot be edited. {!! add_help('The admin rank has the ability to edit any editable information on the site, and is always highest-ranked (cannot be edited by any other user).') !!}
+
+ You cannot edit this rank. +
+
+ @else + {{-- Powers --}} +
+ @foreach ($powers as $key => $power) +
+
+ {!! Form::checkbox('powers[' . $key . ']', $key, $rankPowers ? isset($rankPowers[$key]) : false, ['class' => 'form-check-input', 'id' => 'powers[' . $key . ']']) !!} + {!! Form::label('powers[' . $key . ']', $power['name'], ['class' => 'form-check-label']) !!} + {!! add_help($power['description']) !!} +
+
+ @endforeach
@endif diff --git a/resources/views/auth/update_email.blade.php b/resources/views/auth/update_email.blade.php new file mode 100644 index 0000000000..5fc6395b6e --- /dev/null +++ b/resources/views/auth/update_email.blade.php @@ -0,0 +1,41 @@ +@extends('layouts.app') + +@section('title') + Update Email Address +@endsection + +@section('content') +

Update Email Address

+

+ The currently linked email to your account is: +

+ +

+ If this email address is incorrect, please enter the correct email address below to update it. +

+ + + {!! Form::open(['url' => 'email/update', 'method' => 'POST']) !!} + +
+ {!! Form::label('email', 'Email Address', ['class' => 'col-md-4 col-form-label text-md-right']) !!} +
+ {!! Form::email('email', old('email'), ['class' => 'form-control' . ($errors->has('email') ? ' is-invalid' : ''), 'required']) !!} + @if ($errors->has('email')) + + {{ $errors->first('email') }} + + @endif +
+
+ +
+
+ {!! Form::submit('Update Email Address', ['class' => 'btn btn-primary']) !!} +
+
+ + {!! Form::close() !!} +@endsection diff --git a/resources/views/auth/verify.blade.php b/resources/views/auth/verify.blade.php index 1068ec5d69..acba40cd35 100644 --- a/resources/views/auth/verify.blade.php +++ b/resources/views/auth/verify.blade.php @@ -20,4 +20,11 @@ {{ __('click here to request another') }} . + + @if (config('lorekeeper.settings.allow_unverified_users_to_modify_emails')) + + @endif @endsection diff --git a/routes/web.php b/routes/web.php index e340598b74..132ffb4610 100644 --- a/routes/web.php +++ b/routes/web.php @@ -27,6 +27,13 @@ Route::feeds('feeds'); +// Updating email from verification notice +Route::middleware('auth')->group(function () { + Route::get('/email/update', 'HomeController@getEmail'); + + Route::post('/email/update', 'HomeController@postEmail'); +}); + /************************************************************************************************** Routes that require login **************************************************************************************************/